Technology has transformed the way securities are traded, making the internet the new frontier. Anyone with a smartphone and an internet connection now has the ability to trade online. However, wherever opportunity goes, risk follows.
Whether you trade or invest from your smartphone or from your desktop computer, once you connect to the internet, a portal opens and you are exposed to very sophisticated threats. Most people don’t care about cyber security until they fall victim to scammers.
Knowing how scammers operate in advance is a cheaper alternative to dealing with the consequences of a scam. We’ll discuss six common security threats you’re likely to face when transacting online and how to deal with them.
1. Phishing attacks
Phishing attacks involve messages sent to you, which can be emails, text messages or even social media questionnaires, with the aim of tricking you into revealing sensitive information. Some phishing techniques require you to download an attachment or click on a link that redirects you to a landing page where you must enter your password or reveal sensitive data.
When you hover your cursor over the link the hacker wants you to click on, you will find that the address is different from what the link is about and this is a red flag. It’s called Phishing attack and it is a very common attack vector.
For example, you might receive an email from an address that looks like your broker’s email address. The email might say you’ve won a gift for being a loyal customer. It will then ask you to click on a link.
When you click on the link, you are taken to a landing page designed to look like your broker’s. You might then be asked to enter details such as your account number, PIN, card number, etc. Once you enter this information, the hacker harvests it on the other end and uses it to scam you.
2. Password theft
Password theft can happen when you use your trading device in public places, where people on the internet might peek and steal your password when you enter it. Writing down your passwords also exposes it to theft.
Since public places such as hotels usually have their own Wi-Fi to serve their customers, a scammer could spoof the Wi-Fi by creating a copycat Wi-Fi and giving it the same name as the existing Wi-Fi. ‘origin.
When you connect to the scammers Wi-Fi, they will be able to see sensitive information such as your passwords and steal them. Studies have also shown that many traders have actually used public Wi-Fi to access their trading accounts while on the go. This puts you at risk of being targeted by these hackers.
You should avoid public Wi-Fi, especially those that are free and not protected by passwords.
3. Trojan Attacks
Trojans are applications that pretend to be something they are not. They pose as legitimate applications but have different intentions. The main purpose of Trojans is to create a portal or open a backdoor through which hackers can send more viruses to your device.
For example, a Trojan might look like a calculator app, but in the real sense, it’s a keyboard logger or some kind of malicious app.
Trojan virus can also be delivered when you click on pop-ups warning you that a virus has been detected on your device and you need to scan the device.
When you notice that an app you rarely use is still consuming a lot of your data, be careful because you might be dealing with a Trojan horse. It probably consumes so much data because it works in the background to steal and send your information.
In 2014, Sony footage was hacked by hackers known as “peacekeepers”. These hackers released confidential information such as Sony employee salaries, employee email correspondence, unreleased Sony movies, and upcoming Sony movie projects.
As if that weren’t enough, hackers have deployed a special modified version of the “Shamoon wiper” virus to wipe and clean Sony Photos hard drives. This is how destructive pirate attacks can be.
Worms are malicious software that spread and multiply once they enter your device. They can grab your email address and send themselves to everyone on your contact list, or attach themselves as executable files to emails you send.
Worms can also change system settings, such as disabling notifications on your trading app. When this happens, you will not be alerted when withdrawals are made or when new accounts are linked to your trading application.
In 2008, a worm nicknamed “conficker” infected many Windows operating systems around the world and was able to connect all computers together in something called a “Botnet”. Conficker left the disaster behind with economic losses of more than 9 billion dollars. So think about what a worm could do to your trading device.
5. Social engineering
Social engineering involves tricking someone into disclosing sensitive information by using clues they have left on social media. Instead of running complex algorithms to steal passwords and hack firewalls, a scammer may choose to obtain your passwords and other data by performing social engineering on you.
It could do this either by impersonating you to obtain your data from a third party such as your supplier, or by impersonating a third party in order to trick you into revealing your sensitive data. Either way, he could get what he wants.
According to aggregated data from 119 complaints against brokers received by Forex Brokers South Africa revealed that more than 45% of forex scams that occurred in 2021 were related to social media. Most information you post on social media can be used to authenticate you.
For example, when you forget your password, you are asked password recovery questions to authenticate yourself. Some of the password recovery question answers can be obtained from your social media pages.
For example, your birthday can be obtained from Facebook, your spouse’s name can also be obtained from Facebook, your workplace can be obtained from LinkedIn, etc.
For example, you post a photo of yourself shopping for furniture on Instagram, and the geotagging indicates that you are at a splendid furniture company. A social engineer could retrieve your home address by doing the following:
- Get your name and photo on Facebook
- Spoof caller ID to show your name and photo
- Get a video of yourself talking on Facebook and use voice converter software to imitate your voice
- Google the Splendid Furniture Company Phone Number and Call Them
- Ask the company to reconfirm your shipping address to make sure it is correct
Enabling geolocation can be dangerous, especially when going to places where you use your credit card; like supermarkets. When you enable geolocation, the scammer knows which businesses you frequent and also knows which businesses he can call to impersonate you.
6. Fake live chat
In an effort to provide quality customer service, brokers provide live chat so you can chat with a robot that will help you solve your problems. Today, hackers are now deploying fake live chats, with the aim of tricking you into revealing sensitive information that will be used against you.
Security Risk Mitigation Tips
- Enable two-factor authentication (2FA) if your broker offers it.
- Use strong passwords
- Don’t use the same password on different apps
- Avoid public Wi-Fi
- Check the amount of data consumed by each application installed on your phone and delete any unused application that continues to consume a lot of data
- Enable biometrics such as fingerprint scanner etc., if your trading app supports it
- Enable notifications across multiple channels like SMS and email
- Make sure no one is watching when you enter your password in public places
- Install a trusted antivirus program on your device and update it regularly
- Delete any app on your phone that you don’t have installed
- Make sure a website is secure and encrypted with https before using it
- Limit the amount of information the public can see on your social media pages
- Disable geolocation on your social media accounts
- Keep social media account settings private
To remain vigilant
Online security should be taken seriously, as scammers seek to take advantage of any weakness. These aren’t all security threats, but they are the most common and can be avoided with the right security plan in place.