With mobile apps like Robinhood and Acorns making it easier for people to invest in stocks through their phones, cybercriminals are finding the low hanging fruit quite easily.
Cybersecurity experts say the boom in online stock trading has created a parallel opportunity for hackers. Even the most diligent traders can fall victim to the increasingly sophisticated tactics of today’s digital thieves.
“Cyber hacking has now become the biggest threat to investors’ financial well-being,” said Andrew Stoltmann, a Chicago-based lawyer and former president of the Public Investors Advocate Bar Association. “Unfortunately, brokerage firms haven’t invested the money needed in order to keep cyber hacking of brokerage accounts from happening.”
How are cybercriminals pulling it off?
Gone are the days when a prince from some foreign land emails you asking for short-term financial help in exchange for half of his wealth. Instead, cybercriminals are turning to more realistic “phishing” emails. These emails are designed with information tailored to you but are easily accessible through public records. They are made to look like they are coming from real, established companies or from friends or family members. They are often laced with links or have some kind of call-to-action, encouraging you to share personal financial information.
Other tactics include fake WiFi networks, set up in public places, and given names that sound credible like that of a nearby business. If logged in to one of these WiFi networks, the thieves can begin to ransack your connected system.
So what can you do?
“Any of us could have our brokerage account hacked if we do not take precautions to protect ourselves,” said Mark McCreary, chair of the privacy and data security practice group at Fox Rothschild, a law firm based in Philadelphia.
Digital traders are encouraged to change their passwords frequently and avoid unfamiliar WiFi networks. They should be sure to have two-factor authentication enabled. This process requires a secondary code to sign in. The secondary code is often sent to a mobile phone or email to alert the trader just in case the account is being hacked remotely.
Most importantly, it helps to be paying more attention to the whirlwind of emails, texts, and other messages that flood our devices.
“Frankly, none of us are completely immune to an effective phishing email, simply because we may be distracted,” McCreary wrote in an email.
Can you get your money back?
McCreary advises investors who think their accounts are compromised to immediately notify their brokers. Brokers may be able to track down where funds were wired and reverse the transfer.
“The bottom line is that unlike a credit card with federal law protections, and unlike a bank account where lack of authorization will restore funds (e.g., a forged check), a brokerage account has no such legal protections,” McCreary said.
The Securities Investor Protection Corp., which functions for brokerage accounts in a way similar to the FDIC for U.S. bank accounts, does not cover situations in which money and securities are stolen due to a hack.
There is not much in the way of protection for international investors seeking compensation, either. Those in Europe may have the option to pursue in the General Data Protection Regulation, said Simon Shooter, a partner at law firm Bird & Bird in London who heads its cybersecurity group.
GDPR is a stringent regime governing how companies gather and use citizens’ information, giving consumers more control of their data. Investors could have a right to some compensation if a hacked firm did not comply with GDPR requirements when it comes to the security and safety of data.
While regulators may not be able to get you your money back, brokerage firms have a strong incentive to compensate consumers for losses.
“With most of these firms, the judgments are really reputational,” said Adam Fee, a former federal prosecutor in the Southern District of New York who is now a partner at Milbank, a law firm. “When something bad happens, they are asking, ‘Do we want a bunch of articles about how people are out money because we messed up and didn’t react?’”
After alerting their brokers, investors should also file a complaint with law enforcement. The most direct way to do that in the U.S. is with the FBI’s Internet Crime Complaint Center. This isn’t going to fix the problem right away though. And it might not ever get you your money back. According to Fee, this step simply helps formalize and document the complaint.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.