Digital Pirates Are Hacking Brokerage Accounts | Bloomberg

“Cyber hacking has now become the biggest threat to investors’ financial well-being.”

Cybersecurity experts say the exponential rise in online stock trading on apps such as Robinhood has created a parallel opportunity for hackers. And even the most diligent traders can fall prey to the increasingly sophisticated tactics of today’s digital pirates.

According to the Financial Industry Regulatory Authority (FINRA), a government-authorized not-for-profit organization that oversees U.S. broker-dealers, cyber threats to brokerage firms are increasing and with these threats comes the increase risk of potential harm to investors. Dangers to accounts include email hack attacks, improper transfer or theft of customer assets, and misuse or even theft of customer data.

“Cyber hacking has now become the biggest threat to investors’ financial well-being,” said Andrew Stoltmann, a Chicago-based lawyer and former president of the Public Investors Advocate Bar Association. “Unfortunately, brokerage firms haven’t invested the money needed in order to keep cyber hacking of brokerage accounts from happening.”

The cyber threat

More believable “phishing” emails, said Jonathan Care, a research director who specializes in cybersecurity and fraud at Gartner, has aided in the hacking of accounts. Such missives might use personal information gathered from publicly visible social-media accounts. They may use the logos of financial institutions to look official to even the most discerning eye enticing unwitting investors may be baited into forking over their log-in information.

Other tactics take place in the background and make legitimate-seeming web activity risky. Some hackers set up WiFi networks in public places with monikers that sound credible — such as the name of a nearby business — which can in fact be used to take control of a system.

Malicious software installed on some machines can detect when users log into financial accounts and even make additional transactions they did not intended to authorize, Care said.

How to protect your brokerage accounts

Digital traders should change their passwords frequently, experts say, and avoid unfamiliar WiFi networks. They should be sure to have two-factor authentication enabled, which requires a secondary code to sign in.

But more than anything else, even savvy users could benefit from simply paying more attention to the flurry of emails, texts and other messages that flood their devices.

Recourse if hacked

Investors who think their accounts are compromised should immediately notify their brokers, who may be able to track down where funds were wired and reverse the transfer. After alerting their brokers, investors may also find it helpful to file a complaint with law enforcement. The most direct way to do that in the U.S. is with the FBI’s Internet Crime Complaint Center.

A common industry practice is to promise to cover 100% of losses as a result of unauthorized activity in a brokerage account. The sticking point, of course, is whether the company will rule the breach was indeed unauthorized or lay the blame on you. Since brokerage firms have a strong incentive to compensate consumers for losses.

“With most of these firms, the judgments are really reputational,” said Adam Fee, a former federal prosecutor in the Southern District of New York who is now a partner at Milbank, a law firm. “When something bad happens, they are asking, ‘Do we want a bunch of articles about how people are out money because we messed up and didn’t react?’”

Practice Cyber Safety

Your online security can be enhanced by doing your part to safeguard your brokerage accounts and personal financial information.

Sound cyber safety tips include using up to date firewall and anti-virus programs on your personal computer, as well as formally logging out of all online sessions related to your account once you are finished. If you use apps on mobile devices to access your financial accounts, be sure to password-protect your device—and make sure you select the highest security setting that the app offers (such as disabling quick access or keeping your account open even if you close the app).

Email awareness is essential. Cybercriminals use a variety of phishing techniques—scams that use spam email or a fake website to lure you into revealing your bank or brokerage account information, passwords or PINs, Social Security number or other types of confidential information.

Beware of emails that request personal information. And, don’t reply to, or click on a link in, an unsolicited email that asks for your personal information. When in doubt, log onto the main website of your bank, credit card company or brokerage firm using the website address that appears on your account statements or credit card—or call your firm using a telephone number you know is legitimate.

Stay Protected While Connected

The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you even in your own home on encrypted Wi-Fi.

You can protect yourself from online fraud:

  • Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar— this signifies a secure connection.
  • When you find yourself out in the great “wild Wi-Fi West,” avoid free Internet access with no encryption.
  • If you do use an unsecured public access point, practice good Internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.
  • Don’t reveal personally identifiable information such as your bank account number, SSN, or date of birth to unknown sources.
  • Type website URLs directly into the address bar instead of clicking on links or cutting and pasting from the email.

Read more: https://www.bloomberg.com/news/articles/2020-10-13/brokerage-account-hack-what-to-do-if-money-in-robinhood-other-apps-is-stolen?utm_campaign=news&utm_medium=bd&utm_source=applenews

STOP. THINK. CONNECT. ™

The STOP.THINK.CONNECT.™ Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.


References:

  1. https://www.finra.org/investors/alerts/cybersecurity-and-your-brokerage-firm
  2. https://www.bloomberg.com/news/articles/2020-10-13/brokerage-account-hack-what-to-do-if-money-in-robinhood-other-apps-is-stolen?utm_campaign=news&utm_medium=bd&utm_source=applenews
  3. https://www.cisa.gov/stopthinkconnect
  4. https://www.cisa.gov/sites/default/files/publications/NCSAM_TheftScams_2020.pdf
Advertisements