General security rules for using the application Online Broker (OLB)
1. Use the OLB application and all access information solely and exclusively you yourself alone
Keep printed documents that you have received from us in a safe place. In the event of a suspicion of an attack or misuse of your account or entry data to it, contact us on our Infoline at +420 498 777 770 or mail info@akcenta.eu.
2. Rules for work by multiple users on one computer
Do not allow another person to log on under your user name. Do not store names and passwords in publicly accessible files. Upon suspicion of the misuse of your login data to your rights accounts, ask AKCENTA CZ to block them. Protect your login name and password – never disclose them to another person.
3. Rules for working in Online Broker
Before logging in, close all other browser windows and launch Online Broker in a new window. We recommend using the latest versions of web browsers and operating systems.
4. Rules for working with passwords
As a rule, do not disclose your password to anyone and make it impossible to recognize it when entering it into the computer.
5. Rules for working with the authentication code
You will receive the verification code by SMS to the phone number you provided when signing the contract. The validity of the verification code is 3 minutes. Do not disclose the valid verification code to anyone and do not allow anyone to read or otherwise obtain it from your phone.
6. Rules regarding internet browser settings Always use only the latest browser versions. Carefully consider whether you want to store your login information in your browser.
7. Rules for using your computer
We strongly advise against installing programs and files from untrusted sources (especially illegal software and amateur products). These programs are often associated with applications that can compromise the security of your computer. Pay particular attention to reading emails with attachments that may contain malware. Use an antivirus program that includes a firewall and ideally a module to protect email communications.
8. Other recommendations
When accessing a web server, consistently check the validity of server certificates in your web browser. Nowadays, a good and authenticated browser will warn you if the connection to the web is insecure by letting you know in a significant way. (Before connecting to a site with an insecure connection, it will display a page where you can choose whether you really want to continue to that site, or it will display a red exclamation point icon in the address bar)
Phishing
What is phishing?
Phishing is, for example, fraudulent email messages that only look like an email from a valid sender. At first glance, the email looks valid, but on closer inspection of the sender's address, it may differ by just one character, or you may find that the link in the email leads to a fraudulent site. The attachment may look like an innocent-looking Excel file, but even an Excel file can contain malicious code. And the application you're supposed to install to get to the attachment is actually malware. The sender of such an email is simply trying to coax sensitive information such as login credentials (client number, password, security code and other security details) out of you to abuse it. Therefore, when reading emails, it is worth remembering that not all emails that reach you are from valid senders and to take care before entering sensitive data or triggering attachments. In the context of Akcenta CZ, a phishing email may look like information about a failed payment, a request to update security information or a client satisfaction survey. There are no limits to imagination.
Diversion of payments
Beware of fraud
Fraudulent behaviour can take many forms and because of new technologies, there are always new ones. We therefore warn our clients of illegal actions, within which a diversion of payments can occur.
The whole system works as follows: the perpetrators manage to hack into the supplier’s email account and informs the company (our client) on the supplier’s behalf, to change bank details pertaining to the payment of the supplier invoices. The company in question subsequently modifies the payment instructions for their trading partner and the payments are subsequently remitted in favour of the fraudulent account. The company in question usually finds out only on the basis of the supplier’s urgent notice of claim for unpaid invoices.
For this reason, we recommend our clients to always verify in several ways (other email or phone) if it is really their trading partner who is actually changing the number of the bank account and not a fraudulent third party.