FXCM the Target of Cyber Crime, Launches Investigation
FXCM announces that unauthorized withdrawals were issued from customer accounts as the firm investigates a cybersecurity breach.

Joining the ranks of financial firms targeted by cyber fraudsters is FXCM. The broker released a statement that as a result of the hacking, a small number of unauthorized wire transfers were issued from customer accounts; with funds since having been returned.
In addition, the firm was contacted by a hacker who claimed to have access to customer information. According to FXCM, the firm has since contacted the FBI which is investing the cyber threat. In addition, FXCM stated that they are working with a cybersecurity firm to investigate the incident and protect customer information. The internal investigation will be used to analyze the magnitude of the cyber incident and to identify affected customers and notify them. In the meantime, FXCM has notified its entire client base of the incident and recommended them to change their passwords as a precautionary solution.
Join the iFX EXPO Asia and discover your gateway to the Asian Markets
Suggested articles
Bitcoin: Can it Hit 100k in 2021?Go to article >>
Rats in the Browser
The case is similar to that which has affected other banks and financial firms and involve unauthorized transactions. The breaches are typically conducted by remote access Trojan (RATs) viruses. Upon initiation of the Trojan, it provides fraudsters the ability to monitor the web behavior of affected users and gather their input information into financial websites. Using this information such as user names and passwords, fraudsters can then enter bank accounts and issue transactions.
Beyond providing recommendations to customers to use anti-virus software, financial firms can also integrate cybersecurity account recognition tools. This includes tools that monitor the IP addresses of their customers and alert banks of suspicious account entrances. In addition, newer forms of technology include pattern recognition which can identify how customers log into their accounts, such as the speed between entering their passwords and whether they use the keyboard or mouse to click enter.
The MyFXCM site is now down so you cant change your password.
Antivirus software is so overrated. A good firewall with alerts is perfect enough without the bloat.
Even if the hackers could access client services, wouldn’t their banking details have to match that of the client?
And i can now see the purpose of having 2-factor security for logging in or initiating certain transactions.
@Jon – “wouldn’t their banking details have to match that of the client?” – that is a good question, depends on jurisdiction but there are cases where transfers can be made to 3rd parties. But you are correct, for AML purposes its not typically easy to do.
@ Jon – since T/T can be executed based on account number only, it might be possible. But of course, it will be returned because of name mismatch