3 Steps to Protect Your Brokerage Account From Cybercriminals

hackerWe are all aware of the increasing risks of cybercrime. Target, Home Depot and other major retailers have exposed the vast majority of Americans to cybercriminals; but most of us haven't seen the after effects... at least not yet. Therefore it is of utmost importance to protect your personal data as much as possible because you don't want to have your identity stolen. To do this you must stay ahead of the curve and more importantly ahead of the criminals.

One particular type of email fraud affecting the investment industry is referred to as a hostile email account takeover (see chart below from TD Ameritrade). In this type of fraud, a hacker uses malware to take control of a victim's email account. Then they look through your emails to identify your financial institutions and/or financial advisor. Once this is done, they will email your financial advisor (from your own email account) and ask for a wire transfer. The fraudster may even go to such lengths as replicating the format you normally use in your email messages. Often times, they will pretend to be extremely busy (in meetings all day or have a long flight), don't have time to talk, and create a sense of urgency to get the wire done fast. If fraud isn't detected, your money could be transferred out to a cybercriminal. Because of this, your advisor should take the critical step to verify wire transfer requests by phone to ensure that it is a legitimate request.

fraud_attempt

This type of attack is possible because of email vulnerability. Without access to your email, the cybercriminals can't use this type of attack to request a wire transfer. Therefore to protect your brokerage account, you should take these 3 steps to protect yourself.

1) Use 2-Step Verification

Activating 2-Step Verification for your email accounts is a good first line of defense. It will protect your account with both your password and phone. Even if your password becomes compromised, 2-Step Verification can help keep the bad guys out.

You may be concerned that this is a tedious process but it is quite simple and very effective. For example, if you use Gmail's 2-Step Verification, you only need to do this process once from each device that you use. When you or anyone else tried to sign in to your account from another computer/device, 2-Step verification will be required..

Your custodian bank (Fidelity, TD Ameritrade, Schwab) may also offer 2-Factor Authentication. For example, Fidelity offers it with either a physical token or Symantec app. Check with your custodian to see what additional security they offer.

2) Be aware of spyware and viruses

Malware can do many things that put you at risk for identity theft, including recording keystrokes, capturing personal information and downloading unwanted code. Therefore you must protect your computer by always running a current version of antivirus software.

Practice safe web surfing. Use a search engine when going to websites -- this will correct any misspellings in a web address and help you avoid pages that contain malware.

3) Know how to spot phishing

Phishing is a scheme that utilizes legitimate-looking spam emails to deceive you into disclosing personal information. Beware of generic greetings coming from your custodian. Instead of addressing you by name, phishing email often start with "Welcome Card Member" or "Welcome Account Holder." Most reputable companies will have your name and/or partial account number in email correspondences.

Also beware of urgent messages or information requests. One way phishers prompt you to respond is by threatening you about your account by claiming it will be closed or suspended if action isn't taken.

Be smart and don't click on anything suspicious. Please share any tips that you have in the comments below.

become_a_blog_subscriber

 

photo credit: Stian Eikeland via photopin cc
Share This Story, Choose Your Platform!

About the Author: Chris Wang

Chris Wang

IMPORTANT DISCLOSURE INFORMATION

Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Runnymede Capital Management, Inc.), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from Runnymede Capital Management, Inc. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. Runnymede Capital Management, Inc. is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of Runnymede Capital Management, Inc.’s current written disclosure statement discussing our advisory services and fees is available for review upon request.