Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • Swampthing
    • By Swampthing 17th Oct 16, 2:51 PM
    • 2Posts
    • 0Thanks
    Swampthing
    Security of share dealing platforms
    • #1
    • 17th Oct 16, 2:51 PM
    Security of share dealing platforms 17th Oct 16 at 2:51 PM
    Hi,
    Given the recent headlines about information being stolen from email providers (YAHOO I think), I am concerned that if my email account were hacked, fraudsters could then request new passwords for any of my accounts.
    I take the obvious step of having a strong email password and changing it frequently but am concerned that this is a security weakness.
    In the event that a sharedealing account were hacked and emptied, what protection would there be?
    Are there any additional security measures that can be put in place to protect against this eventuality?
    I hope someone can provide some information and, hopefully, put my mind at rest.
    Regards
    Swampthing
Page 1
    • Pincher
    • By Pincher 17th Oct 16, 6:14 PM
    • 5,839 Posts
    • 2,132 Thanks
    Pincher
    • #2
    • 17th Oct 16, 6:14 PM
    • #2
    • 17th Oct 16, 6:14 PM
    https://www.hsbc.co.uk/1/2/contact-and-support/security-centre/secure-key/demos#physical-secure-key

    With HSBC InvestDirect, you need one of these credit card sized code generators to log into Premier online, which then allow you to go into InvestDirect. I don't carry this thing around with me, so no mobile trading on the move.
    What happens if you push this button?
    • greenglide
    • By greenglide 17th Oct 16, 7:49 PM
    • 2,357 Posts
    • 1,456 Thanks
    greenglide
    • #3
    • 17th Oct 16, 7:49 PM
    • #3
    • 17th Oct 16, 7:49 PM
    Don't use yahoo or any of the other free email providers?

    New, never, never use the same password on a platform as on any other site.

    Look into using a password safe to generate and store passwords.
    • jimjames
    • By jimjames 17th Oct 16, 8:32 PM
    • 10,833 Posts
    • 8,898 Thanks
    jimjames
    • #4
    • 17th Oct 16, 8:32 PM
    • #4
    • 17th Oct 16, 8:32 PM
    Often you can't change the email address or reset account without notice to home address or mobile.

    As well as losing your email to hackers you'd also need them to know which share accounts you use too and as 90% of the population probably don't have investments you'd need to be pretty unlucky. There are probably easier ways for them to hack it.
    Last edited by jimjames; 17-10-2016 at 8:37 PM.
    Remember the saying: if it looks too good to be true it almost certainly is.
    • DrSyn
    • By DrSyn 17th Oct 16, 10:41 PM
    • 423 Posts
    • 192 Thanks
    DrSyn
    • #5
    • 17th Oct 16, 10:41 PM
    • #5
    • 17th Oct 16, 10:41 PM
    1. The Email address for your financial dealings, should be different from the one you use for other things.

    2. Use a different password for every place you need one!

    3. Make sure the password is a strong one (at least 20 characters long, if not longer).

    4. Use a password manager if you cannot remember all your passwords.

    5. If your password is long and complicated enough, there are some who feel you do not need to change it frequently. This where a password manager helps.

    6. Think of using 2 factor authorisation for your Email accounts.

    7. Regularly scan the whole of your computer for malware (at least once a week).

    8. You could check your dealing platform account regularly to see if everything is ok.

    9. Read these, I hope they help:-

    http://monevator.com/investor-compensation-scheme/

    http://www.telegraph.co.uk/finance/personalfinance/investing/isas/11485311/Is-my-300000-safe-if-my-Isa-broker-goes-bust.html
    • Pincher
    • By Pincher 17th Oct 16, 10:48 PM
    • 5,839 Posts
    • 2,132 Thanks
    Pincher
    • #6
    • 17th Oct 16, 10:48 PM
    • #6
    • 17th Oct 16, 10:48 PM
    Once upon a time, I had to fill out a Redemption form to redeem units, post it, and twiddle my thumbs for days.

    The safety of it all: Bliss.
    What happens if you push this button?
    • Swampthing
    • By Swampthing 18th Oct 16, 7:28 AM
    • 2 Posts
    • 0 Thanks
    Swampthing
    • #7
    • 18th Oct 16, 7:28 AM
    • #7
    • 18th Oct 16, 7:28 AM
    Thanks for all the replies. All makes sense and pretty much covers what I'm doing already.

    One suggestion was not to use a free email provider. Is there any concensus of opinion as to which email providers are likely to be the most secure?
    • Chris75
    • By Chris75 18th Oct 16, 8:53 AM
    • 115 Posts
    • 45 Thanks
    Chris75
    • #8
    • 18th Oct 16, 8:53 AM
    • #8
    • 18th Oct 16, 8:53 AM
    1. The Email address for your financial dealings, should be different from the one you use for other things.

