Saxo has a strong commitment to information security. To meet our high level of security standards as well as those of the legal bodies regulating our business sector, Saxo places a strong emphasis on securing the trading platforms that our clients use. Even with this diligent effort in place, you must be aware of what you can do to maintain and safeguard the security of your trading platform and personal data.
This article will outline some of the common methods used by fraudsters as well as provide some information on how to better secure your account.
- Common signs that suggest you may have encountered a scam include
- Investment scam
- Phishing
- Social Engineering
- How scammers can gain access to your data
- How to stay safe
Common signs that suggest you may have encountered a scam include:
- Sense of urgency - Scammers will try to pressure you into acting immediately, without giving you time to research or ask additional questions.
- Promise of a quick and unrealistic gain - If an investment seems too good to be true, it probably is. No investment can safely guarantee a high return in a short time.
- Communicate exclusively through social media - Scammers frequently use social media platforms to target their victims.
- Name just close enough to the genuine one - Scammers may use a company name similar to a genuine one to gain your trust.
- Suspicious links or attachments - Scammers may attempt to obtain your personal details by sending unexpected messages with urgent requests to follow a link.
- Grammar and spelling mistakes - Scammers often use poor language in their messages.
If in doubt, don’t act.
Investment scam
Is it a once-in-a-lifetime opportunity? An offer too good to be true? - These may be warning signs of an investment scam. An investment scam is a fraudulent scheme designed to entice individuals into investing money in bogus or exaggerated opportunities. Scammers might guarantee high returns without any risk or claim to possess insider information available only to a select few. Once they receive the funds, they disappear, leaving the victims with significant financial losses. |
What can you do?
Before investing, research online for reviews and potential complaints, and verify if the company is listed in the national regulator's public register.
Below are two popular techniques used by scammers:
Impersonation scam
Scammers may try to trick you by imitating Saxo, using similar logos and names. They might create lookalike websites, apps, or fake social media profiles of our employees to gain your trust.
Always check the website or app names for extra words or characters. Scammers might use names like "saxovault," "saxogroupex," or "saxibank" to appear legitimate.
Be cautious of contacts through social media or invitations to WhatsApp or Telegram groups with unverified investment advice. Saxo will never ask you to invest in a specific instrument or transfer funds to a new account.
What can you do?
Search online for the company or platform name, and check for different spellings in the results. Do not trust information solely from social media; always request contact through company’s official communication channels.
Pump-and-dump scheme
A pump and dump scheme is a securities fraud where scammers inflate a stock's price with false information, sell at the peak, then watch the price crash, causing losses for other investors.
This scheme is often carried out through social media, online forums, and email campaigns. Scammers may claim to have insider information promising high returns. Be cautious and thoroughly investigate messages from uncertain sources, like social media groups.
What can you do?
Avoid investment advice from unverified sources, especially on social media. Assess if the promised returns are realistic. Do not rush based on “confidential, insider information”.
Phishing
Phishing: A type of cybersecurity attack which is carried out by sending a fraudulent message with the intention of stealing personal data. |
Phishing is one of the most common ways that hackers gain access to people's sensitive information. Phishing is done by sending an email or text message posing as a legitimate institution, with the purpose of luring individuals into providing sensitive information such as banking and credit card details, or passwords. This information is then used to access accounts and can potentially be used to commit financial fraud or identity theft.
When receiving any kind of communication from Saxo, please note that Saxo will never ask for passwords, PIN codes, or credit card details via email or any other media. Do not share your Saxo credentials with anyone. Remember: these are personal to you, and should not be shared with either trusted relations or strangers.
What can you do?
When in doubt, 4 simple questions will help you to detect suspicious emails, which need to be reported:
-
Does the message create a sense of urgency?
- Watch out for phrases such as “verify your credentials/account details immediately”, “submit your account details to…”, “you have won…”, “retrieve your prize by…” etc.
- Don’t fall for scare tactics such as “…respond urgently, or your account will be closed/deleted”
-
Does the email contain any suspicious links or attachments?
- Do NOT click on unknown or suspicious-looking links, open or download attachments.
- Fraudulent emails oftentimes contain poor grammar and spelling errors in their communication.
