Security | American Funds


The security of your clients’ personal information is critically important to us. That’s why we have a robust security program and infrastructure, including a team of cybersecurity and risk management professionals to help monitor and protect their personal information 24/7.
We review each report of unauthorized access thoroughly, and in the event of a financial loss, we assess the facts and circumstances for potential reimbursement to your client’s account. See Report Fraud or Suspicious Email for more information.

What We Do

We utilize a variety of controls to detect and prevent unauthorized access to our network and sensitive information. Our cybersecurity response program fulfills the requirements of federal and state laws and includes appropriate notifications to investors and advisors when warranted.

Our security program also features comprehensive safeguards for your clients’ accounts. To help keep their information safe, we:

  • Regularly refine and update security features. We review industry security standards and perform system testing on an ongoing basis to help identify and implement the most up-to-date techniques and technologies, and verify that our system is performing as expected.

  • Actively monitor threats. We communicate with financial industry security groups and government agencies to monitor the threat landscape for emerging and active threats.

  • Educate employees. American Funds associates are required to participate in ongoing security training, including how to handle sensitive data and be aware of security risks.

  • Offer image verification during login. Before your clients enter their online password, we ask that they verify their personalized security image. That way they can be confident that they’re accessing our website, as opposed to a fake site that may be attempting to “phish” for their personal information.

  • Challenge questionable website access. If we’re uncertain about a login attempt on your clients’ account, we’ll challenge the user to answer security questions in addition to requiring your password.

  • Display last login information. The date and time of your clients’ most recent login will display in his or her account information.

  • Mask confidential information. Your clients will see asterisks or similar symbols in login fields and in place of their Social Security number. We’ll never mail passwords or answers to security questions.

  • Enforce website timeouts. Online sessions will automatically time out after 20 minutes of inactivity.

How Your Clients Can Help

Security is a partnership. Share these steps with your clients to help them protect their sensitive information.

  • Sign up for e-delivery. Turn off paper delivery of American Funds transaction confirmations and quarterly statements (we’ll send your clients an email with a link to view the information online instead). If your clients’ other financial institutions also provide this service, we recommend that they enroll in it.
  • Review confirmations and statements. Your clients should notify us immediately if they spot unauthorized activity on their American Funds transaction confirmations or quarterly statements. If they’ve signed up for Account Activity Notifications, they’ll also receive email notification of certain transaction requests and account updates.
  • Look out for paper confirmations. We mail a confirmation to the address of record following address changes and website password updates. Your clients should make sure that they made or authorized the change.
  • Protect their Social Security number. Your clients should store their card in a safe place and avoid giving the number to others and take measures to keep any other documents containing the number confidential.
  • Shred documents. These include credit card offers, bank statements, junk mail and any other documents that may reveal personal information about your clients.
  • Sign up for a credit-reporting service. Your clients should stay on top of who’s requesting access to their information — and why.
  • Avoid sharing personal information. Your clients should be alert to unsolicited contacts that attempt to learn personal information online, by email or phone. These inquiries may seem innocent, but any information your clients provide could be used as part of a more complex fraudulent scheme.

Steps your clients can take to help prevent fraud online:

  • Think before they click. Your clients should be cautious about clicking on links, especially in emails, and be sure they link to a trusted website. It’s useful to get in the habit of hovering over links to see the underlying Web address. If your clients are unsure about a firm’s link, they can go to the website by typing the correct address in their Web browser.
  • Create smart passwords. Your clients should make passwords hard for others to guess by using a combination of letters, numbers and symbols that are meaningful only to them. They should avoid using the same password for multiple websites, particularly financial websites, and change their password often.
  • Be wireless-wise. Your clients should not use public Wi-Fi to access websites with sensitive information such as financial records, banking transactions, business-related documents or other personal information. When setting up their home network, your clients should follow the manufacturer’s security recommendations to be sure their wireless signal is properly encrypted.
  • Keep their operating system and software current. When possible, your clients should use the latest operating systems available for their computers and devices. Also, your clients should be diligent about responding to software updates to help ensure the highest level of security for their devices.
  • Activate security features. These include pop-up blockers and other features provided in the range of products your clients use.
  • Use antivirus software. Your clients should consider installing antivirus software designed to detect and remove malicious software (malware) from their computer. Keep software up to date to help protect their computer from the latest viruses and other malware.
  • Set up a firewall. Your clients should make sure their personal computer and home network are properly protected from malware. Check to see that the firewall has been properly installed — or enabled if it came bundled with their operating system.
  • Pay attention to time stamps. Your clients should look for the “last login” date/time stamp when they log in to and other sites that provide such a stamp. If the stamp doesn’t correspond to their most recent visit, follow up.
  • Skip the use of public computers. Access financial and other sensitive personal information online using a known device, such as their personal computer, with the necessary protections and security features in place.

