Don't Take Bait of Brokerage Phishing Scams

EVEN IN THE BEST of times it seems like everyone's trying to rip off investors. And by "everyone," I mean the honest financial-services industry with its high fees and hidden charges.

This, of course, is not the best of times. And that has brought out the grifters: online scammers trying to steal your identity, your account numbers and your life savings. While tumultuous markets, failing banks and troubled brokerages are an investor's nightmare, for online con artists they're a dream come true.

Websense, an online security company, has seen a dramatic increase in the number of spam attacks around economic and financial topics in the past six months, says spokesman Cas Purdy. One worrisome example came when the Securities Investor Protection Corp. warned investors that its good name is being used in an identity theft email scam. The phony email says the recipient is due funds from an "insurance investment claim," and includes a fake SIPC form that requires information that could be used to steal from an investor's accounts.

Phony emails "phishing" for confidential financial information are hardly new, but there's something especially malevolent about the SIPC scam. Similar in function to the FDIC's role in protecting your bank accounts, SIPC insures your securities and cash in the event your brokerage firm goes bust. A bogus email impersonating the SIPC, an investor's ultimate safety net? That gets the award for being cunning and cold.

Making matters worse, your brokerage account doesn't necessarily afford full protection if you fall for such a scheme. Sure, brokers all make a big deal about online security and fraud protection, but check the fine print for loopholes that let brokerages off the hook if you divulge information, such as login credentials, to a phisher.

The bottom line: It's up to you not to get taken.

First off, make sure you have antivirus, antispyware and firewall protection running on your PC, and keep all the programs up to date. Spam blockers and incoming email filters that quarantine suspicious or malicious attachments are your primary line of defense.

Second, you can't be too suspicious. Steve Harbeck, president of SIPC, says it doesn't contact customers via email. Use that as a rule, as in "No one is ever going to send you an email saying they owe you money."

That goes double if the only way to contact the sender is by email. As the Financial Industry Regulatory Authority points out, legitimate firms typically offer customers a number of ways to contact them. And please don't click on links embedded in suspicious emails. If it's a scam, the link will just direct you to a fake site, or worse, attempt a drive-by infection of malware.

Finally, familiarize yourself with these comprehensive guidelines from the Anti-Phishing Working Group, an association of more than 1,700 global companies and law enforcement agencies fighting online fraud and identity theft.

As economic uncertainty intensifies, financial phishers have ever more incentive to step up their attacks. Don't take the bait.

GOT A FINANCIAL GRIPE?
SEND AN EMAIL TO THE IRRITABLE INVESTOR AND WE'LL CHECK IT OUT.

Also see: