Are you worried that a hacker might siphon money out of your brokerage account? Your concerns may be justified.
Thanks to high-profile data breaches at Target and Home Depot, consumers are trained to be on the lookout for credit card fraud. But that same level of alertness should be applied to investment and brokerage accounts.
Computer hackers are getting more sophisticated at tricking people into handing over their identifying information, whether it’s a password or login information, according to the Cisco 2015 Midyear Security Report.
“Any financial institution is a potential target because of all that data they are able to monetize,” says Dr. Brett Stone-Gross, senior security researcher with Dell SecureWorks Counter Threat Unit team in Atlanta. “It’s more work on the criminal side, but it’s becoming a more popular target.”
While computer hacks of brokerage accounts aren’t exactly surging, that doesn’t mean they aren’t happening at all, whether internally or externally. Earlier this year, investment firm Morgan Stanley was forced to announce that certain account information, including account names and numbers, of around 900 clients was stolen by an employee and briefly posted online. And in May 2014, Benjamin F. Edwards & Co., the St. Louis-based investment firm, disclosed to clients it was a victim of a computer hack and that some of the data were taken.
Look out for these signs that your brokerage account was breached or is vulnerable to an attack.
Because of all the sensitive information housed at investment firms, you have to be on the watch for any sign that something is amiss.
One of the biggest red flags is unrecognized trade activity, says Joshua Cannell, malware intelligence analyst at Malwarebytes, a San Jose, California, Internet security company.
If you see trades in your account history that don’t look right or you’re receiving email confirmations for trades you didn’t execute, it’s a signal that your account may have been compromised. Checking your account activity regularly will enable you to quickly spot any irregularities, says Cannell.
Banks and investment firms know their reputation is everything and as a result, strive to make their online systems very secure. One method they use is called 2-factor authentication, which requires more than just a password to access your account. Users have to provide a username and password and then an extra PIN or code to get into their account.
If, however, you are logging in to your account and you see a message that the investment firm’s website is down for maintenance, look out. It could be a sign that a hacker is attempting a man-in-the-middle attack in which they grab your credentials while they’re being transmitted to the real firm and initiate a financial transaction from your account, says Stone-Gross.
It’s a good idea to alert the investment firm immediately if you see this message.
Just as poison ivy may get worse each time you are exposed, if your personal information was compromised once, that too can put you at increased risk.
That means you need to ratchet up the vigilance. “If somehow you were involved in a recent breach, that should cause more alarm,” says Jason Glassberg, co-founder of Casaba Security in Redmond, Washington.
Worried someone may have stolen your identity? Check your credit report for free at myBankrate.
Another sign your account has been compromised: You’re getting an increased amount of junk mail focused on investments. If someone stole your information and used it to open an investment account, you’ll get an influx of mail solicitations.
“You need to be really aware of what you are doing and where you are entering information,” says Glassberg.