Have you ever received an email from a business asking you to provide personal information like your Social Security number or account number? Chances are it was a scam by someone trying to steal your identity for fraudulent purposes.
What's phishing?
Phishing is the attempt to steal personal information, identity details or even money through email by masquerading as a legitimate business.
Phishers bait their hooks with an email designed to look like it's from a legitimate source such as a bank, retail site, or some other business you may have an online relationship with. The message typically claims there's a problem with your account and asks you to click a link in the email and return to their site to confirm your account number, credit card information, password or other sensitive information.
Unfortunately, clicking the link can result in a variety of malicious outcomes. The link could take you to a site cleverly designed to look like the business's website, but any information you enter is captured by the phisher, who may use it to steal your identity, make purchases using your credit card or drain money from your accounts. Or clicking the link may download malware/spyware to your system that phishers can then use to steal information from you.
How to avoid being hooked by phishers
Develop a healthy skepticism when reading any email that asks for sensitive information and take a couple of simple steps to protect yourself.
Watch out for “red flags”. Phishing emails can often originate from countries outside your own. Strange greetings, currency denominations, typos and grammatical errors in the language of an email are all “red flags” that the email may be a phish. Additionally, any emails with threatening language or requests for immediate action should always be treated with caution. Legitimate businesses will not send out any public communication with these types of errors or hostile language.
Retype the URL/Visit the Site Directly. Phishers are very sophisticated in their use of design and technology to make their email lures look legitimate. The URL for the link in a phishing scam email can appear to be a company's valid Web address. However, if you click the link, you're redirected to the phishers' phony site. As such, best practice is to type the address of the site you want to go to directly into your browser rather than clicking the link so you can avoid being redirected.
Call the company. Franklin Templeton will never ask for personal financial information from you in an email, and we believe most reputable financial services companies won't either. If you have any doubts about the legitimacy of an email, call the company that sent it by looking up their number online (not using any phone numbers that may have been provided in the suspicious email).
Banks and investment companies typically have phone support in addition to their websites. A quick phone call to the customer service department can let you know if the "problem with your account" is for real.
Stay informed. Phishing scams become more complex as the phishers try to stay ahead of the people trying to stop them. You can keep tabs on the latest phishing scams and how you can avoid them at www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams.
A virus is a program that enters your computer without your knowledge and attaches itself to other files, replicating itself and spreading. Spyware is similar in that it invades your computer without your knowledge, but it also monitors your activity. In some cases it may report this activity back to the person who originally wrote the program.
A virus or spyware on your computer can do more than just crash your system or delete files. More insidious strains can present a serious threat to the security of personal information
Keeping your computer free of all unwanted programs is an important aspect of making sure your personal information is secure.
Be cautious when downloading
Be aware that whenever you download software or application files from the Internet, you could be allowing a Trojan horse into your system. A Trojan horse is a file that has undesired components like viruses or spyware hidden inside.
These programs vary in the amount of damage they do. One might simply annoy and frustrate you by resetting your browser's home page and not letting you change it back. Another might capture your ID and password as you sign into a financial site and then relay that information back to the source, where it may be used to steal your identity.
Be as certain as possible that you can trust the integrity of the source before downloading anything.
Also, it is important to note that the rules that apply to your computer, apply to your smartphone as well. With the increasing use of mobile banking as well as numerous applications that house personal information, smartphones are a possible treasure trove for hackers looking to steal information. You should only download from reputable applications sources such as the Google Play or iOS stores. “Jailbreaking” your devices to download third-party applications can open you up to malicious software included with your download.
However, you don't have to download something for malicious programs to find their way onto your system. Some of them can sneak onto your computer without any action on your part beyond visiting a website that hasn't taken appropriate steps to prevent hackers from triggering these "drive-by" downloads. Our site has security measures in place to combat this kind of activity.
Keeping your system clean
Antivirus and antispyware programs that seek out and destroy spyware are available to help keep such programs off your system. But be aware that viruses and spyware aren't easy to eliminate.
For instance, spyware programs typically hit your computer in clusters rather than single programs. So when spyware A invades your machine, spyware B, C, D and E may also sneak in and find a place to hide. In addition to watching you, these programs watch each other. If spyware A gets deleted, spyware B reaches out to the originator and grabs another copy. So it's important to be disconnected from the Internet before trying to clean these files from your system.
