Scams that use spam e-mails, fake websites and other online trickery to con investors into disclosing personal information such as bank or investment account information, PINs, passwords and social security numbers are on the rise, according to computer security experts cited by FINRA.
According to the securities regulator, many fraudsters employ phishing scams via e-mails falsely claiming to have been sent by brokerage firms, banks, credit card websites or other financial institutions.
These e-mails, according to FINRA, attempt to appear genuine by using the names of real people, displaying a fake e-mail address that suggests a false source (e.g., "@wellsfargo.com" when the sender is not affiliated with that website), professional logos, graphics, links to official websites and convincing "fine print."
For instance, the SEC warned investors after observing a series of scams in which con artists pretended to be SEC staffers and IRS taxpayer advocates in order to lure victims into revealing personal information or downloading malicious software meant to hijack the user's computer.
To avoid falling for these scams, users should note the e-mail address—not simply the display name—of its sender. For instance, legitimate financial institutions will not send an e-mail from a Gmail, Yahoo! or similar freely accessible account.
Users should also bear in mind the general rule that unsolicited e-mails are most often commercial in nature, if not entirely illegitimate, and generally do not require a response.
For instance, most legitimate e-mails are addressed directly to the consumer, by name, as opposed to "Dear Online Customer" or something likewise generic.
FINRA furthermore recommends the following seven steps to protect against online identity theft:
1. Don't reply or click on a link contained within an unsolicited e-mail that requests personal information. Instead, call the phone number listed on a legitimate company website or on your account statement to verify the authenticity of the request.
2. Leave suspicious websites if you doubt their legitimacy.
3. Keep your personal and financial information secure online by updating computer security, using anti-virus and spyware detection programs, firewalls and other IT security features.
4. Research who you are doing business with by, for instance, using FINRA BrokerCheck or a similar database.
5. Check your credit report with Equifax, Experian or Trans Union periodically to monitor your credit health.
6. Review account statements regularly, ensuring that all transactions and financial changes can be legitimately explained.
7. If you have been scammed, act quickly to (1) curb the damaging behavior and (2) recover losses.
If you have been a victim of online identity or data theft, such as a phishing scam, and this fraudulent activity has proven harmful to your investments or interests, please call The Law Offices of Jonathan W. Evans & Associates at (800) 699-1881 for investigation and consultation.
Investor Alert: "Phishing" and Other Online Identity Theft Scams: Don't Take the Bait