skip to content
Primary navigation

Keep your personal information safe and ask questions about cybersecurity

As an investor, you can help ensure your personal financial information is secure when using online investment accounts and ask questions and get information from financial professionals about their cybersecurity practices. Commerce offers investors the following best practices with online accounts:

  • Protect your online accounts: Create a strong password and use different passwords for different accounts. If one password were compromised, all of your accounts using that password would be vulnerable too. Remember to change your password every few months. 
  • Access your accounts safely: Make sure your anti-virus, firewall and other security software are up-to-date. Avoid using public wireless networks that don’t require a password. Check for the padlock icon in the corner of the browser that signals the website you are using is encrypted and be sure to log out of your account when you are finished.
  • Monitor for suspicious activity: Make sure your anti-virus, firewall and other security software are up-to-date. Avoid using public wireless networks that don’t require a password. Check for the padlock icon in the corner of the browser that signals the website you are using is encrypted and be sure to log out of your account when you are finished.
  • Update software regularly. Run software updates on your home and business computers.

You should also hold your investment and financial professionals accountable for cybersecurity. Think about the safety of your personal financial information, and talk with your investment professionals about what steps firms are taking to safeguard client information.

Ask questions about cyber-security. Before you make an investment, be sure the firm or individual selling you the product has a satisfactory plan in place to protect your private financial information from cybersecurity threats. The Commerce Department suggests using the following questions to assess the strength of a firm’s or individual’s cybersecurity.

  • Cyber preparedness: Has the firm addressed which cybersecurity threats and vulnerabilities may impact its business?
  • Cybersecurity compliance program: Does the firm have written policies, procedures, or training programs in place regarding safeguarding client information?
  • Cyber insurance: Does the firm maintain insurance coverage for cybersecurity?
  • Cyber expertise: Has the firm engaged an outside consultant to provide cybersecurity services for your firm?
  • Cyber confidentiality: Does the firm have confidentiality agreements with any third-party service providers with access to the firm’s information technology systems?Cyber incident: Has the firm ever experienced a cybersecurity incident where, directly or indirectly, theft, loss, unauthorized exposure, use of, or access to customer information occurred? If so, has the firm taken steps to close any gaps in its cybersecurity infrastructure?
  • Cybersecurity safeguards: Does the firm use safeguards such as encryption, antivirus and anti-malware programs? Does the firm contact clients via email or other electronic messaging, and if so, does the firm use secure email or any procedures to authenticate client instructions received via email or electronic messaging, to work against the possibility of a client being impersonated? 


Online Fraud

Online scam artists, often operating from overseas, use a variety of fraudulent schemes to trick people into sending money, often through wire transfers, or providing sensitive personal information that ends up being used to commit identity theft.

Here are some tips to help you stay safe online and avoid internet scams:

Never send money or personal information to someone you don’t know. Beware of unsolicited emails from strangers or online merchants you’ve never heard of. It is best to do business with companies you know and trust. If you buy items through an online auction, consider a payment option that provides protection, such as a credit card. Don’t send cash or a wire transfer, and don’t pay upfront fees for the promise of a big pay‐off – whether it’s an investment or prize money.

Just delete it. Don’t click on a link or open an attachment in an email unless you are absolutely certain who the sender is and the link or attachment is safe. Malicious links and attachments can secretly download software to steal information from your computer or direct you to fraudulent websites. To be better safe than sorry, call the sender and confirm that they actually sent you the email with the link or attachment.

If something sounds too good to be true, it probably is. If someone contacts you promoting low‐risk, high‐return investment opportunities, stay away. You know you are being pitched a scam if the person offers guaranteed big profits, promises little or no financial risk, insists that you act now or demands that you send cash immediately.  

Don’t play the foreign lottery. You cannot legally play a foreign lottery in the United States, so these pitches are always scams. And don’t be tempted by a message that claims you’ve already won. Inevitably, you will be told you must pay advance taxes or fees before you can receive your winnings. If you send money, you won’t get it back – and you won’t get any lottery prize, either.

Don’t send money to show your love in an online romance.  A romance scammer works to build trust and give you a false sense the relationship must be real. The scammer may communicate with you for weeks or months before making the “ask” – send money. The excuse might be a medical emergency; a family member in trouble; an investment opportunity; financial straits due to a robbery, fire or other tragedy; or travel expenses to meet you. Except you will never see them – or your money. Beware of an online romance prospect who claims to be from the U.S. but is traveling or working overseas, or someone who pressures you to leave the dating website and instead communicate via personal email or instant messaging.

Don’t help the rich “Nigerian” with money problems. A common online scam is the message from someone who claims to be a foreign (often Nigerian) official, business owner or even royalty. They tell a sad story about how their riches are tied up temporarily, but you can help. They can get access to their millions – and they will share it with you or your favorite charity – if you will first pay the taxes or fees that are due. If you send your money to them, you can be sure you will never see theirs.  Or, if you share your bank account information with them, you may discover that they drained all your funds. 

Check with a trusted friend or family member. If you are contacted by someone online who wants you to send money or provide personal information, get a second opinion and a reality check from someone you trust. If you think you’ve already been defrauded, don’t be embarrassed to ask for help. To protect others from being victims, report it to local law enforcement or the FBI’s Internet Crime Complaint Center (www.ic3.gov).

back to top