Top Content Curve

Marketwatch

News | Indices
Dow 10023.42 +17.46 4:30pm
Nasdaq 2112.44 +7.12 5:30pm
S&P 500 1069.30 +2.67 4:59pm
Separate multiple symbols with a space

FAQs

Online Client Security

E-mail Fraud & Identity Theft

What is a fraudulent e-mail?

A fraudulent (a.k.a. spoofing, imposter, or phishing e-mail) is one that has been forged so it looks like a legitimate e-mail from a particular organization (such as Morgan Stanley Smith Barney). The goal is usually to trick you into providing sensitive personal information that can be used for identity theft. It's often hard to detect a fraudulent e-mail. That's because the e-mail address of the sender often seems genuine (such as support@smithbarney.com), as do the design and graphics. But there are telltale signs to be aware of. For example, fraudulent e-mails often try to extract personal information from you in one of two ways:

  • By luring you into providing it on the spot (e.g., by replying to the e-mail)
    or
  • By including links to a site that tries to get you to disclose personal data.
Divider

What is phishing?

Phishing is a term used to describe fraudulent attempts to steal an individual's identity through e-mail. Scam artists use this technique, posing as legitimate companies, to try to convince clients to divulge their confidential information, such as card numbers, account numbers and PINs. Clients should never provide confidential information in response to an e-mail.

Phishing Examples

Phishing Attempt: What you are about to read is an example and is not an official request from Morgan Stanley Smith Barney.

>

>

Additional Example: Another phishing email brought users who clicked on it to a false log on page. The screen asked for the DEBIT/FMA CARD number, EXPIRATION DATE, and ATM PIN. (Reminder: What you are about to read is an example and is not an official request from Morgan Stanley Smith Barney.)

back to top
Divider

Can I be sure that I'm dealing with Morgan Stanley Smith Barney?

You can tell that you're dealing with Morgan Stanley Smith Barney because:

  • Morgan Stanley Smith Barney will never send you an e-mail asking for your passwords, credit or debit card numbers, or other sensitive information.
  • If we request information from you, we'll always direct you back to a Morgan Stanley Smith Barney site using links. These are for your convenience — you can also reach our site using your bookmarks or any of our published URLs.
  • If you're required to enter personal information to perform a transaction, it's always done on a site secured with SSL technology — you can tell because there'll be a padlock icon at the bottom of your screen. Most important, if you click on the padlock, a security certificate will pop up. In it, there's a section that says "Issued to:" If it's really a Morgan Stanley Smith Barney site, then the URL will end in "smithbarney.com."
  • You will always be asked to log onto the site before any other information is requested from you on a subsequent screen.
back to top
Divider

Can I tell if an e-mail is a fraud?

To tell if an e-mail is from Morgan Stanley Smith Barney, you need to view the site that the URL is taking you to. Here's how to do so with HTML- and text-based e-mails:

HTML-based e-mail. In HTML e-mails (with graphics), to view the destination URL position your cursor over the link or button; the URL should appear in your e-mail program's status bar at the bottom of the window.

However, spoof URLs are intentionally long, so only the first part is usually visible in the status bar. It might look genuine, but it's not a guarantee of where you'll end up. Therefore, you need to view the entire URL and go there to make sure it's really a Morgan Stanley Smith Barney site. To do this:

  • Position your mouse over the link and right click.
  • Select Copy.
  • Paste the URL into Notepad (or any text editor).
  • When you arrive at the site, doubleclick on the padlock icon and make sure that it's "Issued to" a URL that ends in smithbarney.com.

Text-based e-mails. Text-based e-mails also tend to contain very long URLs that you click on to get to a site. However, the URL may not represent the true destination. Here's how to verify that you're really at a Morgan Stanley Smith Barney site:

  • Paste the URL into your browser.
  • When you arrive at the site, doubleclick on the padlock icon and make sure that it's "Issued to" a URL that ends in smithbarney.com.
back to top
Divider

Where do I report suspicious or fraudulent activity involving my Morgan Stanley Smith Barney account?

If you receive a suspicious message that appears to be coming from Morgan Stanley Smith Barney, or discover a potentially phony Morgan Stanley Smith Barney website, please let us know by calling 1-800-221-3636 or forward the suspicious e-mail to spoof@citicorp.com. We take these incidents seriously and may work with our internal investigations team or law enforcement agencies to investigate them.

back to top
Divider

How do I report other suspicious or fraudulent e-mails?

You should report other suspicious activity or e-mail communications to the Federal Trade Commission (FTC). Send the actual e-mail you received to spam@uce.gov. If you believe you've been scammed, file your complaint at ftc.gov, then visit the FTC's Identity Theft Website ftc.gov/idtheft to learn how to minimize your risk of damage from identity theft.

back to top
Divider

What is Identity Theft?

Identity theft and account fraud happen when someone steals personal information such as your bank account number or Social Security number and then poses as you, possibly withdrawing money from your account or running up debt in your name, or both. The threat is real, and the federal government estimates 400,000 people are victimized by these crimes each year.

back to top
Divider

What do I do if I am a victim of Identity Theft?

The Federal Trade Commission (FTC) recommends:

  • Contact your financial institution and let them know you have been a victim of identity theft
  • Report the identity theft and request a "fraud alert." This requests that you will be contacted before any new account is opened and/or an existing account is changed.
  • Request copies of credit reports. Review the reports carefully and identify any new accounts that may have been opened. Pay particular attention to the section of the report that lists "inquiries" from new companies. Contact these companies immediately and have them remove any pending or new accounts from their system.
  • Contact the fraud departments of creditors to dispute unauthorized charges (e.g., credit card issuer, phone companies, utilities, banks, other lenders.) Describe your identity theft problem and follow up with a letter.
  • File a report with your local police department and ask to file a report. This may help when clearing your credit.
  • File a complaint with the FTC. The FTC receives complaints from victims of identity theft, provides information to those victims, and refers complaints to appropriate entities, including the major credit-reporting agencies and law enforcement agencies.
    • By phone: 1-877-ID-THEFT
    • Online Complaint Form: www.consumer.gov/idtheft

For more information, please contact your Financial Advisor.

Bottom Content Curve