Welcome. My name is Mike Ellison and I am the EVP at Corporate Insight. We're a firm that looks at the retail experience at a number of brokerage, mutual fund, and banking firms. From time to time, I'm going to be blogging on subjects related to wealth management. Much of what I will be talking about will come from our experiences in maintaining live accounts at the firms we follow in our research. When we uncover something I feel would generate some lively discussion, I'll post it and hopefully you'll chime in with your opinions.
To open our discussion, we recently received an email from E*TRADE on identifying and avoiding fraud that I think should generate some dialog.E*TRADE recently sent us a text-based email that had the following message:
Dear (NAME REDACTED), Account Number Ending In: REDACTED
Identity theft is a serious issue, no matter how it originates. The vast majority of online fraud is a result of a compromised personal computer - when a consumer knowingly or unknowingly discloses identifying information like their user name and password.
By exercising caution and following some basic guidelines, you can reduce your chances of falling victim to online identity theft.
1. Be suspicious of ANY email that asks for sensitive personal information, even if the sender seems to be familiar.
2. Never open attachments or click links in spam or unsolicited emails.
3. Avoid filling out forms contained in an email message or pop- ups, even if they appear to be from a legitimate company with whom you do business.
4. Run the latest version of a proven anti-virus software program on your computer.
5. If you have logged on to a Web site, log off when you are finished and close your browser completely.
At E*TRADE FINANCIAL we protect every asset and transaction you make with our Complete Protection Guarantee, providing complete fraud coverage, payment and privacy protection. In addition, we've introduced the Digital Security ID(1) to help our customers protect their identities by making unauthorized account log on virtually impossible.
Rest assured, E*TRADE deploys advanced protection solutions to ensure our systems are secure. Our strict physical, electronic and procedural safeguards are designed to exceed industry standards and safeguard customers' non-public information.
We encourage you to take an active role in protecting your identity. Visit "www.etrade.com/onlinesecurity" for more details on these services as well as additional security tips. https://email.etradefinancial.com/r/c/r?2.1.3K1.2Y0.13CFs4.By1zSK..T.Clyw.1Hzu.DeRIEcR0
If you suspect that you have received a fraudulent email from E*TRADE, please contact Customer Support at 1-800-838-0908.
It is a reality of this day and age that firms need to be more proactive in informing their customers about online fraud. Of course, doing so via email is tricky because that's the very medium that is subject to abuse. E*TRADE's email above does a good job in dealing with this because it lists out five simple steps users can take and provides a link to the site for more information. There is also a subtle feature that makes this a good email - it is in plain text (as opposed to HTML). This is beneficial because you cannot hide nefarious links in seemingly innocuous URLs (e.g., having https://www.etrade.com really lead to https://123.45.678 or something like that), which is how phishing scams work. What is surprising, however, (and E*TRADE is not alone in this) is that we've never seen firms mention this simple fact. If anyone is suspicious of a link in an HTML based email, they can simply hover over it (in Outlook at least) to see the real URL to which you will be sent.
Regardless, this is something that firms must continue to be more proactive about. It is not enough to post a page on the website (that's passive and people may not go to it) or to put something together to go into your privacy statement (just more legalese). You need to hit customers from multi-ple angles repeatedly to drive the point home.