1. Help

  2. >

  3. Account security

  4. >

  5. How can I protect myself from fraud?

How can I protect myself from fraud?

To meet our high level of security standards, Totality places a strong emphasis on securing our trading platforms. Please be aware of what you can do to maintain and safeguard the security of your trading platform and personal data.

This article will outline some of the common methods used by fraudsters, and provide information on how to better secure your account.  

Common signs that suggest you may have encountered a scam include:

  • Sense of urgency: Scammers will try to pressure you into acting immediately, without giving you time to research or ask questions.
  • Promise of a quick and unrealistic gain: If an investment seems too good to be true, it probably is. No investment can safely guarantee a high return in a short time.  
  • Communicate exclusively through social media: Scammers frequently use social media platforms to target their victims.
  • The name is just close enough to a genuine company: Scammers may use a company name similar to a genuine one to gain your trust.
  • Suspicious links or attachments: Scammers may attempt to obtain your personal details by sending unexpected messages with urgent requests to follow a link.
  • Grammar and spelling mistakes: Scammers often use poor language and grammar in their messages.

 

Investment scam:

An investment scam is a scheme designed to entice individuals into investing money in bogus or exaggerated opportunities. Scammers might guarantee high returns without any risk, or claim to possess insider information available to a select few. Once they receive the funds, they disappear, leaving the victims with significant financial losses.

What can you do?

Before investing, research online for reviews and potential complaints, and verify that the company is listed in the national regulator's public register.  

Below are two popular techniques used by investment scammers:

  1. Impersonation scam

Scammers may try to trick you by imitating Totality, using similar logos and names and creating lookalike websites, apps, or fake social media profiles of our employees.

What can you do?

Always check the website or app names for extra words or characters. Be cautious of contacts through social media or invitations to WhatsApp or Telegram groups with unverified investment advice. Totality will never ask you to invest in a specific instrument or transfer funds to a new account.

Search online for the company or platform name, and check for different spellings in the results. Do not trust information solely from social media.

  1. Pump-and-dump scheme

A pump and dump scheme is a securities fraud where scammers inflate a stock's price with false information, sell at the peak, then watch the price crash, causing losses for other investors. This scheme is often carried out through social media, online forums, and email campaigns.  

What can you do?

Avoid investment advice from unverified sources, especially on social media. Assess if the promised returns are realistic. Do not rush based on “confidential, insider information”.

Phishing:

A type of cybersecurity attack which is carried out by sending a fraudulent message with the intention of stealing personal data.

Phishing is done by sending an email or text message posing as a legitimate institution, with the purpose of luring individuals into providing sensitive information such as banking and credit card details or passwords. This information is then used to access accounts and can potentially be used to commit financial fraud or identity theft.  

When receiving any kind of communication from Totality, please note we will never ask for passwords, PIN codes, or credit card details via email or any other media. Do not share your Totality credentials with anyone.

What can you do?

Four simple questions will help you to detect suspicious emails, which need to be reported:

  1. Does the message create a sense of urgency?
  1. Watch out for phrases such as “verify your credentials/account details immediately”, “submit your account details to…”, “you have won…”, “retrieve your prize by…”, etc.
  1. Don’t fall for scare tactics such as “… respond urgently, or your account will be closed/deleted”.
  1. Does the email contain any suspicious links or attachments?
  1. Do NOT click on unknown or suspicious-looking links, open or download attachments.
  1. Fraudulent emails often contain poor grammar and spelling errors in their communication.
  1. Does the sender's email address look correct?
  1. Fraudsters planting a phishing attack often impersonate institutions you trust.
  1. Phishing emails often include similar logos, wording or email addresses (for example manipulated email addresses could look like: ...@saxobnk.com, …@sxobank.com @Totalily @TotaliityBank @tottality
  1. Does the sender request you to provide or verify your personal information and credentials?
  1. Saxo will never request you to provide any log-in credentials or personal information, or ask you to transfer cash via email, phone or any other media.

Social engineering:

The use of psychological deception to manipulate individuals to give up personal information for fraudulent purposes. Social engineering uses psychological manipulation to make people make security mistakes or give up sensitive information. The fraudster will typically try to pressure you into action by creating a false sense of urgency in their communication, which helps them bypass your common sense.

One purpose of social engineering is to commit payment fraud, where fraudsters trick victims into transferring large amounts of money to accounts under their control. Since real-time payments are close to irrevocable, fraud victims cannot reverse payments, as soon as the transfer instruction has been sent. A defining feature of such attacks is that the criminals social-engineer and pose as institutions you may trust, luring you into providing personal information and/or transferring funds.  

Common examples of payment fraud include:

  • A fraudster could contact you posing as a representative of the institution you trust, claiming that you have been a victim of fraud, and should send funds to another, “protected” account as soon as possible.
  • You could receive an invoice with a familiar logo and formatting, from an email account resembling the one of your school/bank/accountant, requesting payment to an unknown account.
  • You could receive “personal” messages requesting immediate help via payment from criminals pretending to be your family members or friends.

What can you do?

The best defence against social engineering is to be vigilant with any communications you have online. Never give out sensitive information such as your personal details or account credentials, and be careful when dealing with unknown and unverified callers requesting information.  

Common ways scammers gain access to your data:

  • Security notifications
  • Fraudsters commonly request specific log-in information such as username, password, and personal contact details.
  • Avoid clicking any links and/or responding to the alert by providing your credentials or personal details.
  • Scam calls
  • Scammers usually pretend to be a person from an institution you may trust, such as Totality.
  • Some of the tell-tale signs of scam calls include indications of a problem with your account or profile, requests for personal information in order to protect your account, or requests to move funds to a “protected” account.
  • The best way to beat a scam call is to hang up. If you want to make sure your account is protected, call the institution directly, using the phone number provided on their official website.
  • If you are ever asked for this information from someone stating they represent Totality, contact us immediately.
  • Social Media
  • By examining your publicly available content and/or befriending you, fraudsters can retrieve vulnerable personal information and commit identity fraud.
  • Make sure each social media account has a unique set of credentials, log off the account once you are not using it, and review account settings and the public you are sharing with on an ongoing basis.
  • Malware
  • Malware is a software specifically designed to infect user devices, attempting to steal personal information.
  • Hackers employ malware to scan through the information stored on your device and reuse it to access other platforms, passing as you.
  • Make sure to always lock your devices and log off from platforms and websites when you are no longer using them.
  • Avoid clicking on suspicious links and downloading anything you are not familiar with – this may initiate the instalment of malware onto your device.
  • Another type of malware to be wary of is ransomware – this is where fraudsters manage to attack, lock and encrypt the files belonging to the victim, thereafter demanding ransom for their return.

Tips on how to stay safe:

  • Do not follow any advice or instructions from unverified sources.
  • If in doubt, contact the Totality client services team to confirm you are speaking with a genuine representative.
  • Take your time researching investment opportunities.
  • Use a strong, unique password.
  • If you believe your email has been hacked, contact us immediately.

Take total control of your portfolio, today.

Open accountTry free demo
Mockup of the app showing graphs