Our Internet security expert recommends running your antispyware and antivirus programs several times in succession. Each run may be able to peel off layers of "masks," allowing the programs to work in tandem to target and destroy spyware and viruses that have been hiding. As a final step, restart your computer. Then run your antispyware and antivirus programs once more.
This process may seem like overkill, but many experts believe it's worth the effort to keep your system clean. If you'd rather not do all of what's described above, it's a good idea to run the antispyware and antivirus programs at least once.
While airports and other venues with public computer terminals offer convenience, using them could compromise the security of your personal information.
You're on vacation and haven't been able to check email for a week. You stop for a cappuccino and notice a computer terminal in the corner of the coffee shop. It has Internet access and you decide to glance at the headlines on your favorite news website. No problem so far.
Then you decide to visit your bank's website, sign in and check to see if a couple of recent transactions have cleared. Is that a good idea? Probably not since you're using a public computer terminal.
There's no way for you to know what kinds of spyware programs are installed on public terminals. The computer may contain key tracking software or other invasive programs installed by someone who used the terminal previously. Those programs could help someone steal your identity if you're typing in personal information like an ID and password for online access to your bank account or email.
Given the ease with which spyware and other malicious programs can imbed themselves on a personal computer used only by you, it's wise to be extra cautious and never access personal financial data from a computer used by the general public.
Likewise the use of your own computer or mobile phone when connected to a local WiFi can have high risks as well. Local network devices or anchor points sending wireless signals can be infected with viruses and malware. It is recommended that if you are transmitting confidential information that must be protected you should access your devices Settings and verify that WiFi is not enabled and you are not connected to the local establishments WiFi network. This protective action will force your personal device to search for a connection from your primary ISP so that a more secured session can be initiated when required.
Email has become part of the very fabric of our lives. It lets us communicate quickly and easily with friends and family across town or across the globe. But don't let email's convenience make you forget about its potential dangers.
Following a few simple guidelines when using email can help protect you and your computer from identity thieves and unscrupulous businesses.
Treat email like postcard
Email is not a private method of communication. Anyone with a certain level of technological know-how can read what you send. While it may seem unlikely that anyone would bother trying to read your emails in transit, it's wise to err on the side of caution.
Avoid writing anything in an email that you wouldn't be willing to write on a postcard and drop in a mailbox. That means no personal financial information like account numbers, Social Security numbers, or passwords.
Avoiding email viruses
Hardly a week goes by without a major news story about a virus circulating on the Internet by email. These viruses typically arrive in the form of an attachment or link with some enticing or threatening instruction to open it.
But if you open it, the virus can do almost anything–from sending out copies of itself to everyone in your address book to crashing your computer completely. The safest practice is to delete the email and the attachment immediately without opening them, especially if you don't know the sender.
Viruses are tricky though, and the emails they're attached to can seem to be from someone you know or trust, someone who would never knowingly send you a computer virus. So, it pays to be suspicious of unknown attachments and links in general.
Before you open an unexpected attachment or click an unknown link from a friend or family member, you may want to send them an email or give them a call to make sure they sent it.
Dealing with spam
Unsolicited email—commonly called spam—is a growing problem on the Internet, both for recipients and for companies trying to use email to communicate with customers. Low mortgage rate offers, adult site solicitations, phishing scams and ads for merchandise are all forms of spam.
Use a spam filter. A good first line of defense against spam is spam-blocking software. Many email programs like Outlook and Eudora have built-in spam protection tools. Likewise, your Internet service provider may include a spam-blocking system bundled with their service. If these options aren't available to you, look into purchasing and installing spam-blocking software for yourself. These systems do a reasonable job of reducing spam, but they aren't 100% effective.
Delete without opening. When you reply or even open a spam message you may be confirming to the spammer that your email address is active. That's likely to mean more spam will be coming your way as the "good" address gets passed around among spammers.
Unsubscribe with caution. If spam comes from a company or individual you don't know, following the instructions to "unsubscribe" or be removed from the mailing list isn't likely to stop the spam. Your request will probably just confirm to the spammer that the address is active, and your address is more likely to be added to other lists rather than removed from any.
