Secure Transactions

By Theresa Carey  |  Posted 2004-08-16 Print this article Print

2) Make sure you only conduct Web-based transactions on a "secure" page. The most common mistake is replying via e-mail with your confidential financial or account information. No legitimate company is going to ask you to do that. Instead, they will send you to a Web page that has been made secure for e-commerce purposes. If an e-mail urges you to click through to what is supposedly a Web page for your mutual fund, look for evidence that it is a "secure" page. Script injection makes phishing harder to catch. Click here to read more. Among the positive signs that you may see is a URL starting with "https:" (instead of just "http:") or a padlock icon on your browser frame. While it is a good thing to check for such security, keep in mind that this is not a foolproof way to keep phishers at bay. Some con artists who are phishers have legitimately acquired or forged such security.
If you are uncertain about the actual level of security associated with a mutual fund transaction Web page, the best bet is to close your existing browser window, open a new browser window and then go through the main mutual fund company Web site that is already known to you.
3) Be on guard for suspicious Web site addresses. Is the mutual fund Web site address that you are sent to different from the one that you have used before for your mutual fund account? Does the URL contain the mutual funds name (or some variation of it)—along with other words or numbers? These are possible signs of a "cloned" or bogus mutual fund Web site page. Another common situation in a phishing scheme is a Web page that includes some, but not all, of the art, icons and navigation system of the Web site that has been "cloned." Play it safe: Only use mutual fund Web site addresses that you have used before. If you are uncertain about the authenticity of a Web page, contact the company directly by phone or by closing your browser, opening a new browser window and then going directly to the main mutual fund company Web site address. 4) Review your mutual fund account statement carefully. Are there trades missing? Has someone conducted trades that you did not authorize? Is your account statement late or missing altogether (possibly as a result of getting rerouted to the mailing address of a con artist)? Your account should only cover transactions that you have personally authorized and undertaken. Read more here about phishing scams becoming more savvy. 5) Take advantage of the technology available to fight phishing schemes. Ensure that your browser is up to date and that security patches are applied. Some phishing e-mails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. 6) Report the problem! Even if you only suspect that you have been approached by a phishing scheme, let your mutual fund company know immediately. Send your mutual fund a copy of the e-mail and the possibly bogus Web site address. (When forwarding e-mail messages, make sure to include the ENTIRE original e-mail with its original header information intact.) It also is a good idea to file a complaint with the FBIs Internet Fraud Complaint Center. Current or prospective shareholders with questions about any suspicious e-mail or Web site claiming to be a mutual fund company should contact their firm by telephone, or by writing directly to a known contact. Pax World Funds can be reached by phone at (800) 767-1729 or by e-mail at Check out eWEEK.coms Finance Center at for the latest news, views and analysis on financial applications and services for the enterprise and small businesses.

Theresa is the Editor of's Finance Industry Center. She's been writing about financial technology issues since 1990 for a wide variety of publications, including PC Magazine, Newsweek, Fortune, and Fortune Small Business. She is also a Contributing Editor to Barron's and writes their 'Electronic Investor' column.

Theresa received a B.A. from the University of California, Berkeley, and a M.S. from the University of Santa Clara. She also has a private pilot's license. When she's not at her computer, she coaches a local high school volleyball team, plays softball and volleyball, and takes part in many Cal Alumni Band events. She lives in Northern California.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel