Protect Your Online Brokerage Account: Safety Should Come First When Logging In and Out
The Internet and, more recently, wireless technology have made it easy for investors to check brokerage account information and initiate investment transactions on the go. We are issuing this Alert to warn investors to take precautions to help ensure the security of their brokerage accounts. Not doing so puts your account information and investments at risk.
By following a few simple steps, you can make it much harder for unauthorized people to gain access to your account. Investors should take heed, particularly since many brokerage firms hold you responsible for the confidentiality and security of your account number, and PIN/password. Read your account agreement carefully—it may also tell you what to do in the event your account access information has been stolen or compromised.
Lock the Door Behind You
It is very important to terminate each online session when you are finished—usually by clicking the "Log out" link on the site. This is the computer equivalent to locking the door when you leave the house. If you merely type in another address, or close or minimize the Web browser window, it may be possible for unauthorized users with access to the same computer to gain access to your account information. Retrieving this information could be as easy as clicking on the Internet browser icon, pressing the browser's Back button, or calling up a browser's Internet History.
Guard the Front Door
Recently, popular browsers such as Microsoft Internet Explorer and Mozilla Firefox have introduced a feature where the browser offers to "remember" your usernames and passwords to secure web sites. Think twice about using this feature as it may allow others who can access your computer to log in to your brokerage or other online account. Never allow the browser to remember user names and passwords when using a public, shared computer.
Here are a few other helpful hints to keep your information safe and secure:
- Avoid using any computer that is not your own to access your brokerage or other online account
- Never share your password information with others
- Create passwords that are unpredictable and counterintuitive, and don't use the same password for different accounts
- Change passwords regularly
- Beware of over-the-shoulder snoops when using public computers
- If you suspect that your password has been stolen or used by others, notify the firm where you have the account immediately
- If you must use a public or borrowed computer, you can diminish the risk somewhat if you clear all Temporary Internet Files and History from the browser after you are finished (if you are using Microsoft Internet Explorer, this is done by clicking the Tools menu, selecting Internet Options, then selecting Delete Files from the Temporary Internet Files area and Clear History from the History area). Note: You may not always have the ability to delete this information from someone else's computer, and you can't be certain if it contains spyware or viruses
- Do not store passwords in a file on your PC or laptop—they are at risk if your computer is serviced or stolen
Use Caution When Surfing Wireless Hotspots
Wireless hotspots are becoming common in airports, coffee shops and hotels. They offer a convenient (and often free) means to access the Internet. But hotspots and home-based Wi-Fi (wireless fidelity) networks can also pose risks.
Wi-Fi threats with colorful names such as "sniffing" and "evil twin" attacks are a real danger. "Sniffing" uses a program that intercepts data to find specific information including passwords and credit card numbers. An "evil twin" attack (also called "WiPhishing") occurs when a hacker uses a computer that mirrors the setting of a Wi-Fi network, but usually offers a stronger signal. The unsuspecting user taps into this "rogue" entry point, which then allows the hijacker to gain access to data that the victim might be sending, including login IDs and online account information.
Step-by-step instructions to fully secure your computer against unauthorized Wi-Fi access are beyond the scope of this Alert, but by taking a few key steps you can avoid the most common pitfalls.
First, follow general best practices for securing any Internet-connected computer:
- Keep your computer up to date with the latest security updates
- Install a firewall and anti-virus software on any laptop or PC with wireless connectivity
- When accessing your personal financial information online, you should have a secure web connection at all times—the web site address should start with "https://" instead of "http://" and you should see a secure symbol such as a closed padlock or key on the status bar in the lower right part of your screen
- If authorized, use a Virtual Private Network (VPN) which offers protections that standard networks do not
Next, take some special precautions when connecting to a wireless network:
- When in any doubt about the security of a hotspot, don't use it for conducting confidential business
- Shut off wireless connectivity or remove the wireless network card if you leave your computer unattended
- Disable wireless ad hoc mode. This is a setting that allows all wireless devices to find and communicate with other wireless devices within range. Disabling this mode prohibits networks that you didn't create from using your wireless software, and will also prohibit any unknown or rogue connections
- Disable file and printer sharing capabilities when visiting hotspots
Request a Credit Report
It is a good idea to check your credit report at least once a year since it may signal problems ranging from unauthorized transactions to identity theft.
You can obtain a free annual credit report from each of these three credit bureaus online at www.annualcreditreport.com or by calling (877) 322-8228.
Read Account Statements Carefully
Finally, your account statements are the last line of defense. Be sure to review your account information regularly. Many firms allow you to do so online at any time. If there are transactions that look suspicious, report them to your brokerage firm immediately.
Investor Alert "Phishing" and Other Online Identity Theft Scams: Don't Take the Bait
Notice to Members 05-49 Safeguarding Confidential Customer Information
Wi-Fi Alliance's Wi-Fi Security page
To receive the latest Investor Alerts and other important investor information sign up for Investor News.