Protecting Against Cyber Fraud
Keeping your information secure from criminals is a top priority for our firm. To better protect you and your accounts from cybersecurity threats, we continuously review security procedures to ensure that we are following best practices recommended by the custodians, financial institutions, and industry experts with whom we work.
While we feel we are taking clear and actionable steps in our own firm’s security measures, cyber fraud continues to escalate, is becoming more sophisticated, and is ever changing. These threats take various forms, including email scams (e.g., phishing), where criminals obtain investors’ identity and use that information to commit various forms of wire fraud.
This checklist describes these phishing scams and other tactics that we believe investors should be aware of.
As a fiduciary to your financial accounts, we are encouraging our clients to embrace a series of measures to help protect their identity and mitigate potential security risks. This investor protection checklist outlines some best practices for investors across six key areas to help you:
- Manage your devices
- Protect all passwords
- Surf the Web safely
- Protect information on social networks
- Protect your email accounts
- Safeguard your financial accounts
Please carefully review this checklist with all members of your household.
We also ask that you do the following:
- If you change a current address, notify us so that we can update our records.
- If you suspect that your email account has been compromised, call us immediately.
- If you suspect that your Fidelity account has been compromised, call us immediately.
If it’s after business hours, call us and call 1‐800‐FIDELITY and ask for the Customer Protection Team to inform them of suspicious account activity.
Do not hesitate to contact us with questions or concerns about how we protect your accounts or the steps you and your family can take to better protect yourselves and mitigate risk. As always, we appreciate the opportunity to help you achieve your financial goals.
Common tactics used to steal identity and login credentials:
Some of the most common tactics criminals use to compromise a victim’s identity or login credentials are described below. After gaining access to an investor’s personal information, criminals can use it to commit various types of fraudulent activity.
- Malware. Using malicious software (hence, the prefix “mal” in malware), criminals gain access to private computer systems (e.g., home computer) and gather sensitive personal information such as Social Security numbers, account numbers, passwords, and more.
How it works: While malware can be inserted into a victim’s computer by various means, it often slips in when an unwary user clicks an unfamiliar link or opens an infected email.
- Phishing. In this ruse, the criminals attempt to acquire sensitive personal information via email. Phishing is one of the most common tactics observed in the financial services industry.
How it works: Masquerading as an entity with which the victim already has a financial relationship (e.g., a bank, credit card company, brokerage company, or other financial services firm), the criminals solicit sensitive personal data from unwitting recipients.
- Social engineering. Via social media and other electronic media, criminals gain the trust of victims over time, manipulating them into divulging confidential information.
How it works: Typically, these scammers leverage something they know about the person—like their address or phone number—to gain their confidence and get them to provide more personal information, which can be used to assist the criminal in committing fraud.
Social engineering has increased dramatically, and many times fraudsters are contacting investors by telephone.
The action items presented in the following investor protection checklist are intended to help you and your family better protect yourselves against such activity. This educational checklist is designed to help you take appropriate action to better protect you and your family and mitigate risk of cyber fraud. Carefully review the items in each of the categories below to determine which apply to your unique situation.