Can Do to Safeguard Your Money and Your Personal Information
this never happens to you: You have a few free minutes so
you decide to go online to check your brokerage account
information. Your account balance is much lower than
you expect - and you know that, at least for today, neither
the market nor any of your securities fell in value.
You see that there were several wire transfers of money
from your account to an outside checking account.
But you never authorized those transactions - instead,
an identity thief did, and that thief has now stolen
your cash as well as your personal information.
Like many investors,
you may enjoy some of the conveniences of an online brokerage
account, like checking your brokerage account information at any
time of day or night, buying and selling securities, or even transferring
money between your brokerage account and another account. But
if you don't take steps to protect your personal information when
you go online, you could be telling your own story of identity
How Online Identity
Theft Can Happen
Many identity thieves
use malicious software programs to attack vulnerable computers
of online users. These software programs can monitor your computer
activity and send information back to the thief's computer. Sometimes,
these programs will log your key strokes, which allows identity
thieves to easily obtain username and password information for
any of your online accounts, including your brokerage account.
thieves "phish" for your
personal information. "Phishing" involves the use of fraudulent
emails and copy-cat websites to trick you into revealing valuable
personal information - such as your account number, your social
security number, and the username and password information you
use when accessing your account. Sometimes fraudsters will use
phishing scams to try to get you to download keystroke logging
or other malicious software programs unsuspectingly.
But not all identity
thieves have gone "high tech." Many still use less sophisticated
ways of stealing your personal information, such as looking over
your shoulder when you're typing sensitive information or searching
through your trash for confidential account information.
How to Protect
You'll need to
protect yourself against identity thieves, whether hackers, phishers,
or snoops, when you use your online brokerage account. Here are
a few suggestions on ways to keep your personal information and
money more secure when you go online:
- Beef Up
Your Security. Personal firewalls and security software
packages (with anti-virus, anti-spam, and spyware detection
features) are a must-have for those who engage in online financial
transactions. Make sure your computer has the latest security
patches, and make sure that you access your online brokerage
account only on a secure web page using encryption. The website
address of a secure website connection starts with "https" instead
of just "http" and has a key or closed padlock in the status
bar (which typically appears in the lower right-hand corner
of your screen).
Tip: Even if a web page starts with "https" and contains
a key or closed padlock, it's still possible that it may not
be secure. Some phishers, for
example, make spoofed websites which appear to have padlocks.
To double-check, click on the padlock icon on the status bar
to see the security certificate for the site. Following the
"Issued to" in the pop-up window you should see the name matching
the site you think you're on. If the name differs, you are probably
on a spoofed site.
- Use a
Security Token (if available). Using a security token
can make it even harder for an identity thief to access your
online brokerage account. That's because these small number-generating
devices offer a second layer of security - a one-time pass-code
that typically changes every 30 or 60 seconds. These unpredictable
pass-codes can frustrate identity thieves. While fraudsters
can use keystroke logging programs to obtain regular username
and password information, they can't use these programs to obtain
the security token pass-code. Ask your brokerage firm if you
can protect your online account with a security token or similar
- Be Careful
What You Download. When you download a program or file
from an unknown source, you risk loading malicious software
programs on your computer. Fraudsters often hide these programs
within seemingly benign applications. Think twice before you
click on a pop-up advertisement or download a "free" game or
- Use Your
Own Computer. It's generally safer to access your online
brokerage account from your own computer than from other computers.
If you use a computer other than your own, for example, you
won't know if it contains viruses or spyware. If you do use
another computer, be sure to delete all of the your "Temporary
Internet Files" and clear all of your "History" after you log
off your account.
Respond to Emails Requesting Personal Information. Legitimate
entities will not ask you to provide or verify sensitive information
through a non-secure means, such as email. If you have reason
to believe that your financial institution actually does need
personal information from you, pick up the phone and call the
company yourself - using the number in your rolodex, not the
one the email provides!
Tip: Even though a web address in an email may look legitimate,
fraudsters can mask the true destination. Rather than merely
clicking on a link provided in an email, type the web address
into your browser yourself (or use a bookmark you previously
- Be Smart
About Your Password. The best passwords are ones that
are difficult to guess. Try using a password that consists of
a combination of numbers, letters (both upper case and lower
case), punctuation, and special characters. You should change
your password regularly and use a different password for each
of your accounts. Don't share your password with others and
never reply to "phishing" emails
with your password or other sensitive information. You also
shouldn't store your password on your computer. If you need
to write down your password, store it in a secure, private place.
- Use Extra
Caution with Wireless Connections. Wireless networks
may not provide as much security as wired Internet connections.
In fact, many "hotspots" - wireless networks in public areas
like airports, hotels and restaurants - reduce their security
so it's easier for individuals to access and use these wireless
networks. Unless you use a security token, you may decide that
accessing your online brokerage account through a wireless connection
isn't worth the security risk. You can learn more about security
issues relating to wireless networks on the website of the Wi-Fi
- Log Out
Completely. Closing or minimizing your browser or typing
in a new web address when you're done using your online account
may not be enough to prevent others from gaining access to your
account information. Instead, click on the "log out" button
to terminate your online session. In addition, you shouldn't
permit your browser to "remember" your username and password
information. If this browser feature is active, anyone using
your computer will have access to your brokerage account information.
How to Know if
Your Identity Has Been Stolen
Sometimes, it can
be extraordinarily difficult to determine whether someone has
stolen your identity. If you take the steps below, you may be
able to find out whether you've been victim of identity theft
and protect yourself from further harm:
- Read Your
Statements. Don't toss aside your monthly account statements!
Read them thoroughly as soon as they arrive to make sure that
all transactions shown are ones that you actually made, and
check to see whether all of the transactions that you thought
you made appear as well. Be sure that your brokerage firm has
current contact information for you, including your mailing
address and email address. If you see a mistake on your
statement or don't receive a statement, contact your brokerage
Your Credit Report. Reviewing your credit report may
alert you to unauthorized activity, and, therefore, can be an
effective way to fight identity theft. You can obtain a free
credit report every 12 months from three different credit bureaus
by contacting the Annual
Credit Report Request Service.
Tip: Read your brokerage account agreement carefully
because many firms take the position that you are responsible
for the security of your account information, such as your username,
password, and account number. In addition, your brokerage
account agreement may provide information about what specific
steps you should take if you notice any unauthorized account
What to Do if
You Run into Trouble
Always act quickly
when you come face to face with a potential fraud, especially
if you've lost money or believe your identity has been stolen.
Theft. If you think that your personal information has
been stolen, visit the Federal Trade Commission's Identity Theft
Resource Center at www.consumer.gov/idtheft/index.html
for information on how to file a complaint and control the damage.
Scams. Before you do business with any investment-related
firm or individual, do your own independent research to check
out their background and confirm whether they are legitimate.
For step-by-step tips and links to helpful websites, please
read Check Out Brokers and Advisers
and SIPC Exposes Phony "Look-Alike"
Web Site. Report investment-related scams to the SEC using
our online Complaint
Emails. If a phishing scam
rolls into your email box, be sure to tell the company right
away. You can also report the scam to the FBI's Internet Fraud
Complaint Center at http://www.ifccfbi.gov/.
If the email purports to come from a brokerage firm or mutual
fund company, be sure to pass along that tip to the SEC's Enforcement
Division by forwarding the email to email@example.com.
For more information,