Fidelity suggests ways to minimize exposure to online risks, such as e-mail scams.

Protect Your Passwords

Make your passwords as obscure or abstract as possible. Avoid obvious numbers and words, such as a maiden name, birth date, or an anniversary, which would be easy to guess. Never divulge your passwords to anyone, including family or friends.

Protect Yourself from Phishing Scams

Phishing is the mass e-mailing of messages that falsely claim to come from a legitimate business. These messages often provide links to phony Web sites, where you are asked to supply personal information such as passwords, credit card numbers, Social Security numbers, or bank account numbers.

Never enter personal information unless you are sure the website is legitimate. You should also be certain the site is encrypted. Look for the letter "s" at the end of "https" at the beginning of the URL address. An example of such a URL address is "https://www.fidelity.com." This ensures that the site is running in secure mode.

Finally, know that Fidelity will never e-mail you requesting that you confirm your personal information or password.

How to Recognize Phishing E-Mail

Phishing messages have evolved drastically over the last year, and they are often difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to the real company's privacy policies, and even include "legal disclaimer language" at the bottom.

To help determine if an e-mail is part of a phishing scam, ask yourself the following:

Do I have a relationship with this company?
Would I expect this company to contact me this way?
Would I expect this company to use this tone or make this request?

If you are at all unsure, contact the company by phone.

Regarding any e-mail message from Fidelity, you can always contact us at 1-800-FIDELITY for verification.

Hone Your Phishing Detection Skills

MailFrontier has pulled together 10 sample e-mail messages that have appeared in people's mailboxes. Try the MailFrontier Phishing IQ Test II to see if you can identify phishing scams from legitimate e-mails.

Don't Open Unexpected E-Mail

Be cautious of e-mail and attachments — even if they look like they're from a friend — unless you are expecting them or know what they contain.

Don't E-Mail Personal or Financial Data

Most e-mail is not secure or encrypted and should not be trusted to send personal or financial information. E-mail you send from within the Customer Service tab on Fidelity.com, however, is safe and encrypted. This is the most secure way to contact us online. Otherwise, call 1-800-FIDELITY to speak to a representative.

How to Report a Phishing Scam

If you suspect you have received a fraudulent e-mail from Fidelity or any of its subsidiary companies, please call 1-800-FIDELITY immediately.

Additional information can be found at www.antiphishing.org or www.consumer.gov/idtheft/.

Don't Be a Victim of Session Stealing

Online fraud can happen without ever being noticed by the victim. Cross-Site Request Forgery (CSRF) occurs when you are logged into a website and move to another website without first explicitly logging out of the previous site.

It is recommended that you take the following action to help protect your account:

Always remember to terminate your Fidelity session by clicking Log Out. If you fail to log out or close your browser, your current session may remain active and your account might be targeted for theft.
If you want to go to another website while you are logged in, you should open a different type of browser-not just a new window-to navigate to that site.

Home > Security >
Security Fidelity Customer Protection Guarantee Secure Your Home Computer Minimize Your Risks Online Protect Yourself From Identity Theft Steps Fidelity Is Taking Tools & Resources Security Checklist
	Protect Your Passwords Make your passwords as obscure or abstract as possible. Avoid obvious numbers and words, such as a maiden name, birth date, or an anniversary, which would be easy to guess. Never divulge your passwords to anyone, including family or friends. Protect Yourself from Phishing Scams Phishing is the mass e-mailing of messages that falsely claim to come from a legitimate business. These messages often provide links to phony Web sites, where you are asked to supply personal information such as passwords, credit card numbers, Social Security numbers, or bank account numbers. Never enter personal information unless you are sure the website is legitimate. You should also be certain the site is encrypted. Look for the letter "s" at the end of "https" at the beginning of the URL address. An example of such a URL address is "https://www.fidelity.com." This ensures that the site is running in secure mode. Finally, know that Fidelity will never e-mail you requesting that you confirm your personal information or password. How to Recognize Phishing E-Mail Phishing messages have evolved drastically over the last year, and they are often difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to the real company's privacy policies, and even include "legal disclaimer language" at the bottom. To help determine if an e-mail is part of a phishing scam, ask yourself the following: Do I have a relationship with this company? Would I expect this company to contact me this way? Would I expect this company to use this tone or make this request? If you are at all unsure, contact the company by phone. Regarding any e-mail message from Fidelity, you can always contact us at 1-800-FIDELITY for verification. Hone Your Phishing Detection Skills MailFrontier has pulled together 10 sample e-mail messages that have appeared in people's mailboxes. Try the MailFrontier Phishing IQ Test II to see if you can identify phishing scams from legitimate e-mails. Don't Open Unexpected E-Mail Be cautious of e-mail and attachments — even if they look like they're from a friend — unless you are expecting them or know what they contain. Don't E-Mail Personal or Financial Data Most e-mail is not secure or encrypted and should not be trusted to send personal or financial information. E-mail you send from within the Customer Service tab on Fidelity.com, however, is safe and encrypted. This is the most secure way to contact us online. Otherwise, call 1-800-FIDELITY to speak to a representative. How to Report a Phishing Scam If you suspect you have received a fraudulent e-mail from Fidelity or any of its subsidiary companies, please call 1-800-FIDELITY immediately. Additional information can be found at www.antiphishing.org or www.consumer.gov/idtheft/. Don't Be a Victim of Session Stealing Online fraud can happen without ever being noticed by the victim. Cross-Site Request Forgery (CSRF) occurs when you are logged into a website and move to another website without first explicitly logging out of the previous site. It is recommended that you take the following action to help protect your account: Always remember to terminate your Fidelity session by clicking Log Out. If you fail to log out or close your browser, your current session may remain active and your account might be targeted for theft. If you want to go to another website while you are logged in, you should open a different type of browser-not just a new window-to navigate to that site.
	Copyright 1998–2008 FMR LLC All rights reserved. Terms of Use Privacy Security Site Map