Security of share dealing platforms

Hi,
Given the recent headlines about information being stolen from email providers (YAHOO I think), I am concerned that if my email account were hacked, fraudsters could then request new passwords for any of my accounts.
I take the obvious step of having a strong email password and changing it frequently but am concerned that this is a security weakness.
In the event that a sharedealing account were hacked and emptied, what protection would there be?
Are there any additional security measures that can be put in place to protect against this eventuality?
I hope someone can provide some information and, hopefully, put my mind at rest.
Regards
Swampthing

Comments

  • Pincher
    Pincher Posts: 6,552
    Combo Breaker First Post
    Forumite
    https://www.hsbc.co.uk/1/2/contact-and-support/security-centre/secure-key/demos#physical-secure-key

    With HSBC InvestDirect, you need one of these credit card sized code generators to log into Premier online, which then allow you to go into InvestDirect. I don't carry this thing around with me, so no mobile trading on the move.
  • greenglide
    greenglide Posts: 3,301
    First Anniversary Combo Breaker Hung up my suit!
    Forumite
    Don't use yahoo or any of the other free email providers?

    New, never, never use the same password on a platform as on any other site.

    Look into using a password safe to generate and store passwords.
  • jimjames
    jimjames Posts: 17,532
    Photogenic Name Dropper First Anniversary First Post
    Forumite
    edited 17 October 2016 at 7:37PM
    Often you can't change the email address or reset account without notice to home address or mobile.

    As well as losing your email to hackers you'd also need them to know which share accounts you use too and as 90% of the population probably don't have investments you'd need to be pretty unlucky. There are probably easier ways for them to hack it.
    Remember the saying: if it looks too good to be true it almost certainly is.
  • DrSyn
    DrSyn Posts: 888
    First Anniversary First Post
    Forumite
    1. The Email address for your financial dealings, should be different from the one you use for other things.

    2. Use a different password for every place you need one!

    3. Make sure the password is a strong one (at least 20 characters long, if not longer).

    4. Use a password manager if you cannot remember all your passwords.

    5. If your password is long and complicated enough, there are some who feel you do not need to change it frequently. This where a password manager helps.

    6. Think of using 2 factor authorisation for your Email accounts.

    7. Regularly scan the whole of your computer for malware (at least once a week).

    8. You could check your dealing platform account regularly to see if everything is ok.

    9. Read these, I hope they help:-

    http://monevator.com/investor-compensation-scheme/

    http://www.telegraph.co.uk/finance/personalfinance/investing/isas/11485311/Is-my-300000-safe-if-my-Isa-broker-goes-bust.html
  • Pincher
    Pincher Posts: 6,552
    Combo Breaker First Post
    Forumite
    Once upon a time, I had to fill out a Redemption form to redeem units, post it, and twiddle my thumbs for days.

    The safety of it all: Bliss.
  • Thanks for all the replies. All makes sense and pretty much covers what I'm doing already.

    One suggestion was not to use a free email provider. Is there any concensus of opinion as to which email providers are likely to be the most secure?
  • Chris75
    Chris75 Posts: 163
    First Post First Anniversary Combo Breaker
    Forumite
    edited 18 October 2016 at 11:40AM
    DrSyn wrote: »
    1. The Email address for your financial dealings, should be different from the one you use for other things.

    2. Use a different password for every place you need one!

    3. Make sure the password is a strong one (at least 20 characters long, if not longer).

    4. Use a password manager if you cannot remember all your passwords.

    5. If your password is long and complicated enough, there are some who feel you do not need to change it frequently. This where a password manager helps.

    6. Think of using 2 factor authorisation for your Email accounts.

    7. Regularly scan the whole of your computer for malware (at least once a week).

    8. You could check your dealing platform account regularly to see if everything is ok.

    9. Read these, I hope they help:-

    http://monevator.com/investor-compensation-scheme/

    http://www.telegraph.co.uk/finance/personalfinance/investing/isas/11485311/Is-my-300000-safe-if-my-Isa-broker-goes-bust.html


    If you want to go beyond DrSyn security you should not use the computer for financial matters that you use for anything else. When I say financial matters I am referring to dealing, correspondence with places where you hold money etc but I am not meaning research or general chat which should be done on your everyday computer.

    Encrypt your financial computer.

    Even the best malware/ virus protection does not find all the nasties.

    Keep paper copies of dealing notes, statements.

    Back up your finance computer regularly to an encrypted drive but not to the same back up device that you use for your other matters.

    Never ever ever ever connect to the internet via a public network, hotspot, on the train etc etc etc. Make sure that your home network uses at least WPA2 security and don't let you finance computer file share.

    Is it worth it? That depends on the size of your portfolio, how important it is to you and how paranoid you are.

    I am very uncertain about password managers as those that come with operating systems, for example, store your passwords unencrypted on your computer! If you use one, even encrypted, you have put all your faith in that one password. I am not sure that I like this idea much.

    I think Swampthing has a good question. I am not sure what constitutes a secure email or email provider either but I am sure that you should only ever log onto your financial email server with your dedicated financial computer.

    Finally I do not believe that there is such a thing as perfect internet security and what was secure yesterday may not be secure today. Keep up to date, updated and be aware.
  • Pincher
    Pincher Posts: 6,552
    Combo Breaker First Post
    Forumite
    This was from HSBC, dated 14th October 2016

    To: Mr. Brad Pitt

    Subject: Protect yourself from fraud

    Date: 14 Oct 2016
    Message:
    At HSBC we take your banking security seriously, and we're doing everything we can to keep your money and information safe. You can also help to protect yourself by knowing what to look out for and staying alert when it comes to potential fraud.

    Fraudsters frequently use tactics such as fake phone calls, texts and emails to obtain your information, perhaps claiming to represent HSBC, your utility companies, or even the police. To maintain your personal and financial security, be sure to be on your guard for:

    • Vishing: a telephone call from someone claiming to represent HSBC, intended to coerce you into sending your money to another account or handing over cash/cards.

    • Phishing: an email, which looks like it's from us, designed to trick you into providing personal and financial information.

    • Smishing (SMS phishing): a text message, which looks like it is from us, designed to trick you into providing personal and financial information by calling a number or clicking a link.


    Remember:

    • Be wary of unsolicited requests for your personal information, such as usernames, passwords or bank details.

    • If a phone call seems suspicious, don't be afraid to hang up and call us on a known number - use a different phone line where possible.

    • If an email looks suspicious, do not click on links or download documents.

    • If you have suspicions regarding a text message claiming to be from the bank, call us on a known number to check before acting on it.


    We'll never contact you to request your Online Banking details, Secure Key codes, PIN, or ask you to withdraw or transfer money. If you suspect an email or text is Phishing or Smishing, please forward it to: phishing@hsbc.com

    For further information on how we're constantly looking after you and your online security, please visit our Security Centre.


    Yours sincerely

    Martin W Brown
    Head of Digital Engagement


    "Head of Digital Engagement"
    So reassuring. :rotfl:
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.5K Banking & Borrowing
  • 249.9K Reduce Debt & Boost Income
  • 449.4K Spending & Discounts
  • 234.6K Work, Benefits & Business
  • 607.1K Mortgages, Homes & Bills
  • 172.8K Life & Family
  • 247.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards