November 7 2005
Investors beware. Identity thieves are targeting
online brokerage accounts to gain access to the wealth of information
circulating through cyberspace. The Securities and Exchange Commission
is urging investors to protect their online accounts from intruders who
may steal personal information or make unauthorized transactions.The SEC’s warning was issued after regulators became aware of numerous unauthorized transactions by individuals who have gained access to other people’s online brokerage accounts. Unfortunately, some of these transactions did not come to light until the fraudsters had successfully stolen money from the accounts.
Sophisticated software allows crooks to monitor computer activity, mimic keystrokes, and steal identity names and passwords. It is important for investors to monitor their accounts and take notice of any unusual activity, or unauthorized securities transactions and money transfers. So do not simply set monthly statements aside until tax time. Review them and report any unusual or improper activity. It also is a good idea to review your credit report, at least once a year, to monitor any questionable activity.
Other identity thieves may “phish” for information by sending e-mails that look like they came from your brokerage firm. Often, these emails claim that your personal information has been corrupted or compromised, and ask you to confirm details, including your name, account number, social security number, or password. The message may direct you to a website that looks exactly like your brokerage firm’s site, right down to the logo, typeface and company colors. It is all part of the scam, a clever ruse to obtain your personal information. See NASD Warns of Online Identity Theft.
As the SEC points out, investors can employ the following measures to guard against identity theft:
• Maintain Security. Every computer user should install a personal firewall and up-to-date anti-virus, anti-spam software. A computer’s security system should be updated regularly, and, when possible, automatically. Investors should only access their online brokerage accounts through a secure website connection that starts with “https” and that displays a closed padlock or key in the status bar. For extra caution, the SEC advises investors to “double-click” the padlock to view the security certificate for the site. If the name on the certificate does not match the name of the site you think you are visiting, you probably have been the victim of a “phishing” expedition.
• Security Tokens. When they are available, security tokens make it harder for identity thieves to access account information because they generate a pass-code that changes every 30 to 60 seconds.
• Download With Caution. Programs that are downloaded from unknown sources may introduce a virus or malicious software program to your computer. Free software may be appealing, but it can act as a “Trojan horse,” exposing your computer to outsiders and opening the door to identity theft.
• Choosing Computers. The best bet is to use your own computer for online brokerage transactions. At least then you can control the environment, make sure that anti-virus software is installed, and limit access by third-=arties. If you must use another computer, be sure to delete all “temporary Internet Files” and clear your history before you log off. Otherwise, a subsequent user might gain access to your data.
• Don’t Provide Personal Information. Legitimate brokerage firms (and banks and other financial institutions) do not ask you to confirm personal information through unsolicited, unsecured e-mails. If you receive a request for information that appears to come from your broker, contact the brokerage firm directly, by telephone and ask to speak to a customer service or compliance representative.
• Picking Passwords. Select a password that is difficult to guess – not a birth date or anniversary. Combinations of letters, numbers and symbols are best. And never share your password with anyone else or respond to email requests that you “confirm” the password.
• Wireless Connections. When possible, do not use a public wireless network for online brokerage transactions. Wireless connections in public areas like airports and hotels offer less security simply because they are designed to allow maximum access.
• Log Off. When you have completed your transactions, log off and close the browser. Otherwise, the information may remain accessible.
If, despite taking these precautions, you think you have been a victim of identity theft, contact the Federal Trade Commission's Identity Theft Resource Center at www.consumer.gov/idtheft/index.html for information on how to file a complaint and control the damage.
And remember, before you invest, investigate.
Hartley Bernstein, the founder and publisher of StockPatrol.com, is widely acknowledged as one of Wall Street’s leading watchdogs.
No comments:
Post a Comment