Movers and SHAKERS
Cyber-Piracy Risk and Protecting Online Brokerage Accounts
The increasing popularity of online and smartphone trading has increased opportunities for a few unwanted players. Unfortunately, some of these players are hackers, thieves, and other conmen. Just as the rise of email opened the door for the wealthy “Nigerian Princes” to reach out across the ocean and solicit financial help, technology and interconnectivity open the doors to new scams and other avenues for criminals to gain information on you with bad intent.
The enhanced ability to work remotely, which was more broadly adopted and rushed into place by the challenges of 2020, has since caused an increase in opportunities to hack information from unsuspecting computer and smartphone users. The online brokerage community has been a recent victim. This past week, one popular trading app reported that it had a "limited number" of customer accounts targeted by cybercriminals. Although many of these 2000 odd accounts had been looted and skimmed, the broker made clear that their systems themselves were not hacked. The fintech criminals were able to compromise users' personal email accounts outside of the trading app; they then used those emails to gain access to customer’s login, the company said.
Investment brokerages rely on providing, information, reliability, and execution. However, none of these will keep them in business without an outstanding reputation. Broker’s need to maintain this reputation, for this reason they may be inclined to help investors whose accounts, through no fault of the broker, have been looted. This type of theft is not covered by FDIC insurance as it would be (within limits) at most depository institutions. The SIPC signage you see at many brokerage firms provides coverage only for cash and securities in the trading account. This insurance coverage comes into play primarily if the broker is in financial trouble, and customer assets are missing. It does not provide protection against other theft. And, the SIPC is not a regulatory body of any kind. The recent cases referred to above, involved individuals own electronic devices being hacked.
The brokerage community is not automatically responsible for your online weaknesses. That is generally up to you. The growth in popularity of online trading has exposed weaknesses on many fronts. In order to have some level of comfort, it is best to research how individual brokers have historically handled cases of their customers' login being hacked. It’s also good practice to see how easy it is to reach their customer service number. If money is wired out of your account without authorization, it may be possible for the broker to reverse the transfer. But not if they are unreachable. If you have an account, you may decide to find that number now and put it in your phone's directory rather than try to find it on their site when speed is important.
Individual brokerages have their own policies. If cybersecurity is a large concern of yours, you may want to prioritize working with a company that guarantees they will take responsibility. Even if it means they are lacking in other services and conveniences offered by others.
The Charles Schwab website explains its policy on cybercrime.
No one is scam proof, but there are precautions you can take and red flags you should recognize. Some of the more basic precautions include not divulging your personal information to any non-authorized person. If you are called by someone asking for information, call them back using the website’s direct number. If an email or website looks odd, question it. Look at the URL, dig deeper to ensure the site is legitimate.
The Interactive Brokers website has a notice posted on how to avoid phishing scams.
You shouldn’t use unknown or unprotected WiFi when logging into your account. Check your balances frequently, even if you haven’t transacted in a while. Also, brokers are required to issue confirmations of transactions and account statements at scheduled intervals. Open them, and be sure to review the statements closely. Look to see if there are any unauthorized activity in your account. Make sure your cash balance reconciles with your known activity. Make certain your contact and address information have not been changed. As an additional layer of caution, take the time to change your password as frequently as practical.
Any questions should be directed to the brokerage firm in writing. You may first call to be expeditious but then follow-up with documentation of the call, including who you spoke with and all details of what was discussed.
Below are helpful resources on where to turn for help should you believe you are a victim of cybercriminals:
- The United States Securities and Exchange Commission
- The Financial Industry Regulatory Authority
- Your State Securities Regulator
- North American Securities Administrators Association
- National Fraud Information Center
- Investor Protection Trust
- Alliance for Investor Education
- FBI/Secret Service Internet Fraud
- Federal Trade Commission
- U.S. Commodity Futures Trading Commission
Each event in our popular Virtual Road Shows Series has a maximum capacity of 100 investors online. To take part, listen to, and perhaps get your questions answered, see which virtual investor meetings intrigue you here.