You open your inbox and see a message from Interactive Brokers: “Missing Identity Information.” It looks official, sounds urgent, and warns that your account access could be restricted. The link seems legitimate. But it’s a trap—one that’s catching thousands of investors off guard.
This article exposes the full details of the scam, how it tricks even cautious users, and what you must do immediately if you’ve been targeted.
Scam Overview
The “Missing Identity Information” scam is a phishing attack designed to impersonate Interactive Brokers, a reputable trading platform used by millions worldwide. The email attempts to scare users into clicking a malicious link by warning that their identity documents are incomplete and that their account access could be restricted unless they act immediately.
What the Scam Email Looks Like
The scam email typically arrives with the subject line:
“Missing Identity Information”
It’s sent from an email address like:
Interactive Brokers <banking@hwcegob.com>
This is not a legitimate Interactive Brokers domain, but it can appear credible at first glance—especially since scammers often spoof or cloak sender identities.
Email Body Content
The message reads as follows:
Interactive Brokers
Missing Identity InformationDear Valued Client,
As part of our ongoing efforts to maintain the highest security and regulatory standards, we noticed that your identity verification documents are incomplete.
To avoid any potential interruption in service, we kindly request that you update the necessary information by accessing the link below.
hxxps://interacctivvbreokers-en.it.com?token=xxxxxxx
We appreciate your prompt attention to this important matter.
Interactive Brokers
At the bottom, there’s a disclaimer to mimic authenticity, referencing NYSE, FINRA, and SIPC membership and using terms like “for informational purposes only.”
Why This Works
The email uses urgency and fear—two common psychological triggers in phishing scams. The idea of losing access to a brokerage account is enough to push many users into clicking quickly without verifying the source.
Additionally, the attackers use “homoglyph domains”—web addresses with slight spelling variations (like extra letters or different suffixes such as .it.com instead of .com). These domains are designed to visually resemble real Interactive Brokers links but actually lead to malicious servers.
The Fake Login Page
If a victim clicks the link, they are redirected to a fake login page at a domain like:
interacctivvbreokers.it.com/login
This phishing site looks almost identical to the real Interactive Brokers login page. It includes:
- Username and Password fields
- Branding and logos
- Footer links that mimic real ones (IBKR Desktop, TWS, IBKR Mobile, etc.)
- A “Live/Paper” toggle switch
But once credentials are entered here, the data goes straight to the scammers.
What Happens Next
Once the attackers receive a user’s login information, they may:
- Attempt to access the user’s Interactive Brokers account
- Use the credentials on other financial sites (if reused)
- Deploy automated tools to steal linked personal data
- Attempt wire transfers or unauthorized trades
- Sell the credentials on the dark web
In more advanced scams, users may be prompted to upload ID documents, provide two-factor codes, or disclose banking information—leading to full-blown identity theft.
How the Scam Works
Understanding the tactics behind this scam is crucial for prevention. The attackers use a multi-stage social engineering process that capitalizes on urgency, realism, and human psychology. Here’s how the scam typically unfolds, step by step:
Step 1: Target Identification and Email Harvesting
Scammers begin by compiling lists of potential victims—often Interactive Brokers customers. These lists may be obtained from:
- Data breaches
- Leaked email databases
- Purchased mailing lists from shady online forums
- Guessing or targeting business domains
Once they have the emails, they launch a mass phishing campaign targeting tens of thousands of inboxes at once.
Step 2: Sending the Phishing Email
The crafted message mimics official Interactive Brokers correspondence. Hallmarks include:
- Use of professional formatting and corporate branding
- A vague subject line like “Missing Identity Information”
- A tone of urgency and authority
- A call-to-action with a malicious link
Because scammers often use compromised or lookalike domains (hwcegob.com, it.com, etc.), these emails might evade spam filters.
Step 3: Clickbait Link Redirection
The link within the email doesn’t direct users to interactivebrokers.com—instead, it points to a typosquatted URL like:
https://interacctivvbreokers-en.it.com?token=123456
This domain looks close enough to be trusted by a quick glance, but it’s entirely controlled by the scammer. Some of these phishing links even use SSL certificates (HTTPS), adding a false sense of security.
Step 4: Fake Login Page
Clicking the link takes users to a counterfeit login portal designed to replicate the real Interactive Brokers sign-in page. It typically includes:
- Login input fields
- A toggle for “Live” vs. “Paper” accounts
- Branding elements like logos and links
The page is coded to capture everything typed into the fields.
Step 5: Credential Harvesting and Redirection
Once the victim enters their username and password, the credentials are immediately logged on the scammer’s server. Some phishing kits may also:
- Redirect the user to the actual IBKR site post-login (to reduce suspicion)
- Prompt for more info (2FA codes, security questions, ID documents)
- Save IP address, device info, and browser fingerprint
Step 6: Exploitation of Stolen Data
After harvesting the login credentials, scammers may:
- Log in to the user’s real account
- Change contact or security settings
- Initiate withdrawals or trades
- Attempt bank transfers if linked accounts are accessible
- Use credentials on other services (credential stuffing)
In some cases, stolen credentials are sold in underground forums or bundled into broader identity theft campaigns.
