Better protect yourself by understanding the threat
Identity theft-using a person's personal or financial data to commit fraud-is one of the most rapidly growing global crimes. The targets of this crime are your personal information, your financial information, and access to your online accounts.
The personal information often targeted includes:
- Name, address, and date of birth
- National ID number
The financial information often sought is:
- UserIDs and passwords
- Account numbers
- Credit card numbers
- ATM / Debit cards
Phishing-sometimes also referred to as pharming-opens the door to identity theft and computer security breaches.
Please note: We will never ask you for your account number, UserID, PIN, password or any other personal information in an email. (In rare cases, however, we might need to ask you for the last four digits of your account number for identification purposes.)
How to spot phishing
Personal Information Request
This is the ultimate objective of phishers. An email, pop-up window, or fake website will ask you for your user name or ID, your passwords, or other sensitive information. Please scrutinize any request for information that you receive and if you are at all unsure if it came from us, contact us to find out.
Often, the address of the website to which you are misdirected will show telltale signs that it is an impostor. If you are asked to provide personal information on any site, check the address and make sure it starts with https:// instead of http://. (The "s" indicates that the site is secure.) Also, check for an "@" anywhere in the website address; if you see one, it likely means you are being redirected to a site other than the one you wanted to visit. Make sure the address has a .com when it's supposed to. Many sites will have an address similar to the one you intend to visit, except the .com might be replaced by .net. Unfortunately, seeing https://, the padlock, and the digital certificate is not always a guarantee that you're at a secure site and not a fake one. If you sense something is suspicious even when you see these security indicators, please contact a TD Ameritrade Client Services representative right away.
Instead of addressing you by name, phishing email often start with, "Welcome Card Member" or another generic greeting, with no information specific to you. There are some cases where TD Ameritrade may send an email with a generic greeting; however, if this happens, we will also include some identifying information such as the last 4 digits of your account number.
One way phishers prompt you to respond is by threatening you about your account, for example, by claiming it will be closed or suspended. This sense of urgency is intended to prompt people to act fast without thinking.
Phishers might say that the company has lost your information and needs you to re-enter it.
If an email message includes a link to the company website, increase your safety by typing the address in a new browser window instead of clicking the link.
Online investors should be aware of stock spam, part of a common Internet fraud involving a "pump and dump" scheme. In other words, a company might be promoted and recommended as the latest hot stock in chat rooms, supposedly unbiased newsletters, or even in its own press releases. Unwitting investors purchase the stock, creating high demand and inflating its price. Then those who are behind the scheme sell their shares at the peak, stop the hype, and the stock price plummets-causing regular investors to lose money.
To protect yourself, always do your research before you invest:
Consider the source. Be skeptical. People touting a stock may well be individuals who stand to profit.
Verify information. Making grand claims is easy for a company to do. Before you invest, be sure to independently verify those claims. When you see an offer in an email or on the Internet, assume it’s a scam unless your own research proves it’s legitimate.
Know where the stock trades. Many of the smallest and most thinly traded stocks trade in the over-the-counter market (OTC Bulletin Board or Pink Sheets). This is because they don’t meet the listing requirements of NASDAQ or NYSE. They’re the most susceptible to manipulation, and therefore the most likely to be the focus of a spam scam.
How to spot spyware
Spyware can be used relatively harmlessly by advertisers who track your Internet usage and then use that data to target specific ads to you. Or, more dangerously, it can be used by hackers who might monitor your chat sessions, capture keystrokes to figure out the personal information you enter (password or account number), or change your Web browser settings.
Recognizable symptoms of spyware Include:
- Your computer is bombarded with pop-up advertisements or warnings when you're online
- Your browser settings have changed (not by you)
- You have a new browser toolbar that you did not install
- Your computer seems sluggish
- Your computer crashes frequently
Spyware is spread in any of the following ways:
- You can download spyware unintentionally through email attachments or malicious websites
- Spyware can be part of a software bundle, usually with freeware or shareware
- Other users can infect your computer without realizing it
- Computer viruses, worms, and Trojans can carry spyware with them and install it on your hard drive
Viruses, Worms, and Trojans
Viruses, worms, and Trojan horses (often referred to as just Trojans) are programs that can become embedded on your hard drive. They can allow remote access to your computer, send spam, be used to spy on you, log your keystrokes, aid phishers, erase data, and even wipe out your hard drive.
A virus is computer code that infects your computer when you take a certain action, such as double clicking on an email attachment. A virus typically embeds in your existing software and uses it to reproduce and spread.
Unlike viruses, worms are stand-alone programs. They do not embed themselves into another piece of software, but spread by duplicating themselves without any intervention from you.
A Trojan is a stand-alone program that spreads by masquerading as a harmless file or program and tricking the user into installing it on his or her machine. Many Trojans arrive under the guise of a picture, screensaver, or email attachment. Once a user opens the file, the Trojan installs itself on the computer and may take over the computer's email program or use its own email program for malicious purposes.