My Merrill account may have been compromised. What should I do?
Here are some online security tips and best practices to follow if you think your Merrill
account has been compromised:
• If you notice suspicious or fraudulent activity on your account, notify your Merrill
Financial Advisor 1.800.MERRILL (1.800.637.7455) and have a Relationship Pin (RPIN)
placed on your account immediately.
• Review all recent activity in your account(s) to make sure no further fraudulent activity
has occurred.
• Add a security code/PIN to your smartphone. If your device offers the capability to
enable fingerprint or other biometric authentication, this should be enabled as well.
• Set up an alternative delivery option to receive a one-time code used when logging
into the Merrill website and mobile application.
How can I be sure my email to my financial advisor and client associate
are safe?
Use MyMerrill Secure Message Center for communications with your financial advisor
or client associate. Unlike regular email, the Secure Message Center is protected by
Merrill firewalls and requires you to login to MyMerrill using your User ID and
password to send an email to your financial advisor and client associate through the
Secure Message Center.
My email has been compromised. What should I do first?
Your e-mail account has been compromised if an unauthorized person acquired your
login information, and has used it to access your e-mail account potentially to commit
fraud. If you think your email account has been compromised, in addition to changing
your login credentials, take these steps as soon as possible:
• Determine if any fraudulent emails were sent from the
compromised account.
Check the account’s “sent” and “deleted” folders to check for any emails you didn’t
write. Often, you learn you were compromised when someone on your contact list
alerts you that he or she received an email from your account containing a suspicious
link or other questionable information.
• Notify your contacts.
Let them know they may receive spam messages that appear to come from
your email account, and to not open those messages or click on any links they
might contain.
• Determine if any sensitive information might have been compromised.
Sensitive information includes Social Security numbers, passwords, account numbers
and/or other financial Information.
What should I do if I receive a suspicious email?
If you do receive a suspicious email, don’t click on any links in it or reply to it—
simply delete it.
To report a suspicious email that uses Merrill or Bank of America’s name,
And, to make sure you’re at MyMerrill.com website when you log in to your
account, type www.mymerrill.com in your browser.
Tips for creating strong login
credentials
Avoid using common information.
Instead of using the word “password,” your
name, birthday, Social Security number, or
your pet’s name, use something that’s
meaningful to you but isn’t common
knowledge.
Use at least 8 characters and include
letters, numbers, punctuation and
symbols.
The greater the variety of characters in your
password, the better. For example,
“P@SSw0rD” is more secure than
“password” but “2P!nkC@tS” is even better.
Use different passwords for different
sites and change your passwords often.
Cyber criminals often steal passwords on
websites that have very little security and
then use that same password and
username in more secure environments,
such as banking websites. Set up an
automatic reminder to change your
passwords every three months for your
email, banking, credit card and social
media accounts.
Use your security questions regularly,
choosing questions and answers that
are unique to you.
The information you provide identifies you
and helps protect you from fraud.
Multifactor Authentication
Sometimes called “multifactor authentication,”
this process uses two steps to check the
identity of an individual trying to access an
email account, computer or network, such as a
username/password and a four-digit numeric
code texted to the account holder.
Increase your overall security and
add an extra layer of protection
with multifactor authentication.
2
J
anuary 2024 – Identity Theft Brochure