THE BLOG
06/19/2014 04:41 pm ET Updated Aug 19, 2014

5 Tips to Keep Thieves Out of Your Bank and Brokerage Accounts

2014-06-18-806151_19258825.jpg

Today, data breaches at major retailers like Target have made cybercrime front page news. It is unsettling because nobody knows when or what will happen once the personal information of tens of millions falls into the wrong hands. With ubiquitous computing, you cannot let your guard down for even a moment, especially when hackers are increasingly targeting bank and brokerage accounts. According to the U.S. Treasury Department's Financial Crime Enforcement Network, illegal wire transfers are outpacing cases of identity theft. In fact, wire-fraud cases in the securities industry are up tenfold over the past decade.

Growing Cybercrime Sophistication

Cyber criminals have evolved beyond Nigerian scams or some variation of the Spanish Prisoner con. Today, online thieves are using sophisticated phishing e-mails, keystroke loggers, and remote access Trojans while going to great lengths to impersonate you, the client, to your advisers and financial institutions. The key vulnerability is your email account. Email hackers are no longer content gaining access to your account in order to send SPAM to your contact list. More than ever, perpetrators who gain access to a compromised account carefully search for email that contain investors' brokerage information and key contacts. In fact, hackers even seek out old letters of authorization, with scanned signatures, in an attempt to forge new wire transfer requests. Easily impersonating the owner of the compromised email account, thieves aim to mimic the tone and language of previous communications. Even the timing of attempts to access funds are carefully calculated. Few realize that email security is so critically important to the safekeeping of the balances in your bank and brokerage accounts. Read on, for an ounce of prevention.

5 Tips to Keep Thieves Out of Your Bank and Brokerage Accounts

  1. Use a strong password. Your Password is your primary line of defense, so make it count. Do not create passwords using your date of birth, family name, or a pet's name, and never use "123456" or "password." Actually, it is even more effective to use a "passphrase." For example, "IgfNDUoJ1st2002" derived from "I graduated from Notre Dame University on June 1, 2002." Even though it's a hassle, experts also advise changing your passwords at least every six months.

    Don't use the same password multiple times. According to some studies, more than half (55 percent) of adult internet users use the same password for most, if not all, websites. That's a big mistake.

  2. Never use your email as your username. Some say that using an email address means that you've cut the would be thief's work in half. Furthermore, when it comes to your brokerage or banking log in, there have been cases where a thief simply enters a victim's email address as the ID and then requests a new password to be sent to the compromised email account.
  3. Never click on a link in a questionable email or website. If in doubt, call your financial institution directly. You can also use your mouse to hover (don't click) over a link and the address will appear directly by the link or at the bottom left of your screen. Make sure that if an email appears to come from "ABC Bank" that the links don't point back to "idj29fad.com" -- a clear sign of trouble. Also note that most financial institutions will never ask you for any personal information other than your username and password when logging into their website.
  4. Be weary of public Wi-Fi (unsecured wireless hot spot.) Public Wi-Fi is fine for non-private activity; but if you send email or access bank accounts, you likely have no security and are vulnerable to thieves who can gain access to your email accounts.
  5. Use two-factor verification to secure your email. Here is a powerful security feature that is freely available to most of us, but not frequently used. Gmail, Yahoo!, Outlook.com and other email providers offer a second level of security by requiring a verification code from your mobile device in addition to a username and password at log in. Although this feature varies across providers, many allow you to set "trusted computer" settings so that you do not need to input the verification on your home computer every time that you log in. Whenever accessing your account from a new device, you will be prompted for the verifiction code. Two-factor verification can go far in preventing data breaches to your email and sensitive information.

The good news is that banks, brokerage firms, and credit card companies understand the seriousness of cybercrime and are increasingly adding steps to maintain the security of your account and personal information. By being careful and following the simple steps outlined here, you can make a significant improvement in keeping your information and money secure.

Helpful links:

This post originally appeared at the Runnymede Blog.

Has your email ever been hacked? What steps have you taken to protect your personal information and banking accounts?