E*TRADE recently sent us a text-based email that had the following message:

Dear (NAME REDACTED), Account Number Ending In: REDACTED

Identity theft is a serious issue, no matter how it originates. The vast majority of online fraud is a result of a compromised personal computer - when a consumer knowingly or unknowingly discloses identifying information like their user name and password.

By exercising caution and following some basic guidelines, you can reduce your chances of falling victim to online identity theft.

1. Be suspicious of ANY email that asks for sensitive personal
information, even if the sender seems to be familiar.

2. Never open attachments or click links in spam or
unsolicited emails.

3. Avoid filling out forms contained in an email message or pop-
ups, even if they appear to be from a legitimate company with
whom you do business.

4. Run the latest version of a proven anti-virus software program
on your computer.

5. If you have logged on to a Web site, log off when you are
finished and close your browser completely.

At E*TRADE FINANCIAL we protect every asset and transaction you make with our Complete Protection Guarantee, providing complete fraud coverage, payment and privacy protection. In addition, we've introduced the Digital Security ID(1) to help our customers protect their identities by making unauthorized account log on virtually impossible.

Rest assured, E*TRADE deploys advanced protection solutions to ensure our systems are secure. Our strict physical, electronic and procedural safeguards are designed to exceed industry standards and safeguard customers' non-public information.

We encourage you to take an active role in protecting your identity.
Visit "www.etrade.com/onlinesecurity" for more details on these services as well as additional security tips.
http://email.etradefinancial.com/r/c/r?2.1.3K1.2Y0.13CFs4.By1zSK..T.Clyw.1Hzu.DeRIEcR0

If you suspect that you have received a fraudulent email from E*TRADE, please contact Customer Support at 1-800-838-0908.

Sincerely,

It is a reality of this day and age that firms need to be more proactive in informing their customers about online fraud. Of course, doing so via email is tricky because that’s the very medium that is subject to abuse. E*TRADE’s email above does a good job in dealing with this because it lists out five simple steps users can take and provides a link to the site for more information. There is also a subtle feature that makes this a good email – it is in plain text (as opposed to HTML). This is beneficial because you cannot hide nefarious links in seemingly innocuous URLs (e.g., having http://www.etrade.com really lead to http://123.45.678 or something like that), which is how phishing scams work. What is surprising, however, (and E*TRADE is not alone in this) is that we’ve never seen firms mention this simple fact. If anyone is suspicious of a link in an HTML based email, they can simply hover over it (in Outlook at least) to see the real URL to which you will be sent.

Regardless, this is something that firms must continue to be more proactive about. It is not enough to post a page on the website (that’s passive and people may not go to it) or to put something together to go into your privacy statement (just more legalese). You need to hit customers from multi-ple angles repeatedly to drive the point home.