6 Common Security Threats That Retail Investors Should Know

Security image 849329339

Technology has transformed the way securities are traded making the internet the new frontier. Everybody with a smartphone and an internet connection now has the opportunity to trade online. However wherever opportunity goes, risk follows.

Whether you trade or invest from your smartphone or from your desktop computer, once you connect to the internet, a portal is opened and you are exposed to very sophisticated threats. Most people do not bother about cyber-security until they fall victims to scammers.

Knowing how scammers work before hand is a cheaper alternative to dealing with the aftermath of being scammed. We will discuss six common security threats you will likely face as you trade online, and how to deal with them.


1. Phishing attacks

Phishing attacks have to do with messages sent to you which could be email, text messages, or even social media quizzes, with the intention of making you reveal sensitive information. Some phishing techniques require you to download an attachment, or click on a link which redirects you to a landing page where you’re required to input your password, or reveal sensitive data.

When you hover your cursor over the link that the hacker wants you to click on, you will discover the address is different from what the link is about and this is a red flag. This is called Spear Phishing attack & it is a very common attack vector.

For example you could get an email from an address that looks like your brokers email address. The email could say you have won a gift for being a loyal customer. It will then require you to click on a link.


When you click on the link, you’re redirected to a landing page that is designed to resemble that of your broker. You could then be required to input details such as your account number, PIN, card number, etc. Once you input this information, the hacker harvests it at the other end, and uses it to defraud you.

2. Password Theft

Password theft could occur when you use your trading device in public places, where shoulder surfers could peep and steal your password as you enter it. Writing down your passwords also exposes it to theft.

Since public places such as hotels usually have their own Wi-Fi to serve their customers, a scammer could spoof the Wi-Fi by creating a copycat Wi-Fi, and giving it the same name as the original Wi-Fi.


When you connect to the scammers Wi-Fi, he will be able to see sensitive information such as your passwords and steal them. Studies have also shown that many traders have actually used public Wi-Fi to access their trading accounts on the go. This exposes you to the risk of being targeted by these hackers.

You should avoid public Wi-Fi especially the ones that are free and not protected by passwords.

3. Trojan attacks

Trojans are Apps that pretend to be something they are not. They masquerade as legit Apps but have different intentions. Trojans main goal is to create a portal, or open a backdoor through which hackers can land more viruses onto your device.


For example a Trojan could look like a calculator App but in the real sense it is a keypad logger or some kind of malicious app.

A Trojan virus could also be delivered, when you click on popups warning you that a virus has been detected on your device, and you need to scan the device.

When you notice an App you rarely use keeps consuming a lot of your data, be careful as you could be dealing with a Trojan. It probably consumes so much data because it works in the background stealing and sending out your information.


In 2014, Sony pictures was breached by hackers known as the “guardians of peace”. These hackers released confidential information such as Sony employee salaries, employee email correspondence, unreleased Sony movies, and future Sony movie plans.

As if that was not enough, the hackers deployed a special modified version of the “Shamoon wiper” virus to erase and wipe clean the hard drives of Sony pictures. This is how destructive hacker attacks can be.

4. Worms

Worms are malware that spread and multiply once they enter your device. They could enter your email and send themselves to everyone on your contact list, or attach themselves as executable files to email messages you send out.


Worms can also change system settings such as disabling the notifications on your trading App. When this happens, you won’t be alerted when withdrawals are made, or when new accounts are linked to your trading App.

In 2008, a worm nicknamed “conficker” infected many windows operating systems around the world, and was able to connect all the computers together into something called a “Botnet.” Conficker left disaster in its trail with economic losses of over $9 Billion dollars. So, think of what a worm could do to your trading device.

5. Social Engineering

Social engineering has to do with tricking someone into divulging sensitive information by using clues they have left on social media. Instead of running complex algorithms to steal passwords and hack firewalls, a scammer might choose to get your passwords and other data by carrying out social engineering on you.


He could do this by either impersonating you to get your data from a third-party such as your vendor, or impersonating a third-party in order to get you to reveal your sensitive data. Either way, he could get what he wants.

According to the aggregate data of 119 complaints against brokers received by Forex Brokers South Africa revealed that over 45% of forex scams that happened in 2021, were linked to social media. Most of the information you spill on social media can be used to authenticate you.

For example, when you forget your password, there are password recovery questions asked in order to authenticate you. Some of the answers to the password recovery questions could be gotten from your social media pages.

For example, your birthday could be gotten from Facebook, your spouse’s name could also be gotten from Facebook, where you work could be gotten from LinkedIn, etc.

For instance, you post a picture of you buying furniture on Instagram, and geo-location says you’re at splendid furniture company. A social engineer could retrieve your home address by doing the following:

  • Get your name and picture from Facebook
  • Spoof caller ID to display your name and picture
  • Get a video of you talking from Facebook and use voice converting software to mimic your voice
  • Look up splendid furniture company’s phone number on Google and call them
  • Ask the company to reconfirm your delivery address to be sure its correct

Turning on geo-location can be dangerous, especially when you go to places where you use your credit card; such as supermarkets. When you turn on geo-location, the scammer knows which businesses you patronize, and also knows which businesses he can call to impersonate you.

6. Fake Live Chat

In a bid to offer quality customer service, brokers make live chat available so you can chat with a robot that will help resolve your issues. Today hackers now deploy fake live chats, with the intention of getting you to reveal sensitive information which will be used against you.

Security Risk Mitigation Tips

  • Enable Two factor authentication (2FA) if your broker offers it.
  • Use strong passwords
  • Do not use the same password on various Apps
  • Avoid public Wi-Fi
  • Check how much data each App installed on your phone is consuming and delete any unused App that keeps on consuming lots of data
  • Activate biometrics such as fingerprint scanner etc., if your trading App supports it
  • Turn on notifications on more than one channel like SMS and email
  • Make sure no one is watching when you key in your password in public places
  • Install a trusted antivirus program on your device and update it regularly
  • Delete any App on your phone that wasn’t installed by you
  • Make sure a website is secured and encrypted with https before you use it
  • Restrict how much information the public can see on your social media pages
  • Deactivate geo-location on your social media accounts
  • Keep social media account settings private

Staying Alert

Online security needs to be taken seriously, as scammers are looking to take advantage of any weakness. These aren’t all the security threats out there, but they are the most common and can be prevented with the right security plan in place.