ABOUT EMAIL FRAUD
ABOUT EMAIL FRAUD
Our email security practices
Being aware of the email security practices used by Baytree Capital can help you distinguish a legitimate email message from a fraudulent one.
What we do:
Include an email “Security Zone” in most client servicing emails we send. This Security Zone:
• Typically includes your name and the name of your advisor or advisor team (if applicable), but can vary slightly if you share your email address with another Baytree Capital client.
• Displays in the upper right corner of the email when viewed from a desktop and at the bottom of the email when viewed from a mobile device.
Provide access to our secure message center through the secure site on baytreecapital.com, so you can communicate securely with your advisor and others. We notify you by email when you have a secure message waiting for you in the message center.
Send you emails with links to baytreecapital.com or the secure site to access certain features and information. These links are provided for your convenience, but you can also type the URL directly into your browser.
What we won’t do:
Ask you to send personal information (ex. password, Social Security number, account numbers, mother’s maiden name, etc.) through email.
Include attachments in emails. Instead, your advisor and members of your advisor’s team can send you attachments through our secure Message Center.
What is email fraud?
Email fraud – or phishing – refers to phony emails that appear to be from well-known companies.
• Appear to come from legitimate businesses such as financial institutions, insurance companies or retailers and often include seemingly authentic logos, links or graphics to make them look legitimate.
• Are designed to deceive you into providing personal, financial or account information – such as account user names, passwords, credit card information and Social Security numbers.
• May attempt to deceive you into downloading an attachment or clicking on a link that will download malware onto your computer to illicitly obtain personal and financial information.
How to spot email fraud
Sense of urgency: Messages often try to ‘bait’ you by stating there is an urgent situation concerning your account and instructing you to take immediate action – such as clicking a link to go to a fake website to ‘update’ or ‘validate’ personal information.
Spelling or grammatical errors: You may see obvious spelling errors that are purposely included to help avoid spam filters and deliver the fraudulent email to your inbox.
How to report email fraud
If you suspect you’ve received a fraudulent email, please:
• Forward it to us immediately at: firstname.lastname@example.org.
• Do not remove the original subject line or change the email in any way when forwarding.
• Watch for an auto-generated reply to let you know we’ve received your email. If we confirm the email is fraudulent, we will take appropriate action immediately.
Think you’ve responded to a phishing email by mistake?
If you provided your account information to a request you suspect may have been fraudulent, call us immediately at 833-BAYTREE.
How to protect yourself
Before clicking on a link in an email:
• Think twice. If you suspect the email might be a phishing attempt, delete it and follow up with the company directly.
• Roll over the link with your mouse to display the URL. If the URL looks suspicious, do not click on it.
• Before you log in to access your accounts:
• Check to make sure the URL address of the page begins with “https” instead of just “http.” The “s” indicates it is a secure page.
• Look for an image of a closed padlock near the URL address in your browser. You can click on the padlock to confirm the identity of the site you are visiting.
When visiting sites in general:
Go to them directly. The safest way to get to any site is to type the URL address into your browser directly. You can then bookmark it for quicker access on future visits.
Use the “Remember my User ID” feature (but never from a public or shared computer). This feature lets your computer remember your ID, so when you return to the site from an email to log in, your User ID will automatically display in the log in box. A fake site will not be able to display your User ID.