We use a variety of controls to detect and prevent unauthorized access to our network and sensitive information. Our cybersecurity response program fulfills the requirements of federal and state laws and includes appropriate notifications to investors and advisors when warranted.
Our security program also features safeguards for your clients’ accounts. To help keep their information safe, we:
Regularly refine and update security features. We review industry security standards and perform system testing on an ongoing basis to help identify and implement the most up-to-date techniques and technologies, and verify that our system is performing as expected.
Actively monitor threats. We communicate with financial industry security groups and government agencies to monitor the threat landscape for emerging and active threats.
Educate employees. American Funds associates receive ongoing security training, including how to handle sensitive data and be aware of security risks.
Offer image verification during login. Before your clients enter their online password, we ask that they verify their personalized security image. That way they can be confident that they’re accessing our website, as opposed to a fake site that may be attempting to “phish” for their personal information.
Challenge questionable website access. If we’re uncertain about a login attempt on a client’s account, we’ll challenge the user to answer security questions in addition to requiring the client’s password.
Display last login information. The date and time of a client’s most recent login will display in their account information.
Mask confidential information. Your clients will see asterisks or similar symbols in login fields and in place of their Social Security number. We’ll never mail passwords or answers to security questions.
Enforce website timeouts. Online sessions will automatically time out after 20 minutes of inactivity.
Use encryption to secure your data. We use industry standard security protocols that leverage encryption to create a secure online environment. The green bar in the browser helps identify that you are on the official American Funds website.
Security is a joint effort. Share these steps and best practices with your clients to help them protect their sensitive information.
1. Contact us
Contact us immediately in the event of fraudulent activity. We’ll take the appropriate steps to monitor your clients’ American Funds accounts.
2. Contact a consumer credit company
We recommend that your clients place a fraud alert on their accounts by contacting one of the following three consumer credit companies:
Please note: Your clients only need to inform one consumer credit company since it’s required by law to share their fraud alert request with the other two.
3. Review credit report
Once your clients request a fraud alert, they’re entitled to free copies of their credit report. These should be reviewed for suspicious activity and inaccuracies. If your clients find unauthorized accounts or charges, they should take the appropriate steps to get them corrected.
We’ll never ask for account information, including passwords, via email. If your clients suspect that they’ve received a fraudulent email, please forward it to us at email@example.com. Do not click on any links in the email.
If your clients are uncomfortable forwarding suspicious email, they may also call us. Please be sure to write down the title of the email they received, along with the sender’s name or address and the file names of any attachments.
Phishing is the most widely known form of fraud. It typically involves someone sending an email that appears to be legitimate from a reputable source. It may contain real information, including a company logo and branding, or even personal information gleaned from your social networking site. These emails then urge you to take action — e.g., click on a link, open an attachment or respond to a message.
There are two primary types of phishing: broad phishing, where the attacker casts a wide net and hopes to “hook” one or more victims, and spear phishing, where the attacker carefully researches their victims using publicly available information in order to make the message appear more legitimate.
Phishing attempts typically:
Phishing attacks may also occur over the phone.
Malware includes spyware, viruses and other types of malicious software that are installed on your computer, smartphone and other devices without your authorization. Malware typically collects information about you — the passwords you use, the websites you visit — simply by watching you type or surf the Web. Malware may also take over your computer for nefarious purposes such as sending email you didn’t write or spreading computer viruses.
Malware is typically installed through:
Computers with malware may:
If your clients suspect their computer has been infected by malware, they should take the necessary steps to remove the unwanted software from their computer.
Identity theft involves the impersonation of an individual through the fraudulent use of their personal and account information — e.g., driver’s license, Social Security number, bank account and other numbers, as well as usernames and passwords.
Identity thieves obtain information in a number of ways:
More information on identify theft and protecting your clients’ identities can be found at these websites:
Learn more about fraud and how your clients can spot it at OnGuardOnline.gov.
Investments are not FDIC-insured, nor are they deposits of or guaranteed by a bank or any other entity, so they may lose value.
This material is intended for use by financial professionals or in conjunction with the advice of a financial professional.
Investors should carefully consider investment objectives, risks, charges and expenses. This and other important information is contained in the fund prospectuses and summary prospectuses, which can be obtained from a financial professional and should be read carefully before investing.