Please ensure Javascript is enabled for purposes of website accessibility

Security Center

At BNY Mellon Investment Management we take the issue of privacy very seriously. We want to assure our Web site visitors and clients that they are receiving the security, privacy and confidentiality they expect from a financial services firm.

We will never contact you by e-mail to confirm financial transactions or to confirm or request personal account information or any other type of sensitive information.

If you do receive an e-mail that asks you to confirm financial transactions, provide or confirm sensitive information (such as passwords or sign-on IDs), or personal information (such as Social Security Numbers or personal bank account numbers), please assume that the request is fraudulent.

Some e-mails, links or Web sites may even include our logo or resemble existing Internet sign-on pages. You should continue to assume that the request is fraudulent because we will never contact you by e-mail to request or confirm personal or sensitive account information.

If you receive e-mail requests to visit a Web site or to submit personal information, consider them fraudulent and notify us here. We strongly recommend that you do not open an attachment, click on a link, visit the site, submit your personal information via the site or e-mail, or respond in any way.


What is escheatment?

Escheatment is the process of turning over unclaimed or abandoned property, including unclaimed or abandoned financial assets, to a state authority in accordance with state law. Learn more.

Account Security

The Internet and electronic communications have made it easy for you to check your account information and initiate investment transactions online. Because of this, we have implemented significant measures to help protect the security of your account — you should take precautions too.

To help protect the confidentiality of your personal information and transactions, the following layers of security are utilized:


  • All confidential information is located behind the password-protected area of
  • Clients are required to log in with user IDs and passwords.
  • Our Web site uses 256-bit Strong Encryption (SSL 3.0 and TLS 1.2).
  • Sessions left idle 20 minutes are timed out.
  • Failed login attempts will lock access to the account. 


Internet Fraud

Scam artists and fraud schemes are nothing new, but the Internet has helped bring them to a whole new level. Here are some of the scams you should be aware of.

E-Mail Fraud/Phishing

Beware of fraudulent e-mail. There have been many reported incidents of imposters sending e-mails claiming to be from legitimate companies in an attempt to trick people into providing them with sensitive personal information. These fraudulent e-mails, sometimes referred to as "phishing," often claim to be "urgent," and say that you must immediately reply to confirm, update or provide sensitive personal information (such as a Social Security Number, account number, password, or personal identification number (PIN)) or your account will be closed or some other action will be taken. These fraudulent e-mails may include links to fake Web sites, created to trick you into providing your sensitive personal information. Here are some tips to follow to help protect you from these scams:

  • Do not open e-mail from unknown sources — instead immediately delete the e-mail.
  • If you get an e-mail that warns you with little or no notice that your mutual fund or other account will be closed or otherwise impacted if you do not immediately confirm, update or supply sensitive personal information, do not reply or click on any link in the e-mail — even it seems to be from a legitimate company. Assume that the e-mail is fraudulent because we (and most legitimate companies) will never send you an e-mail like this. If you have concerns about your account call your company directly, or visit their Web site by opening a new browser window and typing in the company URL you know is legitimate.
  • Look for the symbol "@" in the URL, which is a common sign of a fake Web address.
  • Before submitting personal financial information over the Internet look for evidence that you are on a secure page. Check that there is a padlock icon. The padlock indicates that your personal information is secure during transmission. Also, check that the URL begins with "https," which indicates that the page is secure, and not "http" which indicates that the page is not secure. Be aware though that some imposters have forged secure sites. If you are at all suspicious about the authenticity of a Web page, close the page and visit your company's Web site by opening a new browser window and typing in the company URL you know is legitimate.
  • Check your mutual fund and other account statements as soon as you receive them to make sure there are no unauthorized transactions. If your statement is late, call your company to verify your billing address and recent transactions.
  • If you receive a suspicious e-mail claiming to be from us, or are directed to what appears to be a phony BNY Mellon Investment Management Web site, please contact us immediately.

Social Engineering

Internet fraud and threats don't only come from your computer. Social Engineering is a form of "phishing" in which a live person calls the victim posing as a system administrator or someone else of importance and persuades the victim to give the caller important information, like passwords, that will enable them to "help" the victim with his or her account. BNY Mellon Investment Management will never call you to ask for your personal information or passwords.

Also, when you call us or any company you do business with, be sure to use a reputable phone number such as one obtained from your account statement.

Cell Phones & Mobile Devices

You should use the same precautions when accessing the Web/e-mail through your cell phone or other mobile device that you would with any wireless network.

The Dangers of Downloading Adware/Spyware/Malware

Be aware of what you are downloading from the Web. Many fun "free" items for your computer come with additional software that can have a variety of purposes from popping up ads on your computer ("adware"), to tracking your site usage or logging your keystrokes and sending them back to the person who created the software ("spyware"), to installing malicious software ("malware") which may disrupt or even destroy your system. To help prevent the installation of this type of software on your computer, follow these guidelines:

  • Only download materials from reputable sites.
  • Know exactly what you are downloading.
  • Read the software's terms of use before you download.
  • Make sure that your virus/spyware definitions are up-to-date and scan your computer often.



General Best Practices For Securing Any Internet-Connected Computer

  • Use the strongest encryption you can get and keep your computer up to date with the latest security updates. Use the most current editions of your operating system and software. Vendors don't always support older software and operating systems, so as new security issues are found, older software remains vulnerable while security patches are released for newer versions.
  • Your Web browser may give you options for increasing your online security. Check the "Tools" or "Options" menus for built-in security features.
  • Your e-mail software or provider may enable you to filter certain types of messages, such as unsolicited bulk e-mail or spam. Activate the filter.
  • Install a firewall and both anti-virus and anti-spyware software on any laptop or PC from which you access the Internet. Update your virus definitions frequently and run scans on your computer on a regular basis.


Precautions for Using a Public or Shared Computer:

  • Protect your passwords. Many browsers offer to "remember" your usernames and passwords to secure Web sites. Using this feature may allow others who have access to your computer to gain access to your confidential information, including your account information. Never use this feature on a public computer.
  • Watch those cookies. Many sites will remember you and your information once you have logged in, even after you have closed the session. You can avoid this by clearing any cookies stored in your browser once your session is complete.
  • Always log out. End each online session by clicking on the "log out" button and then closing the browser. Do not just minimize the window or type a new URL into the address bar. These actions could leave your confidential information vulnerable to another user who looks up the browser history or clicks on the "Back" button.


Other Tips:

  • Avoid using any computer that is not your own to access your accounts online.
  • Never share your password information with others.
  • Create passwords that are unpredictable and counterintuitive and change them frequently. Don't use the same password for different accounts.
  • Beware of over-the-shoulder snoops when using public computers.
  • Erase information that may have been stored by your browser by deleting cookies, temporary Internet files and history.
  • If you suspect that your password has been stolen or used by others, immediately notify the firm at which you have the account.


Be careful when using wireless hotspots (public access points) and wireless networks. Hotspots are public access points that enable you to get onto the Internet wirelessly. Some require payment, while many are free. When surfing the Internet using a hotspot, you should take many of the same precautions as when you are using a public computer.

Take some special precautions when connecting to a wireless network:

  • When in doubt about the security of a hotspot, don't use it to conduct confidential business.
  • Shut off wireless connectivity or remove the network card if you leave your computer unattended.
  • Disable wireless ad hoc mode, a setting that allows all wireless devices to find and communicate with others within range.
  • Disable file and printer sharing capabilities when visiting hotspots.
  • Change your wireless network name and encryption keys periodically.
  • Change any default passwords for administering your wireless access point.