COL website hacked? Here’s how to protect your stock trading account

James Ryan Jonas

The website of COL Financial got hacked?

In an email sent to COL clients last Friday, October 20, COL’s President and CEO Dino Bate mentioned that there was a “possible breach” in the COL system.

The good thing, though, is that COL Financial has assured clients that account balances and stock holdings were not affected. At present, there have been no news of anyone complaining about or reporting unauthorized withdrawals as a result of the incident.

However, it appears that the hacking incident involved unauthorized access, perhaps even stealing, of personal information of clients. The company hasn’t officially confirmed the breach, but what’s troubling is that if this is true, then it could mean hackers have gotten hold of the personal details of some, or worst, all of COL clients. We’re hoping COL will provide updates, and hopefully positive updates, about this incident next week.

Here’s a copy of the letter sent by COL’s President to clients last Friday:

Dear COL Client,

I am writing to you today to inform you that we discovered a possible breach in our system involving some personal client information.

While this possible breach has not been confirmed, please be assured of the integrity of your account balances and stock positions, and that your account transactions have not been compromised. In addition, we have internal control procedures that prevent unauthorized withdrawals from your account.

We have taken action to further strengthen the security of our systems. We also recommend as a standard practice that you regularly change your password.

Should you have further questions, you may reach us at helpdesk@colfinancial.com. We will do our best to respond to you as soon as possible.

Thank you.

Dino Bate
President & CEO

This hacking incident proves that even large, publicly-listed companies find it a challenge to secure their systems against hackers. They may spend millions of pesos or dollars, but it appears no system can be 100% hack-proof.

Unfortunately, individuals are more prone to hacking attacks. So to ensure that your COL Financial account (or any other online account) is protected, we recommend that you adopt these eight (8) online security tips.

8 Security Tips to Protect your COL Financial account 

Tip #1: Once logged in to COL Financial’s website, always check your “Last Login”.

The COL Financial website shows your “Last Login” information whenever you log back in to your account. Always check this information and see if it corresponds to the date and time you last accessed your COL account.

If there are discrepancies, for example, you believe you did not access it during the date and time showed in the “Last Login”, immediately report the incident to COL Financial at helpdesk@colfinancial.com.

This “Last Login” information can be found here:

Tip #2: Use strong passwords.

Your account password should be strong and complicated enough so that other people will find it difficult, if not impossible, to guess the password. Your password should preferably be a combination of letters and numbers, using uppercase or capital letters, and also with symbols such as question mark (?) or exclamation point (!) or asterisk (*).

Never use any personal information in your password, such as birthday, or your student or employee ID number, or condo unit or home address. Hackers can easily guess these information, sometimes, just by checking your Facebook or social media accounts. Opt for a password that’s difficult to crack, and preferably don’t use just one password in all your online accounts.

To change your COL Financial password, go to Home > Change Profile > Change Password in the COL Financial website.

Tip #3: Change your password regularly.

This is probably a bit of a hassle, but changing your password regularly can help deter hackers from guessing your password and ultimately accessing your account. We suggest you change your password every 6 months or whenever you deem it necessary. Go back to our Tip #2 for ideas on what password to use.

Tip #4: Don’t just close your browser; log out of your COL account when you’re done with the session.

Some users simply close their browsers when they’re done accessing their COL accounts. They are not aware that some browsers actually save the browsing cache and history which means another person who will open the browser in the same PC may be able to log in to the account.

So that the next person using the PC won’t be able to access your account, follow this simple tip. When you’re done with your COL session, do NOT simply close your browser. Click the Logout button and wait for the browser to show that you’re fully logged out.

Tip #5: Don’t click links on emails sent by strangers or people you do not trust.

Emails with dubious links could be installing spyware software on your PC that could steal personal information, such as your login usernames and passwords. These software send the stolen information to a hacker who will access your account.

To protect yourself, make it a rule to not click on any link you see in an email. Clicking on it activates or installs the malicious software. Only click links in an email if absolutely necessary and if you fully trust the sender of the email.

Tip #6: Update your computer and install anti-virus / anti-spyware spyware.

Older versions of your computer’s operating system (Windows or Mac OS), browser (Google Chrome, Safari, Internet Explorer, Microsoft Edge, etc.), or other installed software may be vulnerable to a hacking attempt. Make sure you are using the latest version since the latest versions usually have security updates that protect your PC.

Also install anti-virus and anti-spyware software. Viruses and spyware can lead to vulnerabilities that open your PC to hackers. There are several free anti-virus software that can scan your computer’s files and emails and instantly delete any viruses found.

Anti-spyware software, meanwhile, helps protect your PC from malicious programs that are usually installed without your consent. Once installed, these spyware could monitor your computer usage, save the websites you visit, and collect the passwords you use. Armed with these information, the hacker can easily take over your online account.

Tip #7: Only use computers or wi-fi networks you trust.

When accessing your COL Financial account, make sure you’re using a trusted computer and a secure wifi network. Some public computers, for example those in internet shops, may have malicious software installed. As explained in Tip #6, these software or spyware could collect your passwords or personal information and discreetly send them to a hacker.

If you are to use a public or shared computer, make sure you do the following once you’re done with the session:

1. Click the Logout button in your COL Financial account and wait for the browser to show that you’re fully logged out.

2. Delete the browsing history, cache, and cookies that were saved in your browser.

3. Close all browsers.

When using wifi, connect only to wifi networks that you trust. Do you know that free wifi connection offered by some establishments may include spyware that can track your usage, including the websites you visit and the passwords you use?

So the next time you’re looking for free, public wi-fi connection, double check if it’s secure and reliable before you attempt to connect to it.

Tip #8: Finally, be aware of phishing or copycat websites.

COL Financial’s official website is https://www.colfinancial.com/. If the URL you’re accessing looks or is spelled differently, it’s most likely not COL’s website, so do not continue to use it.

These fake websites are called “phishing” websites and they’re used to “fish” for and collect personal information which will be used for hacking. Always, always double check that the website you’re accessing is COL’s official website.

Before inputting anything in what you believe is COL’s website, confirm that your browser shows these three (3) security indicators:

  1. a web address that begins with https and not just http;
  2. a padlock icon in the browser; and
  3. a “Secure” note in the Address bar of your browser.

If these three things are not present in your browser, then it’s most likely a phishing or fake COL website. Be warned!

Other useful articles you should be reading right now:

blank
James Ryan Jonas teaches business management, investments, and entrepreneurship at the University of the Philippines (UP). He is also the Executive Director of UP Provident Fund Inc., managing and investing P3.2 Billion ($56.4 Million) worth of retirement funds on behalf of thousands of UP employees.