Saxo has a strong commitment to information security. To meet our high level of security standards as well as those of the legal bodies regulating our business sector, Saxo places a strong emphasis on securing the trading platforms that our clients use. Even with this diligent effort in place, you must be aware of what you can do to maintain and safeguard the security of your trading platform and personal data.
This article will outline some of the common methods used by fraudsters as well as provide some information on how to better secure your account.
Phishing: A type of cybersecurity attack which is carried out by sending a fraudulent message with the intention of stealing personal data.
Phishing is one of the most common ways that hackers gain access to people's sensitive information. Phishing is done by sending an email or text message posing as a legitimate institution, with the purpose of luring individuals into providing sensitive information such as banking and credit card details, or passwords. This information is then used to access accounts and can potentially be used to commit financial fraud or identity theft.
When receiving any kind of communication from Saxo, please note that Saxo Bank will never ask for passwords, PIN codes, or credit card details via email or any other media. Do not share your Saxo credentials with anyone. Remember: these are personal to you, and should not be shared with either trusted relations or strangers.
What can you do?
When in doubt, 4 simple questions will help you to detect suspicious emails, which need to be reported:
- Does the message create a sense of urgency?
- watch out for phrases such as “verify your credentials/account details immediately”, “submit your account details to…”, “you have won…”, “retrieve your prize by…” etc.
- don’t fall for scare tactics such as “…respond urgently, or your account will be closed/deleted”
- Does the email contain any suspicious links or attachments?
- Do NOT click on unknown or suspicious-looking links, open or download attachments.
- Fraudulent emails oftentimes contain poor grammar and spelling errors in their communication.
- Does the sender's email address look correct?
- Fraudsters planting a phishing attack oftentimes impersonate institutions you trust: always question the legitimacy of the sender.
- Phishing emails often include resembling logos, wording or email addresses (for example manipulated email addresses could look like: ...@saxobnk.com, …@sxobank.com etc.)
- The official list of email addresses and websites can be found here.
- Does the sender request you to provide or verify your personal information and credentials?
- Saxo Bank will never request you to provide any log-in credentials, personal information or ask you to transfer cash via email, phone or any other media.
Social engineering: The use of psychological deception to manipulate individuals to give up personal information for fraudulent purposes.
Social engineering is another method used by fraudsters to acquire information from victims. Social engineering uses psychological manipulation to make people make security mistakes or give up sensitive information. The fraudster will typically try to pressure you into action by creating a false sense of urgency in their communication, which helps them bypass your common sense.
One purpose of social engineering is to commit payment fraud, where fraudsters trick victims into transferring large amounts of money to accounts under their control. Since real-time payments are close to irrevocable, fraud victims cannot reverse payments, as soon as the transfer instruction has been sent. A defining feature of such attacks is that the criminals social-engineer and pose as institutions you may trust, for example, Saxo Bank, this way luring you into providing personal information and/or transferring funds.
Common examples of payment fraud include:
- A fraudster could contact you posing as a representative of the institution you trust, claiming that you have been a victim of fraud, and should send funds to another, “protected” account as soon as possible
- You could receive an invoice with a familiar logo and formatting, from an email account resembling the one of your school/bank/accountant requesting payment to an unknown account
- You could receive “personal” messages requesting immediate help via payment from criminals pretending to be your family members or friends
What can you do?
Much like with phishing, the best defence against social engineering is to be vigilant with any communications you have online. Never give out sensitive information such as your personal details or account credentials. Be careful when dealing with unknown and unverified callers requesting information. Exercise the highest level of discretion if you do receive calls of this nature. The more pressure the caller applies, the more suspicious you should be.
How scammers can gain access to your data
Fraudsters can ploy an attack via a multitude of channels – putting your identity at risk should any of your employed access points be less than fully protected.
Common ways of gaining access to your data:
- Security notifications
- Fraudsters commonly request specific log-in information such as username, password, personal contact details
- Avoid clicking any links and/or responding to the alert by providing your credentials or personal details
- Scam calls
- Scammers usually pretend to be a person from an institution you may trust - such as Saxo.
- Some of the tell-tale signs of scam calls:
- Indications of a problem with your account or profile
- Request for personal information in order to protect your account
- Request to move funds to a “protected” account
- The best way to beat a scam call is to hang up. If you want to make sure your account is protected, call the institution directly, using the phone number provided on their official website.
- If you are ever asked for this information from someone stating they represent Saxo Bank – contact us immediately here.
- Social Media
- Social media scams are becoming increasingly more prevalent as a larger share of our personal lives is shared online
- By examining your publicly available content and/or befriending you, fraudsters can retrieve vulnerable personal information and commit identity fraud
- This is why it is important to be diligent in ensuring your social media accounts are protected at all times: make sure each account has a unique set of credentials, log off the account once you are not using it, review account settings and the public you are sharing with on an ongoing basis
- Malware is a software specifically designed to infect user devices, attempting to steal personal information
- Hackers employ malware to scan through the information stored on your device and reuse it to access other platforms passing as you
- Make sure to always lock your devices and log off from platforms and websites when you are no longer using them
- Avoid clicking on suspicious links and downloading anything you are not familiar with – said actions may initiate the instalment of malware onto your device
- Another type of malware to be wary of is ransomware – this is where fraudsters manage to attack, lock and encrypt the files belonging to the victim, thereafter demanding ransom for their return.
For more information on how to secure your Saxo account, please read the following article.