Phishing attempts generally have several key characteristics. Although each attempt is different, they often contain one or more of the below traits.
This is the ultimate objective of phishers. An email, pop-up window, or fake Web site will ask you for your user name or ID, your passwords, or other sensitive information. Please scrutinize any request for information that you receive and if you are at all unsure if it came from us, contact us to find out.
Often, the address of the Web site to which you are misdirected will show telltale signs that it is an imposter. If you are asked to provide personal information on any site, check the address and make sure it starts with https:// instead of http://. (The "s" indicates that the site is secure.) Also, check for an "@" anywhere in the Web site address; if you see one, it likely means you are being redirected to a site other than the one you wanted to visit. Make sure the address has a .com when it's supposed to. Many sites will have an address similar to the one you intend to visit, except the .com might be replaced by .net. Unfortunately, seeing https://, the padlock, and the digital certificate is not always a guarantee that you're at a secure site and not a fake one. If you sense something is suspicious even when you see these security indicators, please contact a TD Ameritrade Client Services representative right away.
Instead of addressing you by name, phishing email often start with, "Welcome Card Member" or another generic greeting, with no information specific to you. There are some cases where TD Ameritrade may send an email with a generic greeting; however, if this happens, we will also include some identifying information such as the last 4 digits of your account number.
One way phishers prompt you to respond is by threatening you about your account, for example, by claiming it will be closed or suspended. This sense of urgency is intended to prompt people to act fast without thinking.
Phishers might say that the company has lost your information and needs you to re-enter it.
If an email message includes a link to the company Web site, increase your safety by typing the address in a new browser window instead of clicking the link.