-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-004
Avoiding the Pitfalls of Online Trading
Online trading can be an easy, cost-effective way to manage investments.
However, online investors are often targets of scams, so take precautions to
ensure that you do not become a victim.
What is online trading?
Online trading allows you to conduct investment transactions over the
internet. The accessibility of the internet makes it possible for you to
research and invest in opportunities from any location at any time. It also
reduces the amount of resources (time, effort, and money) you have to devote
to managing these accounts and transactions.
What are the risks?
Recognizing the importance of safeguarding your money, legitimate brokerages
take steps to ensure that their transactions are secure. However, online
brokerages and the investors who use them are appealing targets for
attackers. The amount of financial information in a brokerage's database
makes it valuable; this information can be traded or sold for personal
profit. Also, because money is regularly transferred through these accounts,
malicious activity may not be noticed immediately. To gain access to these
databases, attackers may use Trojan horses or other types of malicious code
(see Why is Cyber Security a Problem? for more information).
Attackers may also attempt to collect financial information by targeting the
current or potential investors directly. These attempts may take the form of
social engineering or phishing attacks (see Avoiding Social Engineering and
Phishing Attacks for more information). With methods that include setting up
fraudulent investment opportunities or redirecting users to malicious sites
that appear to be legitimate, attackers try to convince you to provide them
with financial information that they can then use or sell. If you have been
victimized, both your money and your identity may be at risk (see Preventing
and Responding to Identity Theft for more information).
How can you protect yourself?
* Research your investment opportunities - Take advantage of resources
such as the U.S. Securities and Exchange Commission's EDGAR database and
your state's securities commission (found through the North American
Securities Administrators Association) to investigate companies.
* Be wary of online information - Anyone can publish information on the
internet, so try to verify any online research through other methods
before investing any money. Also be cautious of "hot" investment
opportunities advertised online or in email.
* Check privacy policies - Before providing personal or financial
information, check the website's privacy policy. Make sure you
understand how your information will be stored and used (see Protecting
Your Privacy for more information).
* Conduct transactions on devices you control - Avoid conducting
transactions on public resources such as internet kiosks, computers in
places like libraries, and other shared computers and devices. Other
users may introduce security risks.
* Make sure that your transactions are encrypted - When information is
sent over the internet, attackers may be able to intercept it.
Encryption prevents the attackers from being able to view the
information.
* Verify that the website is legitimate - Attackers may redirect you to a
malicious website that looks identical to a legitimate one. They then
convince you to submit your personal and financial information, which
they use for their own gain. Check the website's certificate to make
sure it is legitimate (see Understanding Web Site Certificates for more
information).
* Monitor your investments - Regularly check your accounts for any unusual
activity. Report unauthorized transactions immediately.
* Use strong passwords - Protect your computer, mobile devices, and
accounts with passwords that cannot easily be guessed (see Choosing and
Protecting Passwords for more information). Use different passwords for
each account.
* Use and maintain anti-virus software - Anti-virus software recognizes
and protects your computer against most known viruses. However, because
attackers are continually writing new viruses, it is important to keep
your virus definitions current (see Understanding Anti-Virus Software
for more information).
* Use anti-spyware tools - Spyware is a common source of viruses, and
attackers may use it to access information on your computer. You can
minimize the number of infections by using a legitimate program that
identifies and removes spyware (see Recognizing and Avoiding Spyware for
more information).
* Keep software up to date - Install software updates so that attackers
can't take advantage of known problems or vulnerabilities (see
Understanding Patches for more information). Enable automatic updates if
the option is available.
* Evaluate your security settings - By adjusting the security settings in
your browser, you may limit your risk of certain attacks (see Evaluating
Your Web Browser's Security Settings for more information).
The following sites offer additional information and guidance:
* U.S. Securities and Exchange Commission -
http://www.sec.gov/investor/pubs/cyberfraud.htm
* National Consumers League -
http://www.fraud.org/tips/internet/investment.htm
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Note: This tip was previously published and is being
re-distributed to increase awareness.
Terms of use
http://www.us-cert.gov/legal.html
This document can also be found at
http://www.us-cert.gov/cas/tips/ST06-004.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit http://www.us-cert.gov/cas/signup.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTZ3M2j6pPKYJORa3AQJ+NwgAh37d2f9qus1hLhC/Kw1cTCvhMxCq3RH7
X/cDXh+XP+S4kdySn47+4OWw4Jxz2WUMTYsJJBY1aUO9ry5pUnVLStJcSQZyI9tz
xYRs8B4TWepkF9tCSchfGtQTho+mt737DQ2nYMXSF7AwZ6kiEyXiGrxUwY5un6uM
7Mzt4l9FFUQV6GqxAh2vCn7/vgtXdtBcyXizI+JTyT9c9VHP+M3XjQTbvDgSb8N/
/O6Min6egzeh8a4QjGFZKwx8AXo7WBuct0oruqlfrrTN7i4fg5qv5up4GIg6mO4f
bl3xkcSVCERBIsDwyS0oUldEIQ9VX/o19zRsfp1aTtgQLTZ9dkavFA==
=cbt4
-----END PGP SIGNATURE-----
