Staying safe online

View our basic tips to help you stay safe online, check current fraud scams that you should be aware of, and see an outline of what you should expect from us as a company.

Be wary of fraudsters

Watch out for online contact from fraudsters who are offering victims the opportunity to take part in ‘get rich quick schemes’ by trading in financial instruments.

How a typical scam works:

  • Individuals set up social media accounts and include screenshots of trading, cash and try to convince followers that they are established and successful traders of financial instruments
  • The fraudsters may purport to work for regulated firms.
  • Victims will approach the fraudster, or vice-versa, to enquire about trading through them.
  • The fraudster will ask you to make payment into an account name which doesn’t match the company they purport to represent, providing false assurances that your money is safe.
  • In a few days the fraudster will follow up to say that the value of the victim’s investments has doubled and ask for a further payment to “release” the funds back to the victim, or threaten that the entire balance including the original capital will otherwise be lost.

If you have made a direct payment to someone who operates a social media account with the above characteristics and have suffered a financial loss, you may be a victim of online fraud.

You are advised to make a report to CertNZ by speaking directly to their specialist advisers on 0508 638 723 . For more information please visit www.govt.nz/browse/law-crime-and-justice/scams/.

When reporting, it’s helpful to have the following available:

  • Details of the bank account you made a transfer to, as well as the dates and sums involved.
  • The social media account details you have communicated with.
  • Any email address or telephone number you’ve had communication from in relation to the scam.
  • Screenshots of conversations or social media profiles, as these are quickly shut down when the fraudsters move on.

Please note, CMC Markets employees will never:

  • Offer access to products and services to anyone through social media channels.
  • Seek to arrange payments of any sort through social media channels.
  • Share account updates or balances through personal texts or direct messages on social media.

Be wary of adverts online and on social media promising high returns for trading in financial instruments. If you have already invested in a scam, fraudsters are likely to target you again or sell your details to other criminals. The follow-up scam may be completely separate or related to the previous fraud, such as an offer to get your money back or to buy back the investment after you pay a fee.

Protecting your online identity

It’s extremely important that you remain vigilant to security threats when online, and report anything to us that you feel may be suspicious.

​See our 7 tips to stay safe:

  1. Think and check before clicking on links in emails and text messages.
  2. Be wary of suspicious emails – validate any unusual or unexpected payment instructions. Contact us to verify if it’s a legitimate email.
  3. Don’t ignore security warnings on your browser – this may mean the site is fake or being intercepted.
  4. Create safe passwords – see more below.
  5. Turn on two-factor authentication (2FA) – an additional security check to verify your identity.
  6. Use trusted mobile apps and lock your device when you’re not using it.
  7. Keep your software and operating system up-to-date to help prevent online attacks. Turn on automatic updates to keep your operating system and software, which often have security features, up-to-date.

Good passwords

Using passwords sensibly helps keep you safe and protects your online activity.

Keep passwords safe

  • Avoid password reuse – reusing a password multiple times makes it less secure, as one breach compromises all the accounts with the same password.
  • Don't share your passwords with anyone.
  • Consider using a password manager – an app on your device that stores your passwords so that you can keep them long and unique and don’t have to remember them all. Learn more about password managers.

Choose a good password

  • Use as many characters as you can – a longer password is harder to decipher.
  • Avoid anything that can be easily guessed, such as sequences, or your address or birthday.

Consider a passphrase: instead of creating a string of letters, numbers and symbols, use words that tell a story. It can be easier to remember, while also making it difficult to guess. Learn more in this Cert NZ article.

Product security

We endeavour to adopt the latest technology and practices to maintain the security of your data and your account. This includes the protection of your data and ensuring secure access to your accounts and the trading platform.

Security is built into our products and platform, and we subject them to regular penetration testing by independent security experts to ensure any new features or releases meet our high standards. Any identified security issues are reviewed and quickly resolved.

Protecting your data

We appreciate that when you open an account and share your data with us, you trust us to handle your information with care. We’re committed to protecting the privacy of all personal information that we obtain from you, and fully comply with the standards introduced by European data protection law, known as the General Data Protection Regulation (GDPR), which took effect from 24 May 2018.

We adopt industry and information security best practices to protect your personal information, ensuring that unauthorised persons do not access it. This includes encryption of data during transmission, strong authentication mechanisms, cyber security processes and secure access to machines and data. We also train our employees who handle personal information to respect the confidentiality of customer data and the privacy of individuals. In keeping with our commitment to being transparent about how we use your data and ensuring it's safe, please view our privacy policy.

2FA

Two-factor authentication, or 2FA, is an added layer of security that requires you to enter a verification code, as well as your password, every time you log in to your online account. You’ll receive a 'one-time password' (OTP) and then enter it when prompted, when logging into your account. You can choose to receive OTPs either through your mobile app, which will typically involve scanning a QR code on screen, or by SMS. Once you've switched on 2FA for your account, it will become a mandatory step in the login process every time you access your account, through our online trading platform and mobile apps. Learn how to set up 2FA here. Enabling this option protects your account so even if someone discovers your password, they can’t log in without the code, which is sent to your phone.

Organisational security

Security is a key priority for us – we have dedicated resources around the world to monitor for threats and respond to incidents.

Employee training and awareness

All our employees undertake a rigorous training programme on an ongoing basis, including regular reviews of all our policy documents, with assessments to prove understanding and awareness. 

Third-party risk assessments

All our third-party providers are assessed before we engage with them, and any critical suppliers are reviewed on a regular basis to ensure they meet our standards and regulatory requirements.

TOP