Common tactics used to steal login credentials
Some of the most common tactics criminals use to compromise a victim’s identity or login credentials are described below. After gaining access to an investor’s personal information, criminals can use it to commit various types of fraudulent activity. The action items presented in the investor protection checklist are intended to help you and your family better protect yourselves against such activity.
Using malicious software (hence, the prefix “mal” in malware), criminals gain access to corporate and private computer systems and gather sensitive personal information such as Social Security numbers, account numbers, passwords, and more.
How it works: While malware can be inserted into a victim’s computer by various means, it often slips in when an unwary user clicks an unfamiliar link or opens an infected email attachment.
Phishing is a popular tactic used by cyber criminals to steal account information or login credentials. It is essentially a fake electronic message designed to trick you into divulging information and/or granting access that you shouldn’t. This is often accomplished with the help of a fake website that strongly resembles a real site.
How it works: Masquerading as a known entity, or one with which the victim may have a financial relationship (e.g., a bank, credit card company, brokerage company), the criminals lure victims into opening email links or attachments. Doing so may direct victims to provide sensitive information on a fake website, or it may install malware to capture login and account information.
It’s common practice for people to use one password on many sites. However, doing so leaves people vulnerable to credential replay attacks.
How it works: Attacks occur when a criminal obtains the password for one compromised account and then tries to use it to log in to other accounts. The more a password is reused, the more chances there are for that password to be compromised or stolen.
Investor protection checklist
The educational checklist presented below is designed to help you take appropriate action to better protect you and your family and mitigate risk of cyber fraud. Carefully review the items in each of the categories below to determine which apply to your unique situation.
Information provided in this document is for informational and educational purposes only. To the extent any investment information in this material is deemed to be a recommendation, it is not meant to be impartial investment advice or advice in a fiduciary capacity and is not intended to be used as a primary basis for you or your client’s investment decisions. Fidelity and its representatives may have a conflict of interest in the products or services mentioned in this material because they have a financial interest in them, and receive compensation, directly or indirectly, in connection with the management, distribution, and/or servicing of these products or services, including Fidelity funds, certain third-party funds and products, and certain investment services. The third-party providers listed herein are neither affiliated with nor an agent of Fidelity, and are not authorized to make representations on behalf of Fidelity. Their input herein does not suggest a recommendation or endorsement by Fidelity. This information was provided by the third-party providers and is subject to change. The content provided and maintained by any third-party Web site is not owned or controlled by Fidelity. Fidelity takes no responsibility whatsoever nor in any way endorses any such content. There is no form of legal partnership, agency, affiliation, or similar relationship among an investment professional, the third-party service providers, and Fidelity Investments, nor is such a relationship created or implied by the information herein. Third-party trademarks and service marks are the property of their respective owners. All other trademarks and service marks are the property of FMR LLC or its affiliated companies. Fidelity InstitutionalSM provides investment products through Fidelity Distributors Company LLC; clearing, custody, or other brokerage services through National Financial Services LLC or Fidelity Brokerage Services LLC (Members NYSE, SIPC); and institutional advisory services through Fidelity Institutional Wealth Adviser LLC. © 2021 FMR LLC. All rights reserved