TDA’s chief technology officer Lou Steinberg expanded on the precautions you can take. He said that clicking on links in suspicious emails will take you to a site which looks exactly like your bank’s (or TD Ameritrade’s), so you can’t rely on the eye test. But it’s a simple matter to log back in independently and validate the email.
You already know to avoid logging into public WiFi; Steinberg said that today it’s easy for a hacker next door to set up a mirroring WiFi system with the same name as the Starbucks connection you intended to use. Once you type in a password while on the mirroring system, the guy next door has access to whatever you logged into. Better to access everything through an online virtual private network (VPN), which will encrypt your communications. Steinberg also said that 3G and 4G connections are encrypted and relatively safe, so if you’re at Starbucks and want to check financial data, flip to a cellular connection. (Unfamiliar with VPNs? Here’s a link to a pretty good explanation:http://www.theguardian.com/technology/askjack/2012/may/17/vpn-internet-privacy-security)
When you buy a router, you want to change the default password immediately, and Steinberg warned against buying a router off of eBay. “There was a situation not long ago where criminals bought hundreds of Linksys routers and reconfigured them to capture everything that goes through them,” he said. “They sold them on eBay for $20, when the street value is $200.”
Also: USB sticks can carry malware, which can tell your computer that they’re a keyboard device, and then log into your computer and type in commands to send your client data to China.
Steinberg recommended that everybody use a password manager, which makes it easier to remember complicated passwords. Why? The newest hacking tool is the “dictionary attack,” which will try any word in the dictionary. The password manager also makes it easier for you to use unique logins for your different systems, so if a hacker manages to get one password, your other logins aren’t compromised.
Even something as simple and seemingly harmless as phone apps can be treacherous. “You have to ask yourself, how does a company make money creating free apps?” Steinberg said. “Some of them are selling whatever data they collect from your phone. Many of them ask you for personal information before you can log in. Why do they need to know your email address for you to run an app on your phone?”
Steinberg said that the most common attack TD Ameritrade deals with comes when an advisor gets a very plausible-looking email from a client, asking that you execute a money transfer, with the client adding: “I’m not reachable by phone.” “Make the phone call,” Steinberg advised the group. “That catches 90% of the efforts.”
Finally, Steinberg recommended that the advisors in the room, and their clients, lock their credit file. “That way, if somebody wants to create an account in your name, they would need to have a PIN,” he said. “It can be a hassle when you want to open up a new account,” he added. “But realistically, how often do we want to open up new accounts?”
Thank you to Bob Veres for allowing me to reprint information from his e-column