-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-004
Title of Cyber Security Tip
Avoiding the Pitfalls of Online Trading
Online trading can be an easy, cost-effective way to manage
investments. However, online investors are often targets of scams, so
take precautions to ensure that you do not become a victim.
What is online trading?
Online trading allows you to conduct investment transactions over the
internet. The accessibility of the internet makes it possible for you
to research and invest in opportunities from any location at any time.
It also reduces the amount of resources (time, effort, and money) you
have to devote to managing these accounts and transactions.
What are the risks?
Recognizing the importance of safeguarding your money, legitimate
brokerages take steps to ensure that their transactions are secure.
However, online brokerages and the investors who use them are
appealing targets for attackers. The amount of financial information
in a brokerage's database makes it valuable; this information can be
traded or sold for personal profit. Also, because money is regularly
transferred through these accounts, malicious activity may not be
noticed immediately. To gain access to these databases, attackers may
use Trojan horses or other types of malicious code (see Why is Cyber
Security a Problem? for more information).
Attackers may also attempt to collect financial information by
targeting the current or potential investors directly. These attempts
may take the form of social engineering or phishing attacks (see
Avoiding Social Engineering and Phishing Attacks for more
information). With methods that include setting up fraudulent
investment opportunities or redirecting users to malicious sites that
appear to be legitimate, attackers try to convince you to provide them
with financial information that they can then use or sell. If you have
been victimized, both your money and your identity may be at risk (see
Preventing and Responding to Identity Theft for more information).
How can you protect yourself?
* Research your investment opportunities - Take advantage of
resources such as the U.S. Securities and Exchange Commission's
EDGAR database and your state's securities commission (found
through the North American Securities Administrators Association)
to investigate companies.
* Be wary of online information - Anyone can publish information on
the internet, so try to verify any online research through other
methods before investing any money. Also be cautious of "hot"
investment opportunities advertised online on in email.
* Check privacy policies - Before providing personal or financial
information, check the web site's privacy policy. Make sure you
understand how your information will be stored and used (see
Protecting Your Privacy for more information).
* Make sure that your transactions are encrypted - When information
is sent over the internet, attackers may be able to intercept it.
Encryption prevents the attackers from being able to view the
information.
* Verify that the web site is legitimate - Attackers may redirect
you to a malicious web site that looks identical to a legitimate
one. They then convince you to submit your personal and financial
information, which they use for their own gain. Check the web
site's certificate to make sure it is legitimate (see
Understanding Web Site Certificates for more information).
* Monitor your investments - Regularly check your accounts for any
unusual activity. Report unauthorized transactions immediately.
* Use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses.
However, because attackers are continually writing new viruses, it
is important to keep your virus definitions current (see
Understanding Anti-Virus Software for more information).
* Use anti-spyware tools - Spyware is a common source of viruses,
and attackers may use it to access information on your computer.
You can minimize the number of infections by using a legitimate
program that identifies and removes spyware (see Recognizing and
Avoiding Spyware for more information).
* Keep software up to date - Install software patches so that
attackers can't take advantage of known problems or
vulnerabilities (see Understanding Patches for more information).
Enable automatic updates if the option is available.
* Evaluate your security settings - By adjusting the security
settings in your browser, you may limit your risk of certain
attacks (see Evaluating Your Web Browser's Security Settings for
more information).
The following sites offer additional information and guidance:
* U.S. Securities and Exchange Commission -
http://www.sec.gov/investor/pubs/cyberfraud.htm
* National Consumers League -
http://www.fraud.org/tips/internet/investment.htm
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-004.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRE/hgH0pj593lg50AQI3Ogf/XxTN4Y0Lltz1T+6jUcD2KyhEgJsq+xN/
o24TFGF5E9Nl1qnhFmSHKxd1vAWrXvQBStNp1Jv/KauXhy/ai2WrLXNls2lcEor3
78mQAu4KZeOFCG2Zyfmqmca5XvolUf02K8shywlEyb9rqYCepr5yDoawfhBtwEru
Xrtianw2qWUn5e4S/mKk7fP8Dj8QLiaQc7jm/iEbDw0BBfgz4fLuwGycq0v/Slz/
pP92h0rVB5D94Kg0kyJD4RG+0h/YcGGr6jq5zYVVaS9drFXxpEbhYZQzjeJk6UCS
PnICJHH7Em/o+4nPPeeOgxX3nTJlsrIG4C7VBDgZ0Or/KwXQtxmHPQ==
=WUl1
-----END PGP SIGNATURE-----
