Online Trading – A Warning!

Avoiding the Pitfalls of Online Trading, a guide by US-CERT


Online trading can be an easy, cost-effective way to manage investments. However, online investors are often targets of scams, so take precautions to ensure that you do not become a victim.

What is online trading?

Online trading allows you to conduct investment transactions over the internet. The accessibility of the internet makes it possible for you to research and invest in opportunities from any location at any time. It also reduces the amount of resources (time, effort, and money) you have to devote to managing these accounts and transactions.

What are the risks?

Recognizing the importance of safeguarding your money, legitimate brokerages take steps to ensure that their transactions are secure. However, online brokerages and the investors who use them are appealing targets for attackers. The amount of financial information in a brokerage’s database makes it valuable; this information can be traded or sold for personal
profit. Also, because money is regularly transferred through these accounts, malicious activity may not be noticed immediately. To gain access to these databases, attackers may use Trojan horses or other types of malicious code.

Attackers may also attempt to collect financial information by targeting the current or potential investors directly. These attempts may take the form of social engineering or phishing attacks (see Avoiding Social Engineering and Phishing Attacks for more information). With methods that include setting up fraudulent investment opportunities or redirecting users to malicious sites that appear to be legitimate, attackers try to convince you to provide them with financial information that they can then use or sell. If you have been victimized, both your money and your identity may be at risk.

How can you protect yourself?

  • Research your investment opportunities – Take advantage of resources such as the U.S. Securities and Exchange Commission’s EDGAR database and your state’s securities commission (found through the North American Securities Administrators Association) to investigate companies.
  • Be wary of online information – Anyone can publish information on the internet, so try to verify any online research through other methods before investing any money. Also be cautious of “hot” investment opportunities advertised online or in email.
  • Check privacy policies – Before providing personal or financial information, check the website’s privacy policy. Make sure you understand how your information will be stored and used.
  • Conduct transactions on devices you control – Avoid conducting transactions on public resources such as internet kiosks, computers in places like libraries, and other shared computers and devices. Other users may introduce security risks.
  • Make sure that your transactions are encrypted – When information is sent over the internet, attackers may be able to intercept it. Encryption prevents the attackers from being able to view the information.
  • Verify that the website is legitimate – Attackers may redirect you to a malicious website that looks identical to a legitimate one. They then convince you to submit your personal and financial information, which they use for their own gain. Check the website’s certificate to make sure it is legitimate.
  • Monitor your investments – Regularly check your accounts for any unusual activity. Report unauthorized transactions immediately.
  • Use strong passwords – Protect your computer, mobile devices, and accounts with passwords that cannot easily be guessed. Use different passwords for each account.
  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. However, because attackers are continually writing new viruses, it is important to keep your virus definitions current.
  • Use anti-spyware tools – Spyware is a common source of viruses, and attackers may use it to access information on your computer. You can minimize the number of infections by using a legitimate program that identifies and removes spyware .
  • Keep software up to date – Install software updates so that attackers can’t take advantage of known problems or vulnerabilities. Enable automatic updates if the option is available.
  • Evaluate your security settings – By adjusting the security settings in your browser, you may limit your risk of certain attacks.
The following sites offer additional information and guidance:
* U.S. Securities and Exchange Commission http://www.sec.gov/investor/pubs/cyberfraud.htm

* National Consumers League http://www.fraud.org/tips/internet/investment.htm
Author: Mindi McDowell. Produced 2006 by US-CERT, a US government organization.This document can also be found here: http://www.us-cert.gov/cas/tips/ST06-004.html

Leave a Comment

Your email address will not be published. Required fields are marked *