Report Fraud or Suspicious Email


1. Contact us

Contact us immediately in the event of fraudulent activity. We’ll take the appropriate steps to monitor your clients’ American Funds accounts.

2. Contact a consumer credit company

We recommend that your clients place a fraud alert on their accounts by contacting one of the following three consumer credit companies:

  • Equifax:
    (800) 525-6285
    Equifax Credit Information Services, Inc.
    P.O. Box 740241, Atlanta, GA 30374-0241
  • Experian:
    (888) EXPERIAN (397-3742)
    P.O. Box 9532, Allen, TX 75013
  • TransUnion:
    (800) 680-7289
    Fraud Victim Assistance Division,
    P.O. Box 6790, Fullerton, CA 92834-6790

Please note: Your clients only need to inform one consumer credit company since it’s required by law to share your fraud alert request with the other two.

3. Review credit report

Once your clients request a fraud alert, they’re entitled to free copies of their credit report. These should be reviewed for suspicious activity and inaccuracies. If your clients find unauthorized accounts or charges, they should take the appropriate steps to get them corrected.

Suspicious Email

We’ll never ask for account information, including passwords, via email. If your clients suspect that they’ve received a fraudulent email, please forward it to us at Do not click on any links in the email.

If your clients are uncomfortable forwarding suspicious email, they may also call us. Please be sure to write down the title of the email they received, along with the sender’s name or address and the file names of any attachments.

Fraud Basics


Phishing is the most widely known form of fraud. It typically involves someone sending an email that appears to be legitimate from a reputable source. It may contain real information, including a company logo and branding, or even personal information gleaned from your social networking site. These emails then urge you to take action — e.g., click on a link, open an attachment or respond to a message.

There are two primary types of phishing: broad phishing, where the attacker casts a wide net and hopes to “hook” one or more victims, and spear phishing, where the attacker carefully researches their victims using publicly available information in order to make the message appear more legitimate.

Phishing attempts typically:

  • Pretend to be from banks and other financial institutions, entities that process payments or individuals with an offer that’s “too good to be true”
  • Appear convincing due to copycat logos, fonts and other graphic elements
  • Include a link to an illegitimate webpage where you’ll be asked to enter your personal or account information

Phishing attacks may also occur over the phone.


Malware includes spyware, viruses and other types of malicious software that are installed on your computer, smartphone and other devices without your authorization. Malware typically collects information about you — the passwords you use, the websites you visit — simply by watching you type or surf the Web. Malware may also take over your computer for nefarious purposes such as sending email you didn’t write or spreading computer viruses.

Malware is typically installed through:

  • Malicious websites that attack computers with out-of-date operating systems or antivirus software
  • Links in pop-up ads
  • Shareware and other downloadable software
  • Deceptive security software offers

Computers with malware may:

  • Operate slowly
  • Be inundated by pop-ups
  • Redirect users to URLs different from those entered
  • Include unknown toolbars and icons
  • Display out-of-the-blue error messages

If your clients suspect their computer has been infected by malware, they should take the necessary steps to remove the unwanted software from their computer.

Identity Theft

Identity theft involves the impersonation of an individual through the fraudulent use of their personal and account information — e.g., driver’s license, Social Security number, bank account and other numbers, as well as usernames and passwords.

Identity thieves obtain information in a number of ways:

  • From the trash
  • By stealing mail, purses and other personal items
  • By copying credit card or other information during a transaction
  • Through phishing attacks
  • By submitting false address changes

Learn More

Learn more about fraud and how you can spot it at

Investments are not FDIC-insured, nor are they deposits of or guaranteed by a bank or any other entity, so they may lose value.

This material is intended for use by financial professionals or in conjunction with the advice of a financial professional.

Investors should carefully consider investment objectives, risks, charges and expenses. This and other important information is contained in the fund prospectuses and summary prospectuses, which can be obtained from a financial professional and should be read carefully before investing.