However, if spam is coming from a company you have a relationship with, they might not realize they're annoying you with these emails. You may have forgotten you signed up for a newsletter or special offers by email. Legitimate businesses that want you as a customer will generally provide you with an email address to contact them to have your name removed from email lists.
Block Senders. Nearly all email programs, applications and web interfaces offer an option to block emails from a specific sender. If you are receiving multiple spam emails from the same sender, you can utilize the block sender function to stop these emails from reaching your inbox in the future.
Report spammers. Internet service providers often make ongoing efforts to combat spam on their systems. By reporting spam when you receive it, you can sometimes help service providers thwart spammers in the future. Contact your provider to find out if they have procedures in place for you to report spam.
Passwords are the first line of defense and an important layer of protection in your cyber security. A good password that you never share is as important as the lock on the door of your home.
The best passwords are complex, memorable and always kept secret. Follow these tips to ensure your personal information stays confidential when you access it online.
Why use a complex password?
Often users find the requirements for a complex password inconvenient. Some have even suggested that if they want to use a very simple password they should be allowed to do so because they're putting only their own information at risk and not jeopardizing others.
That assertion is not true. Website security measures are only as strong as their weakest link, and even one user with a simple password would represent a weak link in our security system. Consequently, Franklin Templeton requires a complex password to access account information for the security of all users.
People often create simple passwords in the interest of making them easy to remember. Unfortunately, this leads to passwords that are easy to guess. Common examples of easy-to-guess passwords include phone numbers, birthdates, names of relatives, or even the word "password."
Names or words that can be found in a dictionary don't make good passwords because they're easy for thieves to crack. Software programs exist that do nothing but crack passwords. Basic versions of these programs can try 2.7 million letter combinations per second. It doesn't take very long to try every word in the dictionary at a rate of 2.7 million words per second.
To make guessing or cracking your password more difficult, you should create a complex password that includes a combination of numbers and letters and that doesn't spell any real words. You can go a step further by using both upper- and lowercase letters.
Remembering complex passwords
A complex password doesn't have to be difficult for you to remember. A simple mnemonic device can help you create a password that's both easy to remember and sufficiently complex.
For instance, if your mother drove a blue Chevrolet when you were 12, you might consider basing your password on the sentence "When I was 12, Mom drove a blue Chevy." Combine the first letter of each word plus the number at the end, and you get "WIw12MdabC" as a complex password you can easily remember by reciting the sentence.
Don't let anyone know your password
Keeping your password a secret means not sharing it with anyone and not writing it down where others may find it. Memorizing the password is usually the best option. However, if you must write it down, be certain you keep it somewhere secure. If you think someone has discovered your password, change it as soon as you can and keep the new one a secret. Otherwise, that person could sign in pretending to be you and manipulate personal information for criminal or malicious purposes.
Don't use the same password for all sites
Chances are you visit more than one website that requires a password. While the temptation may exist to have the same password so that you can easily remember it, you should have different, complex passwords for all the sites where you access personal financial information.
Hackers who steal passwords from one site are known to try those same passwords on other sites. If you use different passwords, a security breach on one site won't put your information on other sites in jeopardy.
Yes, it takes some effort to remember different complex passwords for all the sites you visit. However, keeping personal information secure is worth the effort.
Change your passwords frequently
Some sites require you to change your password after a certain number of days as a part of their security procedures. However, even when a site doesn't require it, you may want to consider taking this additional precaution and change your passwords at least once a year. You may even want to consider changing them quarterly or monthly, depending on your own comfort level.
When we talk about security, we don't just mean protecting the transmissions between your computer and our systems. We do far more to help safeguard your information.
We have an integrated system of industry best practices and technologically advanced safeguards that includes:
- SSL and encryption
- Firewall
- Monitoring
- Automatic logout
SSL and encryption. We use an industry-standard technology called Secure Sockets Layer (SSL) to encrypt the information flowing between your computer and our servers. Encryption works by scrambling words and numbers before they travel across the Internet so they can't be read or altered.
Several levels of encryption are available. A higher number indicates more secure communication. Browsers that support 128-bit encryption or higher currently offer the best protection.
Firewall. A firewall is a combination of hardware and software deployed to control the information that can pass from the Internet into our internal systems and servers. Firewalls enforce a set of rules intended to bar intruders and viruses from gaining entry.