Step 7: Covering Their Tracks
Sophisticated attackers may erase login traces or trigger auto-forwarding of emails to monitor future activity. They could also disable 2FA or change email addresses linked to the account, locking victims out entirely.
What to Do If You’ve Fallen Victim to the Scam
If you clicked on the link and entered any information—even just a username—take immediate action. Follow these steps:
1. Disconnect and Exit the Website Immediately
Close the phishing site and avoid clicking any more links. Do not enter additional information.
2. Change Your Interactive Brokers Password
Visit the official Interactive Brokers site directly at https://www.interactivebrokers.com and change your password immediately.
3. Enable or Reset Two-Factor Authentication (2FA)
If you haven’t already, enable 2FA. If it was already active and compromised, reset or reconfigure it to secure your account.
4. Check Account Activity
Log into your real account and review recent activity. Look for:
- Unfamiliar trades
- Unauthorized logins
- Changes in account settings
- Suspicious emails or messages
5. Contact Interactive Brokers Support
Immediately notify IBKR’s support team and report the phishing attempt. Provide them with the details and URL. Use their official contact page:
https://www.interactivebrokers.com/en/index.php?f=1560
6. Report the Phishing Site
You can report the malicious domain to:
- Google Safe Browsing: https://safebrowsing.google.com/safebrowsing/report_phish
- Microsoft: https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site
7. Run a Malware Scan
Phishing sites may also drop malware. Run a full antivirus/malware scan using trusted tools like Malwarebytes or Windows Defender.
8. Change Passwords on Other Sites
If you reused your Interactive Brokers password on other accounts, change those passwords too. Credential stuffing is a common follow-up attack.
9. Monitor Your Credit
Consider using a credit monitoring service and place a fraud alert or credit freeze with:
- Equifax
- Experian
- TransUnion
10. File a Complaint
Report the scam to your country’s cybercrime unit. In the U.S., file a report at:
https://reportfraud.ftc.gov/
The Bottom Line
The “Interactive Brokers Missing Identity Information” email scam is a textbook example of modern phishing—sophisticated, deceptive, and dangerous. By mimicking official communications from a reputable trading platform, scammers are successfully luring victims into giving up sensitive login credentials and exposing themselves to financial loss and identity theft.
The deceptive emails look real. The fake websites feel authentic. And the urgency of the message pressures users to act without thinking. But by slowing down, verifying the sender, checking links carefully, and using basic cybersecurity practices, you can avoid becoming the next victim.
To protect yourself:
- Never click on links in unsolicited emails, even if they appear legitimate.
- Always verify domain names before entering sensitive information.
- Use strong, unique passwords and enable two-factor authentication.
- Stay informed by reading trusted security resources like this one.
If you believe you’ve been targeted or compromised, act immediately. Contact Interactive Brokers, change your credentials, and report the incident to authorities. Early detection and quick response can prevent long-term damage.
Remember: real financial institutions will never pressure you to act urgently through email alone. When in doubt, go directly to the company’s website—don’t trust the link. Staying alert and informed is your best defense against these increasingly convincing scams.
Frequently Asked Questions (FAQ)
What is the Interactive Brokers Missing Identity Information email scam?
It is a phishing attack where scammers impersonate Interactive Brokers and send fake emails claiming that your identity documents are incomplete. The email contains a malicious link to a fake login page designed to steal your credentials.
How can I tell if the email is fake?
Look for subtle red flags such as: – Sender email address that doesn’t match official IBKR domains – Typos or unusual formatting – Urgent language demanding immediate action – Suspicious links (e.g., interacctivvbreokers-en.it.com)
What happens if I click the link in the scam email?
You will be redirected to a counterfeit website that closely mimics Interactive Brokers’ official login page. If you enter your credentials, they will be harvested by the scammers for unauthorized use.
Will Interactive Brokers ever ask for identity verification by email?
Interactive Brokers may contact users about account issues, but they will never request sensitive information or verification documents through a generic email with embedded links. Always access your account directly by visiting the official website.
Is this scam targeting only Interactive Brokers users?
Primarily, yes. However, similar tactics have been used to impersonate other financial institutions. The scammers may adjust their approach to target users of various trading platforms.
Can scammers access my account if I have two-factor authentication (2FA) enabled?
2FA provides an added layer of security, but if scammers convince you to enter a 2FA code on their phishing page, they can bypass it in real-time. Never enter 2FA codes on suspicious or unfamiliar websites.
What should I do if I fell for the scam?
Immediately change your Interactive Brokers password, enable or reset 2FA, scan your device for malware, contact IBKR support, and report the phishing site. Monitor your account for unauthorized activity and consider notifying a credit monitoring service.
How do I report the scam?
You can report the phishing email and website to: – Interactive Brokers support – Google Safe Browsing – Microsoft’s unsafe site reporting – Your local cybercrime agency
How can I protect myself from future phishing scams?
– Never click on links in unsolicited emails – Always verify the sender and domain – Bookmark the official IBKR website and access it directly – Use strong, unique passwords and 2FA – Stay informed through trusted cybersecurity news and alerts
Are there other similar scams I should watch for?
Yes. Scammers often recycle tactics and adjust them slightly. Watch for similar phishing attempts impersonating banks, payment platforms (like PayPal or Stripe), and other trading platforms. Always be cautious with any email requesting personal or account information.
