3 min read
December 3, 2020 at 1:00 PM
The COVID-19 pandemic has had a significant effect on all of us, with many individuals now working from home, furloughed, or losing their jobs permanently. This had led to a sharp increase in personal stock trading. Some are doing it to supplement their income, while others are hoping it can replace income they are no longer receiving. Trading activity increased dramatically in the first quarter of 2020, according to data analyzed by Cerulli Associates. TD Ameritrade has reported that visits to their website giving instructions on trading stocks have nearly quadrupled since January, while trading apps like Robinhood, have also seen surges in traffic on their platforms. The online broker industry has made aggressive moves over the past decade to minimize or eliminate trading fees and balance requirements and make trading as simple and understandable as possible. Had this pandemic occurred ten years ago, it would be highly unlikely that anywhere near this amount of people would turn to trading as a hobby, side gig, or career path. But today, accounts can be created in minutes and trades can be initiated from apps on your smartphone in seconds with little or no experience.
This rapid increase in online traders brought with it an increase in opportunities for hackers. How secure are trader’s home networks? Are their computers and phones patched? Are they capable of identifying a sophisticated phishing email? Phishing emails are becoming more targeted and personal, and some attackers are going as far as using personal information gathered from publicly visible social media accounts when crafting these emails. Attackers are crafting more and more convincing emails impersonating the online brokers to trick traders into typing in login information on a fraudulent webpage. The results can be catastrophic, with unsuspecting investors unknowingly handing over their credentials and watching their accounts get drained. In one instance, an attacker went as far as to create a fake driver’s license of a Robinhood user to take over the user’s account.
End users are not the only ones being targeted by these attacks. This past May, the Financial Industry Regulatory Authority (FINRA) warned broker-dealers of a phishing email campaign posing as FINRA and utilizing the domain “broker-finra.org”. The emails sought to build trust with the broker-dealer representative and persuade them to open an attached PDF file that directed them to a website which prompted them to enter their Microsoft Office or SharePoint password.
These are the same Open Source Intelligence (OSINT) gathering tactics utilized by Compass IT Compliance social engineering experts when carrying out phishing and social engineering assessments. Our team scours the internet for information about a company and its employees, so when we craft a simulated phishing email or vishing phone call script, we sound extremely credible and believable to employees.
Another tactic attackers can leverage to compromise personal trading accounts involves setting up rouge wireless access points (Wi-Fi) in public spaces and giving the network a misleading name to fool users into joining. Once a user is on the fraudulent network, attackers can inspect all the traffic that is going through their access point, capturing user IDs, passwords, PINs, and even security questions. For example, a stock trader might be hanging out at an airport waiting for a flight, and in an effort to conserve mobile data usage, decide that they will join the free airport Wi-Fi from their phone. When looking at the available Wi-Fi networks, they find five different networks claiming to be the official airport network. They assume that there are five networks because of how big the airport is and decide to join one at random. Unfortunately, the network they chose was a fraudulent network spun up by a nearby attacker. When the user signs into their broker app, those login details are then captured by the attacker.
Compass IT Compliance security experts are also highly experienced in carrying out simulations of these attacks. Our team will set up rogue access points at the client’s locations, de-authorizing the company network to attempt replacing it with a fraudulent network. These assessments are critical in testing how robust an organization’s wireless access points are in preventing this.
So, what can the average stock trader do to protect their account? Traders should change their passphrase frequently and refrain from reusing previous passphrases or passphrases being used for other applications. Passphrases should be complex and follow best practices. Traders should also avoid using unfamiliar Wi-Fi networks. Refrain from using obvious answers to account recovery security questions. "What town did you grow up in" is an easy question for an attacker who has located your Facebook page! Scrutinize every email that you receive claiming to be from your broker, check the sender email address carefully, and hover over links to ensure they are taking you to the correct sites. And above all, enable multi-factor authentication (MFA) on your account. You would be hard-pressed to find an online broker that does not offer this ability. Doing so will likely prevent an attacker who has compromised your credentials from accessing your account, serving as the last line of defense. Stock traders have enough profit and loss concerns to worry about throughout the day; hopefully security-conscious traders can keep attackers at the back of their minds!
These Related Stories
No Comments Yet
Let us know what you think