Monitoring. We continually monitor our systems for evidence of attempted break-ins. Our monitoring methods combine internal resources and security companies we pay to help safeguard your information.
Automatic logout. The automatic logout is intended to protect your account information from passersby if you're interrupted and leave your computer before logging out. Typically, you'll be automatically logged out 30 minutes after your last click in a secure session.
Security measures you can take
You can take numerous actions to increase your Internet security. Some basic security measures are listed below:
- Use a browser with 128-bit encryption or higher.
- Make sure you're on a secure page.
- Log out and close your browser.
- Clear your cache.
Use a browser with 128-bit encryption or higher. To enter the secure areas of our site, your browser must support minimum 128-bit encryption.
Make sure you're on a secure page. When viewing account information online, you'll know that the information being transmitted is being encrypted and secure if the "locking" symbol of your browser shows a closed lock. Your browser will always display this lock in the same location. Typically, it's in the lower right of the browser window, but not all browsers show it in the same place. Find it on your browser and always check for it in that location when inputting or looking at confidential information.
You can also look at the address box (URL) to see whether http:// has changed to https://. The "s" indicates your connection is secure. However, you can't trust this indicator alone if you've clicked an email link because some "phishing" scams have managed to fake the "https" to make the URL look secure.
Log out and close your browser. If you leave a computer without logging out and closing your browser, someone else could use the browser's back button to view information you entered.
Your user ID and password for franklintempleton.com are protected separately by our site's security, which clears them from your browser as soon as you've signed in.
Clear your cache. As an additional precaution after visiting any secure site, you may wish to delete any page images your browser stored to your hard drive. These page images are called "cache." Your computer uses cache to make your experience faster by loading images from your hard drive rather than downloading them repeatedly from the website's server. Your browser's Help section should have instructions detailing how to clear your cache.
Security threats are ever changing
We use intensive testing procedures and other safeguards to verify that customer information is protected. But no security system is foolproof. Please be sure you're comfortable with our security measures before accessing your account online.
As fraudulent impersonation schemes involving cryptocurrency and foreign currency trading (FOREX) have proliferated via social media platforms and messaging applications, Franklin Templeton has experienced an increase in the number of reports of such activity. Bad actors have executed these scam attempts by portraying themselves as Franklin Templeton’s or its affiliates’ portfolio managers or employees through WhatsApp, Facebook, Instagram, Telegram and other messaging platforms.
If someone initiates contact with you via social media or a messaging platform claiming to be affiliated with Franklin Templeton or its affiliated companies and offering to teach you cryptocurrency or forex trading techniques, it’s not us - it's a fraud attempt! These bad actors often persuade their victims to download or otherwise access fraudulent trading platforms to “invest” often promising unrealistic or guaranteed returns. Sometimes these sites will be branded with the Franklin Templeton logo or other trademarks, but often look a bit “off,” such as with misspellings, broken links, and/or missing privacy or regulatory caveats. Some sites are so elaborate that it looks like your “investment” is making incredible gains, but there will be no way to withdraw funds you have given to the scammers.
Make sure to visit the Department of Financial Protection and Innovation to protect yourself when engaging in crypto transactions, and you can leverage the DFPI Crypto Scam Tracker from their website.
Franklin Templeton does not offer direct cryptocurrency or forex trading services for individuals though some of our funds/ETFs may hold such investments.
If you suspect you have been contacted by a scammer impersonating Franklin Templeton, please report them by emailing us. If possible, please include screen shots of the scam site or communication you received.
Key indicators involving fraudulent online trading platforms:
Be wary of loading apps, especially apps offered outside official app stores – (sideloading apps)
Bad actors will try to persuade you to download applications to your devices, especially applications that circumvent official app stores (e.g., Apple App Store, Google Play). This is known as “sideloading.” Sideloaded apps can be dangerous because they may contain malicious code and carry unknown security postures. Sideloading can introduce various mobile app security risks:
What can you do?
To minimize your risks, you must be hypervigilant when sideloading applications. Remember to only sideload apps from trusted sources and keep your device operating system and sideloaded apps up to date. Consider using mobile security software and regularly reviewing and managing app permissions to protect your mobile device.