Online Brokerage Accounts: What You Can Do to Safeguard Your Money and Your
Personal Information
Let's hope this never happens to you: You have a few free minutes so
you decide to go online to check your brokerage account information.
Your account balance is much lower than you expect - and you know that, at
least for today, neither the market nor any of your securities fell in
value. You see that there were several wire transfers of money from
your account to an outside checking account. But you never
authorized those transactions - instead, an identity thief did, and
that thief has now stolen your cash as well as your personal information.
Like many investors, you may enjoy some of the conveniences of an
online brokerage account, like checking your brokerage account information
at any time of day or night, buying and selling securities, or even
transferring money between your brokerage account and another account. But
if you don't take steps to protect your personal information when you go
online, you could be telling your own story of identity theft.
How Online Identity Theft Can Happen
Many identity thieves use malicious software programs to attack
vulnerable computers of online users. These software programs can monitor
your computer activity and send information back to the thief's computer.
Sometimes, these programs will log your key strokes, which allows identity
thieves to easily obtain username and password information for any of your
online accounts, including your brokerage account.
Other identity thieves "phish"
for your personal information. "Phishing" involves the use of
fraudulent emails and copy-cat websites to trick you into revealing
valuable personal information - such as your account number, your social
security number, and the username and password information you use when
accessing your account. Sometimes fraudsters will use phishing scams to
try to get you to download keystroke logging or other malicious software
programs unsuspectingly.
But not all identity thieves have gone "high tech." Many
still use less sophisticated ways of stealing your personal information,
such as looking over your shoulder when you're typing sensitive
information or searching through your trash for confidential account
information.
How to Protect Yourself Online
You'll need to protect yourself against identity thieves, whether
hackers, phishers, or snoops, when you use your online brokerage account.
Here are a few suggestions on ways to keep your personal information and
money more secure when you go online:
- Beef Up Your Security. Personal firewalls and security
software packages (with anti-virus, anti-spam, and spyware detection
features) are a must-have for those who engage in online financial
transactions. Make sure your computer has the latest security patches,
and make sure that you access your online brokerage account only on a
secure web page using encryption. The website address of a secure
website connection starts with "https" instead of just
"http" and has a key or closed padlock in the status bar
(which typically appears in the lower right-hand corner of your
screen).
Security
Tip: Even if a web page starts with "https" and contains a
key or closed padlock, it's still possible that it may not be secure.
Some phishers, for example,
make spoofed websites which appear to have padlocks. To double-check,
click on the padlock icon on the status bar to see the security
certificate for the site. Following the "Issued to" in the
pop-up window you should see the name matching the site you think you're
on. If the name differs, you are probably on a spoofed site.
- Use a Security Token (if available). Using a security
token can make it even harder for an identity thief to access your
online brokerage account. That's because these small number-generating
devices offer a second layer of security - a one-time pass-code that
typically changes every 30 or 60 seconds. These unpredictable
pass-codes can frustrate identity thieves. While fraudsters can use
keystroke logging programs to obtain regular username and password
information, they can't use these programs to obtain the security
token pass-code. Ask your brokerage firm if you can protect your
online account with a security token or similar security device.
- Be Careful What You Download. When you download a
program or file from an unknown source, you risk loading malicious
software programs on your computer. Fraudsters often hide these
programs within seemingly benign applications. Think twice before you
click on a pop-up advertisement or download a "free" game or
gadget.
- Use Your Own Computer. It's generally safer to access
your online brokerage account from your own computer than from other
computers. If you use a computer other than your own, for example, you
won't know if it contains viruses or spyware. If you do use another
computer, be sure to delete all of the your "Temporary Internet
Files" and clear all of your "History" after you log
off your account.
- Don't Respond to Emails Requesting Personal Information.
Legitimate entities will not ask you to provide or verify sensitive
information through a non-secure means, such as email. If you have
reason to believe that your financial institution actually does need
personal information from you, pick up the phone and call the company
yourself - using the number in your rolodex, not the one the email
provides!
Security
Tip: Even though a web address in an email may look legitimate,
fraudsters can mask the true destination. Rather than merely clicking on
a link provided in an email, type the web address into your browser
yourself (or use a bookmark you previously created).
- Be Smart About Your Password. The best passwords are
ones that are difficult to guess. Try using a password that consists
of a combination of numbers, letters (both upper case and lower case),
punctuation, and special characters. You should change your password
regularly and use a different password for each of your accounts.
Don't share your password with others and never reply to "phishing"
emails with your password or other sensitive information. You also
shouldn't store your password on your computer. If you need to write
down your password, store it in a secure, private place.
- Use Extra Caution with Wireless Connections. Wireless
networks may not provide as much security as wired Internet
connections. In fact, many "hotspots" - wireless networks in
public areas like airports, hotels and restaurants - reduce their
security so it's easier for individuals to access and use these
wireless networks. Unless you use a security token, you may decide
that accessing your online brokerage account through a wireless
connection isn't worth the security risk. You can learn more about
security issues relating to wireless networks on the website of the Wi-Fi
Alliance.
- Log Out Completely. Closing or minimizing your browser
or typing in a new web address when you're done using your online
account may not be enough to prevent others from gaining access to
your account information. Instead, click on the "log out"
button to terminate your online session. In addition, you shouldn't
permit your browser to "remember" your username and password
information. If this browser feature is active, anyone using your
computer will have access to your brokerage account information.
How to Know if Your Identity Has Been Stolen
Sometimes, it can be extraordinarily difficult to determine whether
someone has stolen your identity. If you take the steps below, you may be
able to find out whether you've been victim of identity theft and protect
yourself from further harm:
- Read Your Statements. Don't toss aside your monthly
account statements! Read them thoroughly as soon as they arrive to
make sure that all transactions shown are ones that you actually made,
and check to see whether all of the transactions that you thought you
made appear as well. Be sure that your brokerage firm has current
contact information for you, including your mailing address and email
address. If you see a mistake on your statement or don't receive
a statement, contact your brokerage firm immediately.
- Monitor Your Credit Report. Reviewing your credit
report may alert you to unauthorized activity, and, therefore, can be
an effective way to fight identity theft. You can obtain a free credit
report every 12 months from three different credit bureaus by
contacting the Annual
Credit Report Request Service.
Investor
Tip: Read your brokerage account agreement carefully because
many firms take the position that you are responsible for the security
of your account information, such as your username, password, and
account number. In addition, your brokerage account agreement may
provide information about what specific steps you should take if you
notice any unauthorized account activity.
What to Do if You Run into Trouble
Always act quickly when you come face to face with a potential fraud,
especially if you've lost money or believe your identity has been stolen.
- Identity Theft. If you think that your personal
information has been stolen, visit the Federal Trade Commission's
Identity Theft Resource Center at www.consumer.gov/idtheft/index.html
for information on how to file a complaint and control the
damage.
- Securities Scams. Before you do business with any
investment-related firm or individual, do your own independent
research to check out their background and confirm whether they are
legitimate. For step-by-step tips and links to helpful websites,
please read Check Out Brokers and
Advisers and SIPC Exposes Phony
"Look-Alike" Web Site. Report investment-related scams
to the SEC using our online Complaint
Center.
- Phishy Emails. If a phishing
scam rolls into your email box, be sure to tell the company right
away. You can also report the scam to the FBI's Internet Fraud
Complaint Center at www.IFCCFBI.gov.
If the email purports to come from a brokerage firm or mutual fund
company, be sure to pass along that tip to the SEC's Enforcement
Division by forwarding the email to enforcement@sec.gov.
Additional Resources
For more information, please read:
http://www.sec.gov/investor/pubs/onlinebrokerage.htm