Security awareness for online trading

1. Strong passwords

Strong passwords go a long way in protecting your online activity

Tips to create a strong password and reduce the chance of intruders gaining access to your online account:

• Minimum of six characters or longer
• Combine numbers, letters and symbols
• Use upper and lower cases for letters
• Never use a sequence, such as 123456, 876543 or qwerty
• Make passwords as meaningless and random as possible
• Try to avoid a password that is directly connected to you, for example your name or birthday or telephone number or car license plate, etc.
• Remember to change your password on a regular basis, e.g. once every three months or when you suspect that your password has been compromised or impaired
• Do not use the same password for all your online accounts or web-services
• Do not select the browser option for storing password. Even though it’s a pain, it safer to enter your password manually instead of checking the “Remember password” box

2. Two-Factor Authentication (2FA)

2FA is an additional layer of security that requires you to enter a verification code as well as your password every time you log in to your online account. The verification code is an additional authentication using a “One-Time Password” or “OTP” generated using a security token or your mobile phone app.

The added comfort comes from the fact that in order to hack into your account, the criminal must first guess your password and steal your hardware token/mobile phone.

Pre-caution that you should take when using 2FA:

• Do not allow anyone to use or tamper with you security token
• Do not divulge the serial number of security token to anyone
• Do not reveal the OTP generated by your security token to anyone
• If you are using your mobile phone to generate OTP, inform us immediately any loss of your mobile phone

For more information on 2FA offered by IG, please refer to Two-Factor Authentication.

3. Social Engineering

This is a trick on users to perform certain actions or reveal confidential information. Using the data you disclose, criminals will gain access to your accounts.

Victims are usually deceived in two ways, either by phone or e-mail.

• By phone:  the fraudster may pose as a customer-service employee of a well-known company or a company that you normally deal with, for example your bank or broker. In the pretext of providing customer service or marketing a new product, they will ask for your account log-in details.
• By e-mail: commonly known as ‘phishing’, you will be sent an e-mail asking you to validate or update sensitive account information by e-mail or on a webpage that seems legitimate or the e-mail  that contains attachments or links asking you to open or click on the link.

To prevent data theft, 

• Don’t provide your account login details over the phone or e-mail. Remember IG’s staff will never ask for your account’s password.
• Never open files or attachments in e-mails from strangers. Instead, you should reach the website of your broker by typing the company’s web address into the web browser yourself or use your bookmark/favourite to access the website.
• Before you enter sensitive data on a webpage, check that the web address is correct.
• When entering into a secure website, the website address should change from ‘http://’ to ‘https://’ (the‘s’ stands for security).  A security icon that looks like a lock or key should appear.

Example URL for IG’s public website:

Example URL for IG’s trading platform:

If you receive an error message regarding an IG web page certificate, then please terminate your session and contact IG.

4. Be aware!

You should check your account information, e-mail address, bank and credit card details, balances and transactions frequently and report any discrepancy to IG’s Helpdesk staff immediately on +65 6390 5118 or helpdesk@ig.com.sg.

Note that we will send trade confirmations as well as account-related notifications via email to the email address registered to your account.

If you do not receive any e-mail communication from us for a period, it could be due to one of these factors, amongst others:

• Your inbox is full and is unable to receive emails because your email application does not have storage capacity
• Our emails are treated as spam and directed to your junk inbox
• You have not updated your current email address for your account. You can check this by visiting 'Settings' in the 'My Account' section of our trading platform
• You have mis-spelt your registered e-mail address for your account

5. Defend your computer against internet threats

a) Install and update anti-virus, anti-spyware and firewall software in your personal computers and mobile device.

• Update your virus checkers frequently. Anti-virus programs are not always effective against new viruses. This is because the virus designers test their new viruses on major anti-virus applications to make sure that they are not detected before releasing them into the wild.

b) Update operating systems with security patches or newer versions on a regular basis.

• Operating system updates are corrections for program incompatibilities, discovered errors and security vulnerabilities.  Manufacturers like Apple provide frequent updates to make your operating systems more secure.

c) Log off the online session after activity.

• Do not leave your online screen unattended with your account displayed.

d) Clear browser cache after the online session.

• Please refer to your browser for details, as the process to clear the cache differs from one browser to another.

e) Do not install software or run programs of unknown origin.

• Only download mobile trading apps from authorized sources, such as Apple AppStore, Google play, Windows Store, Blackberry App World, etc.

f) Do not use a computer or device that cannot be trusted, for instance computers in public or internet café or computers connected to public networks to access online accounts.

• Use your personal computers or mobile devices for financial activity.

Remember, there’s an army of hackers out there trying out newer and sophisticated technologies, 24/7 to attack web users. In this digital world, the web users themselves are often the weakest link.

Under the terms of the Margin Trading Customer Agreement governing your CFD trading account with IG, you have authorised IG to rely and act on trading and payment instructions for your account, if we have reasonable grounds to believe that these communications are from you or your authorised persons.

IG relies on your userID and password to identify you and/or your authorized person when accepting instructions for your account. Once executed, you remain liable for the transactions in your account.

It’s your responsibility to take the appropriate physical and IT security precautions as you consider necessary to safeguard your account credentials and ensure that access is permitted to your authorised persons. You should also notify us immediately if you suspect that your account number and/or password has been learnt or may be used by any other person.

You will also have to indemnify IG against losses, liabilities, judgements, suits, actions, proceedings, claims, damages and/or costs resulting from or arising out of any act or omission by any person obtaining access to your account by using your designated account number and/or password, whether or not you authorised such access.