US-CERT Cyber Security Tip ST06-004 -- Avoiding the Pitfalls of Online Trading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST06-004
                   Avoiding the Pitfalls of Online Trading

   Online trading can be an easy, cost-effective way to manage investments.
   However, online investors are often targets of scams, so take precautions to
   ensure that you do not become a victim.

What is online trading?

   Online  trading allows you to conduct investment transactions over the
   internet. The accessibility of the internet makes it possible for you to
   research and invest in opportunities from any location at any time. It also
   reduces the amount of resources (time, effort, and money) you have to devote
   to managing these accounts and transactions.

What are the risks?

   Recognizing the importance of safeguarding your money, legitimate brokerages
   take steps to ensure that their transactions are secure. However, online
   brokerages  and  the  investors who use them are appealing targets for
   attackers. The amount of financial information in a brokerage's database
   makes it valuable; this information can be traded or sold for personal
   profit. Also, because money is regularly transferred through these accounts,
   malicious activity may not be noticed immediately. To gain access to these
   databases, attackers may use Trojan horses or other types of malicious code
   (see Why is Cyber Security a Problem? for more information).

   Attackers may also attempt to collect financial information by targeting the
   current or potential investors directly. These attempts may take the form of
   social engineering or phishing attacks (see Avoiding Social Engineering and
   Phishing Attacks for more information). With methods that include setting up
   fraudulent investment opportunities or redirecting users to malicious sites
   that appear to be legitimate, attackers try to convince you to provide them
   with financial information that they can then use or sell. If you have been
   victimized, both your money and your identity may be at risk (see Preventing
   and Responding to Identity Theft for more information).

How can you protect yourself?

     * Research your investment opportunities - Take advantage of resources
       such as the U.S. Securities and Exchange Commission's EDGAR database and
       your state's securities commission (found through the North American
       Securities Administrators Association) to investigate companies.
     * Be wary of online information - Anyone can publish information on the
       internet, so try to verify any online research through other methods
       before  investing  any money. Also be cautious of "hot" investment
       opportunities advertised online or in email.
     * Check  privacy  policies  - Before providing personal or financial
       information,  check  the  web site's privacy policy. Make sure you
       understand how your information will be stored and used (see Protecting
       Your Privacy for more information).
     * Make sure that your transactions are encrypted - When information is
       sent  over  the  internet,  attackers may be able to intercept it.
       Encryption  prevents  the  attackers  from  being able to view the
       information.
     * Verify that the web site is legitimate - Attackers may redirect you to a
       malicious web site that looks identical to a legitimate one. They then
       convince you to submit your personal and financial information, which
       they use for their own gain. Check the web site's certificate to make
       sure it is legitimate (see Understanding Web Site Certificates for more
       information).
     * Monitor your investments - Regularly check your accounts for any unusual
       activity. Report unauthorized transactions immediately.
     * Use and maintain anti-virus software - Anti-virus software recognizes
       and protects your computer against most known viruses. However, because
       attackers are continually writing new viruses, it is important to keep
       your virus definitions current (see Understanding Anti-Virus Software
       for more information).
     * Use anti-spyware tools - Spyware is a common source of viruses, and
       attackers may use it to access information on your computer. You can
       minimize the number of infections by using a legitimate program that
       identifies and removes spyware (see Recognizing and Avoiding Spyware for
       more information).
     * Keep software up to date - Install software patches so that attackers
       can't  take  advantage  of  known problems or vulnerabilities (see
       Understanding Patches for more information). Enable automatic updates if
       the option is available.
     * Evaluate your security settings - By adjusting the security settings in
       your browser, you may limit your risk of certain attacks (see Evaluating
       Your Web Browser's Security Settings for more information).

   The following sites offer additional information and guidance:
     * U.S.      Securities      and      Exchange      Commission      -
       http://www.sec.gov/investor/pubs/cyberfraud.htm
     * National Consumers League -
       http://www.fraud.org/tips/internet/investment.htm
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2006 by US-CERT, a government organization.
 
     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST06-004.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSQjEz3IHljM+H4irAQLQOwf/RuBuHPc9l6wimu6awtgs1QODEEk6s1/l
yzEj8giqXZwp4rtYzDuq16pIxnH5edfBPXqHh36P15LnCjvVJYVZWOfQx8KCaxHQ
L6aIVuqq8kwIuFt2UfW6oYPIel/Q+W6R9+rWqdf2C46PimUWECsrTL8WTpv80r4Q
onIeoJfcHaNcuDXnE7dK1RB/e4YV1VPBmfuwXqrruRTqGHgEZPUGCWDoDo18CaoC
nALi9L8H1nH6AnzPa5wuolpQtp7irg4BKZKqTLOyOJjgbQZ3VSdtddL9AzgYgPCp
MTTSNce285JaLsE+KM9VXxhXeNKTjgpVp7QWSjAHFVekx3VUhy0P+w==
=U4DP
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux