We are all aware of the increasing risks of cybercrime. Target, Home Depot and other major retailers have exposed the vast majority of Americans to cybercriminals; but most of us haven't seen the after effects… at least not yet. Therefore it is of utmost importance to protect your personal data as much as possible because you don't want to have your identity stolen. To do this you must stay ahead of the curve and more importantly ahead of the criminals.

One particular type of email fraud affecting the investment industry is referred to as a hostile email account takeover (see chart below from TD Ameritrade). In this type of fraud, a hacker uses malware to take control of a victim's email account. Then they look through your emails to identify your financial institutions and/or financial advisor. Once this is done, they will email your financial advisor (from your own email account) and ask for a wire transfer. The fraudster may even go to such lengths as replicating the format you normally use in your email messages. Often times, they will pretend to be extremely busy (in meetings all day or have a long flight), don't have time to talk, and create a sense of urgency to get the wire done fast. If fraud isn't detected, your money could be transferred out to a cybercriminal. Because of this, your advisor should take the critical step to verify wire transfer requests by phone to ensure that it is a legitimate request.


This type of attack is possible because of email vulnerability. Without access to your email, the cybercriminals can't use this type of attack to request a wire transfer. Therefore to protect your brokerage account, you should take these 3 steps to protect yourself.

1) Use 2-Step Verification

Activating 2-Step Verification for your email accounts is a good first line of defense. It will protect your account with both your password and phone. Even if your password becomes compromised, 2-Step Verification can help keep the bad guys out.

You may be concerned that this is a tedious process but it is quite simple and very effective. For example, if you use Gmail‘s 2-Step Verification, you only need to do this process once from each device that you use. When you or anyone else tried to sign in to your account from another computer/device, 2-Step verification will be required..

Your custodian bank (Fidelity, TD Ameritrade, Schwab) may also offer 2-Factor Authentication. For example, Fidelity offers it with either a physical token or Symantec app. Check with your custodian to see what additional security they offer.

2) Be aware of spyware and viruses

Malware can do many things that put you at risk for identity theft, including recording keystrokes, capturing personal information and downloading unwanted code. Therefore you must protect your computer by always running a current version of antivirus software.

Practice safe web surfing. Use a search engine when going to websites — this will correct any misspellings in a web address and help you avoid pages that contain malware.

3) Know how to spot phishing

Phishing is a scheme that utilizes legitimate-looking spam emails to deceive you into disclosing personal information. Beware of generic greetings coming from your custodian. Instead of addressing you by name, phishing email often start with “Welcome Card Member” or “Welcome Account Holder.” Most reputable companies will have your name and/or partial account number in email correspondences.

Also beware of urgent messages or information requests. One way phishers prompt you to respond is by threatening you about your account by claiming it will be closed or suspended if action isn't taken.

Be smart and don't click on anything suspicious. Please share any tips that you have in the comments below.


photo credit: Stian Eikeland via photopin cc