Tips for more security online

Given the rise of AI-driven cybercrime, fraud attempts are now more personalised and convincing than ever before. Phishing attempts and malware with the goal of accessing personal information, are prevalent in the financial transaction space. Here you can find out how to recognise fraudulent attempts and protect yourself against them - increase your own security by following these principles.

1. Recognise fraudulent emails. Be aware that messages purporting to come from your bank, that are AI-driven scams, often lack grammatical errors and present near-perfect language, so are not always easy to spot. However, you should always be suspicious of messages in which the sender presents a matter to you as particularly urgent or supposedly containing secret information.


2. Do not click on links in suspicious emails or in messages whose sender you cannot clearly identify as legitimate. You may be able to recognise suspicious links if you hover over them with the mouse: Mouse-over often shows the address to which the link leads. If the link shows an unidentifiable page or not clearly the official page of the company whose offer you are using, do not click on it under any circumstances.


3. Do not open any email attachments from unknown senders. Malicious software is often spread via email attachments in various file formats. Do not open attachments in unexpected emails from supposedly trustworthy senders. If in doubt, ask in a new e-mail to the sender - not in a reply to the message received.

Further information on how to recognise fake and malicious emails can be found on the website of the French National Agency for the Security of Information Systems.


4. Do not reply to dubious messages. If you want to verify whether an email actually comes from a trustworthy sender, ask them. Either open a new email and enter a known email address of the sender yourself or contact the sender by other means, for example by telephone (always use an official, known telephone number, not one provided in the suspicious message).


5. Be vigilant against impersonation. Criminals are increasingly trying to pose as trusted entities (Scalable, banks, official authorities) to pressure you. Pay close attention to these warning signs that indicate fraud:


• Authority impersonation: Unexpected calls, requests for TAN/2FA codes, demanding money be moved to a "safe" account, or the installation of remote-access software.


• Fake groups: Fraudsters use fake websites or groups (WhatsApp/Telegram) or claim to be from Scalable management to pressure you into investing. Always verify the communication via official channels.


6. Do not share your access credentials with anyone. Access details, such as your personal password, are the most important protection for user accounts, for example your account with Scalable Capital. Do not provide your login details even if you are asked to do so by email or phone call. Scalable Capital will never ask you for TANs, 2FA codes, passwords, transfers to "safe" accounts, or the installation of remote-access tools. If you receive such a request, do not respond to it and call back on a known Scalable Capital telephone number.


7. Keep your operating system, virus protection and other software up to date. Always install any updates offered for the operating system of your computer or mobile device and regularly check that it is up to date. Use an up-to-date virus scanner and, ideally, a firewall to prevent unauthorised data exchange between your computer and the Internet. Use the latest available version of well-known browsers for surfing.


8. Apps: Use the latest version from a secure source. If you use apps, such as the Scalable Capital app for Android or iOS, only download them from the official app stores. Always use the latest version.


9. Surf safely. Try to avoid using a public WLAN for confidential business on your mobile device, including transactions relating to money and investments. Instead use your device's mobile data connection. At home, you can use your secure home Wi-Fi.


10. Use a Password Manager for strong and personalised passwords. This is the most effective step to bolster password security, allowing you to generate and store strong, unique and personalised passwords for all of your accounts. This eliminates the need for reuse and memorising complex character strings, protecting you from credential stuffing and brute-force attacks. Secure behaviour becomes effortless, letting you log in with just one master password, or ideally, a biometric scan. Using a jailbroken phone undermines password management, as the security barriers that prevent apps from accessing each other’s data are weakened or removed. Malicious apps or background processes could intercept keystrokes, read autofill data, extract password-manager, or even hook into system APIs to capture otherwise protected credentials.


11. Activate two-factor authentication (2FA). 2FA is your most important safeguard against unauthorised access, even if your password has been stolen. 2FA for your Scalable Capital login is mandatory and ideally you use it as well for your email accounts. This ties access to your mobile device.

There will probably never be one hundred percent protection against fraudulent attacks in both analogue and digital life. However, if you follow the tips mentioned above; with minimal effort you can significantly increase your own security when investing online.