Cybersecurity: how to protect your data and finances online

Phishing is one of the most common cyber fraud methods. It involves sending fake emails that appear to originate from trusted institutions, with the aim of tricking you into revealing confidential information such as logins, passwords, or personal data. Criminals often impersonate banks, courier companies, or even friends to gain the victim's trust.

Malware is a general term encompassing various types of malicious software, including viruses, trojans, ransomware, spyware, and adware. Malware can infect user devices, steal data, damage files, and even take control of an entire system. It often spreads through email attachments, infected websites, or unsecured portable devices.

Ransomware is a specific type of malicious software that blocks access to a user's system or data, demanding a ransom for their release. Ransomware attacks are frequently carried out via infected email attachments or malicious links. Recovering an infected system can be costly and time-consuming, making regular data backups crucial.

DDoS attacks overload a server or network with such a large volume of traffic that it becomes unavailable to users. Criminals use infected computers (botnets) to generate high traffic, leading to service outages. These attacks can have severe consequences for businesses, resulting in lost revenue and reputation damage.

Keyloggers are a type of malicious software that records keystrokes on a victim's keyboard. They can be used to steal passwords, credit card numbers, and other sensitive information. Keyloggers can be installed on a device through malicious email attachments, infected websites, or physical access to the device.

MITM attacks involve intercepting communication between two parties without their knowledge. The attacker can intercept and modify transmitted data, including login credentials, banking information, or emails. These attacks are particularly dangerous when users connect to unsecured public Wi-Fi networks.

Brute force attacks attempt to guess user passwords by systematically trying all possible combinations. Criminals use automated tools to carry out these attacks, which can be effective if users employ weak or commonly used passwords.

Exploits are specialized pieces of code used to target software vulnerabilities. They can be used to gain unauthorized system access, execute malicious code, or steal data. Regular software and operating system updates are crucial for protection against exploits.

Social engineering attacks manipulate individuals into revealing confidential information. Criminals may impersonate trusted individuals or institutions, using various psychological techniques to persuade the victim to disclose login credentials, account numbers, or other sensitive data.

Two-step verification (2FA) is an additional layer of security that protects your account from unauthorised access. It works on a simple principle – you need two different forms of verification to log in. Once activated, you will need a verification code in addition to your password. This code is generated by an external app (e.g. Google Authenticator, Microsoft Authenticator) on your personal device.

Enabling two-factor authentication significantly minimises the risk of data and funds theft, even if someone gains access to your password. We strongly recommend activating this feature to ensure the highest level of security for your transactions.

Depending on the investment platform you have chosen, you have different options for enabling 2FA in the Client Area, and you can find full activation instructions in our Help Centre.

Avoid simple passwords and do not reuse the same passwords across multiple services. A data breach at one service can expose your other accounts. Never share your logins and passwords with others or store them in easily accessible locations.

Installing antivirus software and a firewall is fundamental for securing any internet-connected device. Ensure these programs are set to update automatically to stay current with the latest threats.

Updating your operating system, antivirus software, web browsers, and programs like Java, Adobe Reader, and Flash Player is crucial. Vulnerabilities in these programs can be exploited to infect devices with malicious software.

Visiting sites offering illegal software, music, or movies is risky. They often contain malicious code that can infect your device.

Always keep your web browser updated, as browsers are frequently targeted by malicious software attacks. Use browsers that offer advanced security features.

Only install essential software from trusted sources. Regularly review the list of installed programs and remove any you no longer use.

Lock your mobile device screen and avoid saving passwords in apps. Maintain the physical security of your devices to prevent theft.

Do not log into trading platforms or the NonStop client area using public Wi-Fi networks, as they can be susceptible to MITM (Man-in-the-Middle) attacks, allowing data interception.

Do not open attachments from unknown senders. Malicious software often exploits vulnerabilities in programs like Adobe Reader or Flash Player. Carefully check the sender's name and email address to avoid phishing traps.

Do not connect portable storage devices (e.g. USB drives) from unknown sources to your devices. They may contain malicious software.

Before funding your account, ensure the account number is correct. If in doubt, contact the Client Service Department.

Phishing is a fraudulent method where criminals impersonate another person or institution to trick victims into revealing specific information or performing certain actions. It is a type of social engineering attack. If OANDA TMS requests such data from a client in the course of providing services, it will always be done through a specially designed and secured Client Area. Clients can always confirm the legitimacy of such requests by contacting the Client Service Department.