Protect Your Personal Information
 |
Please ensure the authenticity of any requests before sharing your sensitive personal information including government issued Id, account number etc. |
|
Do not use general personal information e.g. birth dates, phone numbers or account numbers for PINs |
|
Review account statements regularly |
|
Do not share user names or Password/PIN with anyone |
|
PIN/Password should be memorized and not be recorded anywhere |
|
PIN/Password should be changed regularly or when there is any suspicion that it has been compromised or impaired |
|
Ensure you use strong password combinations and change it regularly (Matrix password requires minimum of 8 characters containing uppercase, lowercase letter and a punctuation character or number) |
|
Avoid accessing email and Internet Banking on public computers |
|
Do not open the email/clicking on a hyperlink sent from an unknown source |
|
Make regular backup of critical data |
|
Log off the online session |
|
Clear browser cache after online sessions |
|
Do not install software or run programs of unknown origin |
|
Delete junk or chain emails |
|
Do not access bank websites through hyperlink embedded in emails, Internet Search Engines or Suspicious popup windows. Instead, you should always connect by typing the authentic website address into the browser or by bookmarking the genuine website for subsequent access |
|
Install anti-virus, anti-spyware and firewall software on your computing Device |
|
Update operating systems, anti-virus and firewall products with security patches or newer versions on a regular basis |
|
Remove file and printer sharing in computers, especially when they are connected to internet |
|
Consider the use of encryption technology to protect sensitive or confidential information |
|
Do not leave your computer or personal devices unattended |
Protect Yourself from Social Engineering
Social engineering is the practice of manipulating people into disclosing personal or confidential information in order to conduct fraud, gain system access or gather personal information. Social engineering is typically used as a first step to conduct more complex fraud. Phishing is a form of social engineering carried out by a malicious party that sends an email or instant message that appears as if it's originating from a legitimate source (such as a financial institution, government agency or credit card company). Phishing attempts are used to acquire sensitive information such as usernames, passwords, credit card numbers, or money.
Consider the following to protect yourself against social engineering:
|
Be conscious of the amount of personal information (work, school, family) you disclose on social networking sites. What you disclose about your travels, family, whereabouts, job, "likes", or political affiliations can be used to perform identity theft, perpetrate fraud, locate your whereabouts, etc. The convenience of information in one place is frequently used to instigate an attack |
|
Check your privacy settings on popular social networking sites to ensure that any personal information is shared only with those whom you intend to share |
|
Never post birthdays, addresses, vacation schedules, or phone numbers on social networking sites |
Phishing emails are difficult to differentiate from genuine emails and often appear to be coming from a legitimate source. Below are some warning signs that could indicate a phishing attempt:
|
False sense of urgency - Phishing emails often claim some type of emergency and request an immediate response. |
|
Unexplained or unexpected emails - If you don't normally receive emails from the sender (e.g. a government agency), be wary as this could be a phishing attempt |
In addition to internet phishing schemes, fraudsters continue to use old-fashioned methods to lure people to reveal personal information:
|
Unexpected phone calls - Fraudsters call potential victims, posing as associates of a well-known brokerage firm |
|
Fabricated applications, forms and correspondence - Fraudsters also sometimes send the victim applications and forms in a further attempt to collect information. Using this information, the fraudsters then attempt to steal the person's identity or money |
Finally, please remember these quick tips to protect yourself from social engineering attempts and phishing scams:
|
Be wary of links embedded in emails - verify authenticity of embedded links and emails or texts that ask for password verification |
|
Verify whom you are communicating with - confirm the authenticity of anyone with whom you speak |
|
Contact the sender through another means, such as a phone call, to validate the authenticity - however, don't trust the phone number on the email. Obtain a contact phone number from your card, statement etc. |
|
The website address of a secure website connection starts with "https" instead of just "http" and has a closed padlock in the status bar. To double-check; click on the padlock icon on the status bar to see the security certificate for the site. Following the "Issued to" in the pop-up window you should see the name *.matrix.ms.com. If the name differs, you are probably on a spoofed site |
If you believe you're a victim of a phishing scam, it's important to act quickly. Please contact your Morgan Stanley Representative immediately in such case.