Security of online trading
Consistently growing popularity of e-services, which became a very convenient and cost-effective solution for performing transactions in financial instruments, contributed significantly to the increase of cybercrime and fraud. Taking this into account, e-commerce security issue is one of our top priorities in the area of provision of information to the Customers.
Fraudulent letters (and, sometimes, phone calls) are the classical type of fraud where criminals are attempting to obtain secret information known only to the user, such as the login name, password, phone password and other private data of the user of the electronic trading platform (hereinafter – ETP). Attempts to obtain private confidential data of the user are also performed using e-mail communication (“phishing”) faking the electronic mailbox of the Company. Fraudulent e-mails are common in all parts of the world. They become more and more widespread in Latvia, and this tendency, without a doubt, will continue in the future.
Methods of fraud
- Forged senders of information: a Customer receives an e-mail that looks like it was sent by the Company, and the sender’s address looks like it is related to the Company, e.g. Renesource Capital (firstname.lastname@example.org), Renesource Capital electronic trading platform (email@example.com) and so on. Please check the identity of the contact address comparing it with the real contact addresses in the “Contact information” section of our website.
- Imitation of a corporate style in an e-mail: a salutation such as “Dear Valuable Customer!”, an acknowledgment “Thank you for using Renesource Capital electronic trading platform”, a signature “Sincerely, your Renesource Capital” may be written in such a way as to imitate the Company corporate style in all tiny details.
- Fake links: the name of the link is also as close as possible to the style and activities of the Company, e.g. “Click here to update your information in financial instrument questionnaire”, but the website address is actually the address of the fraudsters’ website.
- Fake websites: such links usually lead to fake websites resembling the real ones. Any data entered on such site becomes known to a third party and may be used for selfish ends of criminals.
- An attempt to infect the user’s computer with a virus is one of the most popular methods of fraud nowadays, criminals are trying to infect the user’s computer with a virus to achieve their purposes.
Attention!!! To avoid the leakage of private data and to increase the level of financial security of a Customer while performing transactions via ETP of the Company, the Company never sends e-mails to its Customers asking to provide confidential information such as:
- Phone password for transactions in financial instruments;
- Customer’s login name in ETP;
- Customer’s password in ETP;
- Customer’s keys to access the electronic system of financial instruments accounting (back office electronic system);
- Other data related to identification and authorization of the Customer, including passwords, codes and so on.
This information is kept in the Company, therefore there is no reason for the Company to send e-mails to a Customer asking to provide such information.In case of suspicion or doubt, if you received the corresponding to the aforementioned characteristics request to provide information by e-mail, mail or phone, please contact the Company immediately to ascertain whether the e-mail was sent to you.
Measures to ensure the safety of information
In the light of the foregoing, we strongly encourage you to take the following basic measures to ensure the safety of information to prevent the possibility of cybercrimes and the leakage of identification data while performing transactions in financial instruments via ETP:
- “Computer hygiene”, that is usage of antivirus and firewall software. Install Internet Security software on your computer, for example Kaspersky® Anti-Virus 2015 software
- Use firewall software that provides inspection and filtering of incoming and outgoing data and detects attempts of unauthorized remote access to your computer;
- Regularly update your operating system;
- Pay attention to web browser messages;
- Never open attachments unless you are absolutely sure who sent the e-mail;
- Regularly update your protection software.
Safety of your electronic mailbox
To prevent unauthorized access, transfer or modification of data, the computer or the electronic mailbox that you use for communication with the Company should feature a special data transfer protocol (SSL) and a security sertificate. The security sertificate of an electronic mailbox is used on the internet and protects information from alterations, modifications and falsifications. SSL certificates are generally used by internet banks and respectable e-mail systems.
A multistage security system is present in the Gmail electronic mailbox system which includes the specially developed user access and authoization mechanism.
The electronic mailbox that you use for communication with the Company should support a two-step verification system. For example, the Gmail electronic mail system where the authorization system involves entering not only the login name and the password of a user, but also the code that Google company sends to the user’s mobile phone as a SMS or a voice message during sign-in.Two-step verification significantly reduces a possibility of personal data leakage from your Google account or Gmail electronic mail system. You can learn more about a two-step verification at the following link:
Two-step verification significantly increases the level of security, as criminals would not only have to know your login name and password, but also have access to your phone.For security purposes, the Company suggests to change your electronic mailbox password regularly, at least once every three months.
Risk management department of the Company recommends
- Do not keep correspondence, documents, private data and other confidential information in an electronic mail system. Particularly confidential information should be irretrievably deleted from an electronic mail system without much delay.
- Do not use option of saving your electronic mailbox password offered by web browsers. Risk management department of the Company recommends Customers never using the offered option of saving passwords or any other information, for example, a login name.
- Use “Log out” (“Sign out”) button to end your working session in an electronic mail system. “Log out” button, unlike web browser’s “Close (X)” button not only ends the working session but also deletes all information from the computer operative memory about the working session in an electronic mail system.
Other advices of Risk management department of the Company
The Company advises to not access ETP:
- From an intenet cafe or other public places where several users are working on one remote computer. There are no guarantees that a network administrator wouldn’t monitor user activities;
- From places where video surveillance equipment is installed that can be used to obtain information about passwords and login names;
- If there is no confidence in security of the used software, if there are suspicions about the presence of viruses and special software transmitting user’s passwords to third parties.