Skip to main content
Let’s hope this never happens to you: You have a few free minutes so you decide to go online to check your brokerage account information. Your account balance is much lower than you expect – and you know that, at least for today, neither the market nor any of your securities fell in value. Instead, you see several wire transfers of money from your account to an outside checking account. But, you never authorized those transactions – an identity thief did. Now, that thief has stolen your cash and your personal information.
Today, most investors enjoy some of the conveniences of an online brokerage account, including checking brokerage account information 24/7, buying and selling securities, and transferring money between different brokerage accounts. But if investors don’t take steps to protect their personal information when going online, they could unintentionally set themselves up to become victims of identity theft.
Many identity thieves use malicious software programs to attack vulnerable computers of online users. These software programs can monitor computer activity and send information back to the thief’s computer. Sometimes, these programs will log your key strokes, which allows identity thieves to easily obtain username and password information for any online accounts, including your brokerage account.
Other identity thieves “phish” for personal information on investors. “Phishing” involves using fraudulent emails and copy-cat Websites to trick people into revealing valuable personal information such as account numbers, Social Security Numbers, and username and password information of accounts.
How to Protect Yourself Online
It’s important to take measures to protect yourself against identity thieves when using your online brokerage account. The Securities and Exchange Commission (SEC) offers the following suggestions on ways to keep personal information and money more secure when online:
Beef Up Your Security. Personal firewalls and security software packages (with anti-virus, anti-spam, and spyware detection features) are a must-have for anyone who engages in online financial transactions. Make sure your computer has the latest security patches, and make sure that you access your online brokerage account only on a secure web page using encryption. The Web site address of a secure Web site connection starts with “https” instead of just “http” and has a key or closed padlock in the status bar (which typically appears in the lower right-hand corner of your screen).
Use a Security Token (if available). Using a security token can make it even harder for an identity thief to access your online brokerage account. That’s because these small number-generating devices offer a second layer of security – a one-time pass-code that typically changes every 30 or 60 seconds. These unpredictable pass-codes can frustrate identity thieves. While fraudsters can use keystroke logging programs to obtain regular username and password information, they can’t use these programs to obtain the security token pass-code. Ask your brokerage firm if you can protect your online account with a security token or similar security device.
Be Careful What You Download. When you download a program or file from an unknown source, you risk loading malicious software programs on your computer. Fraudsters often hide these programs within seemingly benign applications. The best advice: Think twice before clicking on a pop-up advertisement or downloading a “free” game or gadget.
Use Your Own Computer. It’s generally safer to access your online brokerage account from your own computer than from other computers. If you use a computer other than your own, for example, you won’t know if it contains viruses or spyware. If you do use another computer, be sure to delete all of the your “Temporary Internet Files” and clear all of your “History” after you log off your account.
Don’t Respond to Emails Requesting Personal Information. Legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as email. If you have reason to believe that your financial institution actually does need personal information from you, pick up the phone and call the company yourself – using the number in your rolodex, not the one the email provides.
Be Smart About Passwords. The best passwords are difficult to guess. Try using a password that consists of a combination of numbers, letters (both upper case and lower case), punctuation, and special characters. You should change your password regularly and use a different password for each of your accounts. Don’t share your password with others and never reply to phishing emails with your password or other sensitive information. You also shouldn’t store your password on your computer. If you need to write down your password, store it in a secure, private place.
Use Extra Caution with Wireless Connections. Wireless networks may not provide as much security as wired Internet connections. In fact, many “hotspots” – wireless networks in public areas like airports, hotels and restaurants – reduce their security so it’s easier for individuals to access and use these wireless networks. Unless you use a security token, you may decide that accessing your online brokerage account through a wireless connection isn’t worth the security risk.
Log Out Completely. Closing or minimizing your browser or typing in a new web address when you’re done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the “log out” button to terminate your online session. In addition, you shouldn’t permit your browser to “remember” your username and password information. If this browser feature is active, anyone using your computer will have access to your brokerage account information.