US-CERT Cyber Security Tip ST06-004 -- Avoiding the Pitfalls of Online Trading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    Cyber Security Tip ST06-004
                    Title of Cyber Security Tip

 Avoiding the Pitfalls of Online Trading

   Online trading can be an easy, cost-effective way to manage
   investments. However, online investors are often targets of scams, so
   take precautions to ensure that you do not become a victim.

What is online trading?

   Online  trading allows you to conduct investment transactions over the
   internet.  The accessibility of the internet makes it possible for you
   to research and invest in opportunities from any location at any time.
   It  also reduces the amount of resources (time, effort, and money) you
   have to devote to managing these accounts and transactions.

What are the risks?

   Recognizing  the  importance  of  safeguarding  your money, legitimate
   brokerages  take  steps  to ensure that their transactions are secure.
   However,  online  brokerages  and  the  investors  who  use  them  are
   appealing  targets  for attackers. The amount of financial information
   in  a  brokerage's database makes it valuable; this information can be
   traded  or  sold for personal profit. Also, because money is regularly
   transferred  through  these  accounts,  malicious  activity may not be
   noticed  immediately. To gain access to these databases, attackers may
   use  Trojan  horses or other types of malicious code (see Why is Cyber
   Security a Problem? for more information).

   Attackers  may  also  attempt  to  collect  financial  information  by
   targeting  the current or potential investors directly. These attempts
   may  take  the  form  of  social  engineering or phishing attacks (see
   Avoiding   Social   Engineering   and   Phishing   Attacks   for  more
   information).   With   methods  that  include  setting  up  fraudulent
   investment  opportunities or redirecting users to malicious sites that
   appear to be legitimate, attackers try to convince you to provide them
   with financial information that they can then use or sell. If you have
   been victimized, both your money and your identity may be at risk (see
   Preventing and Responding to Identity Theft for more information).

How can you protect yourself?

     * Research   your  investment  opportunities  -  Take  advantage  of
       resources  such  as  the U.S. Securities and Exchange Commission's
       EDGAR  database  and  your  state's  securities  commission (found
       through  the North American Securities Administrators Association)
       to investigate companies.
     * Be  wary of online information - Anyone can publish information on
       the  internet,  so try to verify any online research through other
       methods  before  investing  any  money.  Also be cautious of "hot"
       investment opportunities advertised online on in email.
     * Check  privacy  policies  - Before providing personal or financial
       information,  check  the  web site's privacy policy. Make sure you
       understand  how  your  information  will  be  stored and used (see
       Protecting Your Privacy for more information).
     * Make  sure that your transactions are encrypted - When information
       is  sent over the internet, attackers may be able to intercept it.
       Encryption  prevents  the  attackers  from  being able to view the
       information.
     * Verify  that  the  web site is legitimate - Attackers may redirect
       you  to  a malicious web site that looks identical to a legitimate
       one.  They then convince you to submit your personal and financial
       information,  which  they  use  for  their own gain. Check the web
       site's   certificate   to   make   sure   it  is  legitimate  (see
       Understanding Web Site Certificates for more information).
     * Monitor  your  investments - Regularly check your accounts for any
       unusual activity. Report unauthorized transactions immediately.
     * Use   and  maintain  anti-virus  software  -  Anti-virus  software
       recognizes  and protects your computer against most known viruses.
       However, because attackers are continually writing new viruses, it
       is   important   to  keep  your  virus  definitions  current  (see
       Understanding Anti-Virus Software for more information).
     * Use  anti-spyware  tools  - Spyware is a common source of viruses,
       and  attackers  may use it to access information on your computer.
       You  can  minimize  the number of infections by using a legitimate
       program  that  identifies and removes spyware (see Recognizing and
       Avoiding Spyware for more information).
     * Keep  software  up  to  date  -  Install  software patches so that
       attackers    can't   take   advantage   of   known   problems   or
       vulnerabilities  (see Understanding Patches for more information).
       Enable automatic updates if the option is available.
     * Evaluate  your  security  settings  -  By  adjusting  the security
       settings  in  your  browser,  you  may  limit your risk of certain
       attacks  (see  Evaluating Your Web Browser's Security Settings for
       more information).

   The following sites offer additional information and guidance:
     * U.S.      Securities      and      Exchange      Commission      -
       http://www.sec.gov/investor/pubs/cyberfraud.htm
     * National Consumers League -
       http://www.fraud.org/tips/internet/investment.htm
     _________________________________________________________________

   Author: Mindi McDowell
     _________________________________________________________________

    Produced 2006 by US-CERT, a government organization.
  
    Terms of use
 
    <http://www.us-cert.gov/legal.html>
  
    This document can also be found at
 
    <http://www.us-cert.gov/cas/tips/ST06-004.html>
 

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRE/hgH0pj593lg50AQI3Ogf/XxTN4Y0Lltz1T+6jUcD2KyhEgJsq+xN/
o24TFGF5E9Nl1qnhFmSHKxd1vAWrXvQBStNp1Jv/KauXhy/ai2WrLXNls2lcEor3
78mQAu4KZeOFCG2Zyfmqmca5XvolUf02K8shywlEyb9rqYCepr5yDoawfhBtwEru
Xrtianw2qWUn5e4S/mKk7fP8Dj8QLiaQc7jm/iEbDw0BBfgz4fLuwGycq0v/Slz/
pP92h0rVB5D94Kg0kyJD4RG+0h/YcGGr6jq5zYVVaS9drFXxpEbhYZQzjeJk6UCS
PnICJHH7Em/o+4nPPeeOgxX3nTJlsrIG4C7VBDgZ0Or/KwXQtxmHPQ==
=WUl1
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux