Hackers, cyberspace fraudsters are more sophisticated than ever. Protect yourself
Sarah Dougherty
Sun
There are ways to keep criminals out of your cyberspace once you’ve logged on to a financial site.
MONTREAL – In August, online discount broker TradeFreedom Securities Inc. discreetly notified some of its clients that personal information had been lifted from a database of the Montreal-based company.
Last year, the Investment Dealers Association of Canada issued a public alert about intruders hijacking online accounts. In some cases, client portfolios were sold out.
In the U.S., securities regulators saw a dramatic increase last year in the number of intrusions into these kinds of accounts. Some of the con artists used client money to try to artificially pump up the price of shares.
Hackers and cyberspace fraudsters are more sophisticated than ever. But many of the millions of Canadians who invest through online discount brokerages are unaware of the security risks and how to protect themselves.
TradeFreedom, a subsidiary of Scotiabank, said the August incident was the work of a hacker, but would not reveal more details.
The information taken from client accounts included social insurance numbers, names, telephone numbers and elements of postal addresses, TradeFreedom representative Kathleen Cheong said. Not all of the company’s clients were affected. Trading accounts weren’t compromised, she said.
“We’ve hired a computer security firm,” Cheong said. “It’s unfortunate, but all we can do it learn from it.”
The company offered affected clients a free, one-year subscription to a credit monitoring service so they could check for suspicious activity.
TradeFreedom also reported the incident to the Quebec provincial police, which launched an investigation.
More serious breaches have been reported by the Investment Dealers Association of Canada (IDA), the self-regulatory organization for the securities industry.
In an August 2006 advisory to investors, the IDA said intruders had penetrated trading accounts and executed trades. After selling securities, the fraudsters used the credit to buy other securities in an apparent attempt to manipulate share prices.
Andrew Popovic, the IDA’s vice-president for enforcement, would not identify the firms involved. His group reports this kind of activity to law enforcement agencies, he said.
However, the IDA does not impose any security standards on its members. The group encourages member firms to carry insurance for fraud, which can be used to reimburse clients, but coverage is not required.
Popovic said “2006 was the first time we were aware of intrusions into trading accounts.” Getting cash out of accounts is much more difficult, he added. “In the U.S., there have been a significantly greater number of instances,” Popovic said, referring to money withdrawn from accounts. “You can get the credit value out with a cheque or transfer. In Canada, there are more checks and balances.”
The Vancouver Sun DIGITAL
You can now listen to every Vancouver Sun story on our new digital edition.
Free to full-week print subscribers or sign up for a 7-day free trial. www.vancouversun.com/digital.
ARMOUR-PLATE YOUR COMPUTER
Ways investors can fend off fraud:
– Equip your computer with the latest anti-virus, anti-spam and anti-spyware detection software and keep it current with update patches.
– Use firewalls, which are hardware or software devices to filter information coming from the Internet.
– Only access your brokerage account through a secure web page that uses encryption. These pages start with “https” instead of “http.” They also have a small key or closed padlock on your screen’s status bar.
– Double click on the key or lock to check the site’s security certificate. If it says “unknown” or “self-issued,” this could be a phony website.
– Install an anti-phishing tool bar or web browser with anti-phishing features. They can detect illegal websites and security certificates.
– Adjust your computer settings to only accept cookies from reliable sites. Cookies are data that travel between servers and web browsers to track information about users.
– Use a security token if possible. Some discount brokers now offer these number-generating devices that change every 30 to 60 seconds and are used to log in along with your user name and password.
– Use extra caution with wireless networks; many have reduced security to ease access.
– Don’t respond to e-mails asking for personal information. Be careful downloading software from the Internet.
– www.sec.gov/investor/pubs/onlinebrokerage.htm, offers a thorough discussion of security threats.
It’s a U.S. site, but the information is useful for Canadians.