    2. Use a different password for every place you need one!

    3. Make sure the password is a strong one (at least 20 characters long, if not longer).

    4. Use a password manager if you cannot remember all your passwords.

    5. If your password is long and complicated enough, there are some who feel you do not need to change it frequently. This where a password manager helps.

    6. Think of using 2 factor authorisation for your Email accounts.

    7. Regularly scan the whole of your computer for malware (at least once a week).

    8. You could check your dealing platform account regularly to see if everything is ok.

    9. Read these, I hope they help:-

    http://monevator.com/investor-compensation-scheme/

    http://www.telegraph.co.uk/finance/personalfinance/investing/isas/11485311/Is-my-300000-safe-if-my-Isa-broker-goes-bust.html
    Originally posted by DrSyn

    If you want to go beyond DrSyn security you should not use the computer for financial matters that you use for anything else. When I say financial matters I am referring to dealing, correspondence with places where you hold money etc but I am not meaning research or general chat which should be done on your everyday computer.

    Encrypt your financial computer.

    Even the best malware/ virus protection does not find all the nasties.

    Keep paper copies of dealing notes, statements.

    Back up your finance computer regularly to an encrypted drive but not to the same back up device that you use for your other matters.

    Never ever ever ever connect to the internet via a public network, hotspot, on the train etc etc etc. Make sure that your home network uses at least WPA2 security and don't let you finance computer file share.

    Is it worth it? That depends on the size of your portfolio, how important it is to you and how paranoid you are.

    I am very uncertain about password managers as those that come with operating systems, for example, store your passwords unencrypted on your computer! If you use one, even encrypted, you have put all your faith in that one password. I am not sure that I like this idea much.

    I think Swampthing has a good question. I am not sure what constitutes a secure email or email provider either but I am sure that you should only ever log onto your financial email server with your dedicated financial computer.

    Finally I do not believe that there is such a thing as perfect internet security and what was secure yesterday may not be secure today. Keep up to date, updated and be aware.
    Last edited by Chris75; 18-10-2016 at 12:40 PM.
    • Pincher
    • By Pincher 18th Oct 16, 6:23 PM
    • 5,839 Posts
    • 2,132 Thanks
    Pincher
    • #9
    • 18th Oct 16, 6:23 PM
    • #9
    • 18th Oct 16, 6:23 PM
    This was from HSBC, dated 14th October 2016

    To: Mr. Brad Pitt

    Subject: Protect yourself from fraud

    Date: 14 Oct 2016
    Message:
    At HSBC we take your banking security seriously, and we're doing everything we can to keep your money and information safe. You can also help to protect yourself by knowing what to look out for and staying alert when it comes to potential fraud.

    Fraudsters frequently use tactics such as fake phone calls, texts and emails to obtain your information, perhaps claiming to represent HSBC, your utility companies, or even the police. To maintain your personal and financial security, be sure to be on your guard for:

    • Vishing: a telephone call from someone claiming to represent HSBC, intended to coerce you into sending your money to another account or handing over cash/cards.

    • Phishing: an email, which looks like it's from us, designed to trick you into providing personal and financial information.

    • Smishing (SMS phishing): a text message, which looks like it is from us, designed to trick you into providing personal and financial information by calling a number or clicking a link.


    Remember:

    • Be wary of unsolicited requests for your personal information, such as usernames, passwords or bank details.

    • If a phone call seems suspicious, don't be afraid to hang up and call us on a known number - use a different phone line where possible.

    • If an email looks suspicious, do not click on links or download documents.

    • If you have suspicions regarding a text message claiming to be from the bank, call us on a known number to check before acting on it.


    We'll never contact you to request your Online Banking details, Secure Key codes, PIN, or ask you to withdraw or transfer money. If you suspect an email or text is Phishing or Smishing, please forward it to: phishing@hsbc.com

    For further information on how we're constantly looking after you and your online security, please visit our Security Centre.


    Yours sincerely

    Martin W Brown
    Head of Digital Engagement


    "Head of Digital Engagement"
    So reassuring.
    What happens if you push this button?
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

4,627Posts Today

7,223Users online

Martin's Twitter
  • It's not fair or accurate to assign all leave voters (nor remainers) one voice. The vote may have been binary but t? https://t.co/QMqKrfY1jv

  • That's cos the UK voted for Brexit. The choice now unless something radical happens is what type. (Plus twitter o? https://t.co/SLmh2jL4bU

  • Todays twitter poll: The lib dem leader says more people now want soft brexit (ie still in single market etc) than hard - what do you want?

  • Follow Martin