Spread bets and CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 75.2% of retail investor accounts lose money when trading spread bets and CFDs with this provider. You should consider whether you understand how spread bets and CFDs work, and whether you can afford to take the high risk of losing your money.

PERSONALPARTNERSGROUPPROFESSIONAL
ABOUT USHELP & SUPPORT

Account Security

Keeping your Pepperstone account safe is our priority.

Homepage/Account Security/

Sometimes we’re made aware of email, SMS and phone scams created by third parties claiming to be Pepperstone.

These scams are designed to look and sound like authentic Pepperstone communications (such as emails from our business or trading specialists) and often copy our design features. These communications are attempts to gain access to your personal or financial information. They’re not authentic Pepperstone communications and we haven’t authorised them.

To find out more about scams and what to do if you see one, see our FAQs below.

If you’re concerned about the safety of your trading account or receive any suspicious messages that appear to be from Pepperstone please contact us. Please don’t reply to or engage with the sender.

What sort of scams should I look out for?

Scams can take a range of forms and we’ve listed some of the most common types of scams below.

Fake accounts/comments on social media

Social media scams happen a lot. Posting on sites that attract a large number of visitors, such as Facebook, Instagram and YouTube, is a way for scammers to prey on many people by appearing authentic. We’ve noticed an increase in posting from people promising high returns on products such as binaries, options and BTC followed by a personal Gmail address or similar. These are not authentic comments and we’re not affiliated with the people who post these. Please report these comments to us via email/live chat and whatever you do, don’t provide any information to the email addresses listed.

Remote access scams

These scams occur when someone is targeted by phone, SMS or email by a person falsely claiming to be from a familiar company or government agency. They’ll offer a fake story and try to trick you into giving them your personal information or remote access to your device.

Investment scams

Examples of investment scams include being cold-called by someone pretending to be one of our representatives or being approached by someone via social media with a promise of guaranteed returns or low risk investments.

Phishing/SMShing

Phishing messages are popular ways for online criminals to trick or persuade you to click on a link or open an attachment. They’re generally designed to look like they come from a legitimate business and may direct you to a website that asks you to verify your personal information or even prompt you to click on a link that downloads a virus. Phishing/SMShing messages often try to create a sense of urgency by requiring you to respond as soon as possible.

How can I tell if I’m receiving a genuine Pepperstone communication?

Pepperstone will never:

  • call, email or SMS you to ask for your account password or credit card details;
  • ask you to fund your account using money wire services such as Western Union, bitcoin or any other cryptocurrency; or
  • present our products as low risk or guarantee investment returns.

We’ll always prompt you to login to your secure client area if we need you to update your funding details.

Some communications are specifically designed to look genuine and may also use our logo and branding. Keep an eye out for spelling mistakes and incorrect grammar, and links or email addresses that are slightly different (e.g. support@pepperstones.com instead of support@pepperstone.com).

If you’re contacted by someone claiming to be from Pepperstone and asking for this information, or receive a suspicious communication, don’t respond to/click on anything. Please contact us directly, using the phone number/contact details from our website, as soon as possible.

How can I protect myself?

  • Don’t respond to/click on any suspicious communications from people or organisations that you don’t know
  • Configure your email to require two-factor authentication (e.g. password plus an SMS or Device Authorisation code)
  • Watch for spelling and grammar mistakes in unsolicited emails. If you receive an email containing a link, carefully read the URL by hovering your mouse over the link (without clicking on it) to check for different spellings
  • Protect your computer:
    • Keep it regularly updated with anti-virus software that you’ve bought and installed yourself and run regular scans
    • Password protect your login, especially if you use browser password managers
    • Ensure your operating system and browsers are up to date and have the latest security enhancements installed
    • Remote access software is designed to share information between your computer and someone else’s - keep your banking details safe by not signing in if this software is active on your computer
    • Avoid saving your credit card details in your browser
    • Research software before you download it - quick internet searches could save you and your family a lot of grief
  • Remember, protecting your mobile devices from viruses, malware and internet fraud is just as important as protecting your computer
  • Consider encrypting any files containing sensitive information on your device or protecting them with additional passwords
  • Always be wary of ‘investment opportunities’ that promise a high return with little risk

To check if a call is legitimate, attempt to call back the company on a number listed on its website that you have navigated to, i.e. call Pepperstone on the number listed on our website www.pepperstone.com (not a website provided by the caller), and ask whether the person who contacted you is a current employee providing real information

Frequently Asked Questions

Latest security alerts

15 September 2020 - Additional findings on cyber attack

Our ongoing forensic investigations regarding the cyber incident on 22 July (AEST) have revealed that the same criminals gained a second point of access to our client relationship management system, via an encrypted Pepperstone-managed machine.

This isn’t considered a separate cyber incident and is part of a sophisticated attack carried out by the same criminals. The criminals used both approaches to obtain a limited amount of personal information of additional account holders but steps have since been taken to prevent any similar incidents happening again.

Additional affected individuals have been notified and provided with recommendations to help ensure their ongoing security. We’ve continued to instigate important changes to our security systems, and will routinely conduct risk assessments and testing to protect our servers and solutions in accordance with industry best-practice.

Our clients can continue to have confidence in using our trading systems safely and securely.

5 August 2020 - Investigation into malware attack on 22 July (AEST)

Pepperstone discovered and contained a malware attack on one of our computer systems on 22 July (AEST). Our IT security team detected cybercriminal activity, which used malware to compromise a computer used by one of our external service providers in order to steal their user credentials. They used those credentials to gain access to our client relationship management system but before we stopped the attack, they were able to take the personal information (also known as personal data) of some of our account holders.

We have reason to believe that the information has been shared with third parties, who have since made unsolicited contact with Pepperstone account holders, in many cases claiming to be Pepperstone or alleging that Pepperstone’s business had closed (see below update on 21 July 2020). Importantly, the criminals were only able to access a limited subset of our account holder data via the client relationship management system. They weren’t able to access our trading environment or our financial systems, which are segregated from our client relationship management system. This means that the criminals didn’t gain access to any trading accounts, banking details, passwords or ID documents.

We immediately notified the individuals who were affected, providing them with this information and recommendations to help ensure their ongoing security. We’re extremely concerned that this incident happened and will continue to do everything we can to ensure it doesn’t happen again.

21 July 2020 - client details used for scam phone calls

We’re aware that Pepperstone clients have received phone calls from individuals either claiming to represent Pepperstone or advising that Pepperstone no longer exists and instructing clients to transfer funds out of their Pepperstone accounts. In some cases clients have also been asked to use a remote desktop viewer.

These phone calls are not from Pepperstone. If you receive a phone call like this, please hang up and call our listed company phone number or contact us via email/live chat to verify the communication and/or report your interaction. Please keep a note of what was said and what number the scammer used to contact you.

To find out more about scams and how to protect yourself visit

Australia:

ACCC’s Scamwatch – www.scamwatch.gov.au

ACCC’s Little Black Book of Scams – www.accc.gov.au/publications/the-little-black-book-of-scams

ReportCyber – https://www.cyber.gov.au/acsc/report

Unwanted Communications – https://www.communications.gov.au/

UK:

Information Commissioner’s Office – https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/

Citizens Advice – https://www.citizensadvice.org.uk/consumer/scams/get-help-with-online-scams

UAE:

Dubai Financial Services Authority –https://www.dfsa.ae/Your-Resources/DFSA-Alerts/How-to-avoid-being-scammed