Many people do not realize that when they use proxies and Virtual Private Networks (VPN) to access online brokerage and bank account websites, they are essentially entering these applications in disguise. And what is worse, for those that are using FREE Web VPN services, public cloud environment or TOR browsing, they are essentially using shared IP addresses that someone else is using or that may have used in the past. The illusion here is that Anonymity guarantees security because it hides your internet trail. But this is not true. What is actually happening is that one’s online activities are grouped under anonymity with no discrimination as to who is surfing, which can prove badly when you log into your financials accounts. In this blog I will explain further why using anonymity for online personal or financial accounts is never a good idea.
Imagine if you will that every time that you go to your bank or the ATM to access your account you wear a different disguise to hide your identity. One day you wear a wig to hide the natural color of your hair and another day you arrive dressed as a different gender. You maintain this disguise for several months never allowing anyone at the bank to get a good look at your true appearance. You believe it’s your right to safeguard your personal identity from anyone trying to learn your identity who might want to cause harm to you. People go to many lengths to remain anonymous, and this is just one of them and is a logical way of going about concealing who you are, regardless of your intentions.
Obviously this scenario is unlikely and a bit far-fetched, but just for the sake of explaining my point, let’s go ahead with it.
So now let’s suppose that one day you are away on a trip outside the USA that you had been planning for weeks. While you are traveling you cannot get to the bank to make your daily deposits or withdrawal, etc. During this time the individual carefully monitoring your routine behaviors notices that you have not come to the bank in two days. Since anyone can be you, as you change your identity frequently, they seize the opportunity to waltz into the bank with the credentials they have acquired for your accounts. They know that no one at the bank really knows who you are, so for them they don’t even need to do much to disguise themselves as you. Once they go in, it’s a success, and it means they’re likely to do this several more times before you are even home to do something about it. Then he or she does something even more drastic using your “disguise” and robbing the bank at gun point for a whopping $150,000, then disappearing without a trace. The only clue surveillance cameras catch at scene is a disguised individual, and the bank tellers who witnessed the crime can only give a visual description of a person dressed in disguise. And when they check the prior historical surveillance they see you coming into the bank matching the exact same disguise. Take a guess whose door the police will be knocking on? That’s right, yours, as the long trail of anonymity leads directly to you, the bank’s very own mysterious client.
When it comes to your financial information it is for your own safe guard that your institution knows who you are. In the financial industry this is known as KYC, which stands for Know Your Client. All financial institutions are required to follow this procedure to protect the client against identity fraud and the institution against doing business with known criminals. This practice keeps the entire industry safer for everyone. This same logic also applies to when you access your accounts online. You should not attempt to hide your computer identity and location when you login to your online accounts, as your institutions do maintain an audit of your login history to ensure that access is not being accessed by hackers.
Technology is becoming more advanced and mainstreamed, and with that comes a higher risk of vulnerability. Hacking is becoming a legitimate profession that is attracting the good (i.e. those that use hacking for good reasons) and the bad. Companies work very hard and often spend a lot of money to find vulnerabilities in their system in order to prevent clients from being hacked. However, the hackers work even harder to find the slightest crack in a back door to sneak in and cause harm. They carefully plan their heist for months before they actually commit the crime and use anonymity to protect themselves from being discovered.
Very often we see instances in which one of our brokers reports a client stating his account has been compromised. Yet when we investigate the situation we unfortunately cannot always differentiate from the access log who is the client and who is the hacker. When this happens and you are an unfortunate victim, you must hope your institution operates on good faith and believes that you are being truthful about which access is yours versus the reported hacked access. Then you need to ask yourself who is at fault when the security breach is the result of you hiding your identity online.
With this in mind, I have compiled a list of the top 5 practical tips for keeping your online financial accounts safe:
- Use Strong password string – Your password should be as unique as your fingerprint and not easily guessed by your email or name. There are many free strong password generators which can randomly generate a string. My favorite is Lastpass.com, which offers an app that runs on smart phones and in which you can store all your login credentials. If you prefer to not use a strong password generator, then you should use words or phrases replacing letters with numbers and special characters that make sense to you.
- Do not repeat the use of your login credentials for multiple websites – it is critical that you understand that once your password has been hacked, that hacker is likely to attempt to login to multiple websites, which leaves you vulnerable to multiple entry points being hacked. Using the same password or username, or combination of both, in your email or social media website accounts for 90% of all point of entry hacks used by hackers to gain personal information.
- Monitor your account activities often – Most financial firms offer mobile access so that you can login from your smart phone from anywhere. Some firms also offer the ability to email you if they receive alerts of suspicious activities emailed. You should subscribe to this service if it is available.
- Do not share any portion of your financial website login credentials with 3rd party websites – Understand that if you do, you are essentially giving them access to your finances or other personal information that could potentially be hackable by one of their personnel. The other danger is them having this information and meanwhile their own computer systems have vulnerabilities (remember headlines that “Target will pay customers who suffered from a 2013 data breach up to $10,000 each in damages.”)
- Create a separate and secure email account for your online financial portals which is separate and different from the email account you use to access social media accounts or use for junk email. Most experts recommend having at least 3 different email accounts such as business e-mail, personal e-mail and a junk email. We suggest having one email which is you use exclusively for financial accounts.
One last point that I would like to make clear is that there are times when remaining anonymous online is a good thing, for example on social media sites. However, being anonymous follows the dictum that there is a time and place for everything. Entering your financial accounts – including your stock trading accounts – is not an appropriate time to be anonymous. We at DASTrader.com sell state-of-the-art stock trading software and know all too well the dangers and consequences of clients hiding their online identity. One great project we have completed and released is a high alert system for our client that notifies us and them of unusual or suspicious activities. We want nothing but the best for you while using our products, and strive to maintain security for all your financial transactions.