-
Does the sender's email address look correct?
- Fraudsters planting a phishing attack oftentimes impersonate institutions you trust, always question the legitimacy of the sender.
- Phishing emails often include resembling logos, wording or email addresses (for example manipulated email addresses could look like: ...@saxobnk.com, …@sxobank.com etc.)
-
Does the sender request you to provide or verify your personal information and credentials?
- Saxo will never request you to provide any log-in credentials, personal information or ask you to transfer cash via email, phone or any other media.
Social engineering
Social engineering: The use of psychological deception to manipulate individuals to give up personal information for fraudulent purposes. |
Social engineering is another method used by fraudsters to acquire information from victims. Social engineering uses psychological manipulation to make people make security mistakes or give up sensitive information. The fraudster will typically try to pressure you into action by creating a false sense of urgency in their communication, which helps them bypass your common sense.
One purpose of social engineering is to commit payment fraud, where fraudsters trick victims into transferring large amounts of money to accounts under their control. Since real-time payments are close to irrevocable, fraud victims cannot reverse payments, as soon as the transfer instruction has been sent. A defining feature of such attacks is that the criminals social-engineer and pose as institutions you may trust, for example, Saxo Markets, this way luring you into providing personal information and/or transferring funds.
Common examples of payment fraud include:
- A fraudster could contact you posing as a representative of the institution you trust, claiming that you have been a victim of fraud, and should send funds to another, “protected” account as soon as possible
- You could receive an invoice with a familiar logo and formatting, from an email account resembling the one of your school/bank/accountant requesting payment to an unknown account
- You could receive “personal” messages requesting immediate help via payment from criminals pretending to be your family members or friends
What can you do?
Much like with phishing, the best defense against social engineering is to be vigilant with any communications you have online. Never give out sensitive information such as your personal details or account credentials. Be careful when dealing with unknown and unverified callers requesting information. Exercise the highest level of discretion if you do receive calls of this nature. The more pressure the caller applies, the more suspicious you should be.
How scammers can gain access to your data
Fraudsters can ploy an attack via a multitude of channels – putting your identity at risk should any of your employed access points be less than fully protected.
Common ways of gaining access to your data:
-
Security notifications
- Fraudsters commonly request specific log-in information such as username, password, personal contact details
- Avoid clicking any links and/or responding to the alert by providing your credentials or personal details
-
Scam calls
- Scammers usually pretend to be a person from an institution you may trust - such as Saxo.
- Some of the tell-tale signs of scam calls:
- Indications of a problem with your account or profile
- Request for personal information in order to protect your account
- Request to move funds to a “protected” account
- The best way to beat a scam call is to hang up. If you want to make sure your account is protected, call the institution directly, using the phone number provided on their official website.
- If you are ever asked for this information from someone stating they represent Saxo – contact us immediately here.
-
Social Media
- Social media scams are becoming increasingly more prevalent as a larger share of our personal lives is shared online
- By examining your publicly available content and/or befriending you, fraudsters can retrieve vulnerable personal information and commit identity fraud
- This is why it is important to be diligent in ensuring your social media accounts are protected at all times: make sure each account has a unique set of credentials, log off the account once you are not using it, review account settings and the public you are sharing with on an ongoing basis
-
Malware
- Malware is a software specifically designed to infect user devices, attempting to steal personal information
- Hackers employ malware to scan through the information stored on your device and reuse it to access other platforms passing as you
- Make sure to always lock your devices and log off from platforms and websites when you are no longer using them
- Avoid clicking on suspicious links and downloading anything you are not familiar with – said actions may initiate the instalment of malware onto your device
- Another type of malware to be wary of is ransomware – this is where fraudsters manage to attack, lock and encrypt the files belonging to the victim, thereafter demanding ransom for their return.
For more information on how to secure your Saxo account, please read this article.
How to stay safe
- Do not follow any advice or instructions from unverified sources.
- If in doubt, contact our Client Service to confirm you are speaking with a genuine Saxo representative.
- Take your time researching investment opportunities.
- Use a strong, unique password. Read about how to do so here.
- If you believe your email has been hacked, please read about how you can contact us.