At Cyber
5 Ways Hackers Can Access Your Investment Portfolio


Peer reviewed by Kurt Sanger

Cybersecurity Expert

Do you remember the last Wi-Fi-enabled space you visited? With the boom in technology and internet connectivity, it has become commonplace for public locations, such as restaurants, coffee shops, public libraries, mass transportation stations, and personal devices, to offer Wi-Fi. Anyone can access the internet from anywhere, which in turn introduces new cybersecurity risks. 

According to a McKinsey study, about 53 percent of all payments made in the United States in 2020 were digital, largely due in part to the COVID-19 pandemic. Pandemic or not, we are living in a digital transformation era, where cybercriminals target every industry, from financial services to healthcare. And with most processes digitized, we have stepped into a world of seamless connectivity, one where it makes it easier for cybercriminals to access your financial data, no matter how many risk management buffers are put into place.  

Your investment portfolio doesn’t have to fall victim to cybercriminals. We’re going to share some basic cybersecurity practices you can put in place to protect your financial data and investment portfolios. First, let’s dive into exactly how hackers can access your information. 

How hackers access your financial portfolio 


Hackers use phishing to create a sense of urgency via emails that attempt to make you share your important data. Phishing emails appear to have been sent from a well-known organization or any bank or company you might be associated with. Most threats leverage human emotions, such as fear, panic, sense of urgency, etc., to facilitate the effectiveness of phishing campaigns. For example, you could receive an email that claims your ATM card has been blocked and that you need to fill in your bank details for further processing. Another form of phishing involves sending an attachment that, when downloaded, installs malware on your system, leading to further exploits.  

Mobile applications exploitation

Beware of the applications that request sensitive personally identifiable information (PII) from you, such as social security number, address, credit card number, etc. Unfortunately, there seems to be a common misconception that every application on the Google Play store or Apple store is safe. Some applications contain malicious code to compromise confidentiality, integrity, availability, and privacy. Cybercriminals often inject malicious code into trusted mobile applications to allow them to capture user credentials for sensitive activities, including financial transactions. Mobile applications are often compromised to access:

✔️ Privileged accounts  

✔️ SMS messages 

✔️ Camera and microphone 

✔️ Contacts list 


Smishing is another form of phishing—through text or phone calls. Here, hackers attempt to trick you into sharing your private data by creating fake scenarios that mimic real messages that might be sent from a financial organization or bank. First, the hackers gain your trust to obtain your data, and later they try to gain access to your passwords or one-time passwords (OTPs) to access your accounts. 

Insecure networks

Whenever a device is connected to an insecure network, such activity increases the risk of data theft because any hacker nearby could capture the data traffic flowing through said device. When valuable data is stolen, such as personally identifiable information (PII), cybercriminals immediately sell said data on the dark web to other malicious actors for profit. As a result, insecure networks are often used to lure unsuspecting individuals.  


Malware is any malicious software that, once installed on your system, can perform functions like stealing or wiping out sensitive data from your device. There are several types of malware, such as viruses, trojans, spyware, etc. The worst cases of malware hacking occur in systems that have older versions of the operating system and no antivirus protection. 

Investors must recognize that their digital financial footprint is a goldmine for cybercriminals. Vigilance in cybersecurity practices, like avoiding public Wi-Fi for financial transactions and using strong, unique passwords, is as crucial as the investment decisions themselves.

Kurt Sanger Cybersecurity Expert

Protecting your investment portfolio 

With the rapidly changing environment, there isn’t one standard way to protect critical assets, such as an investment portfolio. However, there are some basic security best practices that you can implement to protect your investment portfolio:  

✔️ Regularly monitor your investment account statement and trade confirmations. This includes emails requesting your financial information, which can help you quickly detect any suspicious events. 

✔️ Frequently update the applications hosting your investment portfolio. As financial investment firms leverage mobile applications to facilitate business operations, specific software weaknesses are discovered on trading platforms. Whenever these software weaknesses are discovered, most organizations release quick security patches and updates. Therefore, make sure you update your applications and software as soon as they are released.  

✔️ Use automated “passwordless” managers and password generators. As the cyber threat landscape evolves, avoid sharing your investment account credentials with unverified third parties or writing them down. Today’s hackers are sophisticated when it comes to guessing access credentials, so it’s wise to leverage technology to create strong account passwords and keep them protected.  

✔️ Avoid using public Wi-Fi to access your online brokerage account. Private, secure internet connections are the safest for accessing brokerage or investment accounts, especially when two-step verification is enabled on these accounts. Typically, a one-time password (OTP) is required before you can access their account, which can also notify you if an unauthorized entity is attempting to access your investment account. If you do need to access your account in public, consider an approved Virtual Private Network (VPN)—this creates a secure tunnel around all browsing activities from your IP address.  

As digital transformation continues to transform the financial services and investing industries, it’s more important than ever before to take the necessary cybersecurity steps to protect your investment accounts from hackers. Consider implementing basic security practices into your routine to keep your financial data protected and secured.  

Need help getting started with cybersecurity? Let Batten help. Take our quiz for personalized security solutions today.