Fraud at the front door: Scammers are appearing at victims' physical addresses — how to protect yourself

One of the fastest-growing scams aimed at investors involves creating fake but very convincing websites that appear to be run by legitimate businesses, including the financial institutions you rely on. To spoof a website, bad actors purchase "sponsored links" to fake sites which appear at the top of search results. Their goal is to boost their site's visibility and lure unsuspecting users into clicking on them. These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss. Not to worry! We're here to arm you with knowledge so you can recognize spoofed websites and steer clear of them. Here's what to watch for: URL errors and issues: Look for misspellings or unusual domain extensions. A single letter out of place might mean you're on a fake site. Grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that's often your first clue it's a fake site. False security notification: Once you click on a site link, you're presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention "unauthorized activity" or other details designed to trigger anxiety and panic. Request for personal information: Schwab will never ask you over the phone for your account login password or a SMS passcode. If someone is asking you for your account login password or SMS code by phone, do not provide it. Privacy policy: Genuine sites will have a privacy policy available. If it's missing, think twice. Here's how to protect yourself: Avoid searching for a site: Use your saved bookmarks for visiting websites, especially financial ones, to avoid the risk of phishing and downloading malware. Utilize the app: Download your financial institutions app and utilize biometric authentication if available. Note: be cautious to read reviews and check the number of downloads to ensure you're downloading the legitimate app. Question urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels. Use secure networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible. Call before acting: If you have concerns about a site or link, it's always best to call us or email before taking any action, like downloading software. Remember, we're here to help. If you're ever in doubt about the legitimacy of a communication from Schwab or any financial institution, or from our firm, please call us immediately.

Schwab has identified a new twist on the "smishing" fraud threat which is being used by fraudsters hoping to capitalize on market volatility and investor emotion to steal funds and data. This version begins when a client receives a text message prompting them to "verify a transaction"—clicking the link leads the investor to a fraudulent website that mimics Schwab's login page, where they are prompted to enter their credentials. Once the credentials have been entered, the fraudsters use them to access Schwaballiance.com. The fraudulent website may also prompt the client to enter a two-factor verification code that they would automatically receive from Schwab, which once submitted allows the fraudster to complete the login process. Once they have access, the fraudster will then change the security token on the account so that it points to a device in the hands of the criminals, instead of the client's own device. At this point, the client is effectively locked out of the account, and the fraudster can begin initiating wire transfers that rapidly drain assets from the account. What to do: Verify the legitimacy of transaction requests prior to taking any action. This can mean, logging into your Schwab account via you normal browser, do not click on the link texted to you. You can also reach out to our office to verify the legitimacy. Monitor accounts closely for any unusual activity. Be on the lookout for client-initiated transactions and for unusual beneficiary account features, such as long or otherwise strange-looking account numbers. Report any unusual activity to us or Schwab immediately. Reminders: Do not click on links or attachments received via text message. Instead, visit the official Schwab site by typing the URL into your web browser manually. Or utilize Schwab's mobile application. Do not enter Schwab credentials or other information into a page reached by clicking a link. The same applies to phone numbers received via text message. Use a verified number you've used in the past. Double check that the URL provided is not a subtle variation of the real one. Stay calm and verify using official verified channels. If you suspect a smishing attack, you should follow these steps: Take a screenshot of the text and forward it to phishing@schwab.com (Be sure the phone number is visible). Delete the text message. If you clicked on the link, you should stop logging into their online accounts and immediately run an anti-virus/malware scan and remove anything identified in that scan. Next, verify the operating system on the device is updated, and then change all relevant passwords. We strongly encourage all clients to add security measures to their Schwab accounts, such as two-factor authentication and verbal passwords, which can help to secure against these attacks. Additionally see our guide to better protect you account: 10 simple tips to protect your Schwab account. Be sure to report any suspicious or fraudulent activity in your accounts as soon as possible, especially if you entered your Schwab credentials into a fake website.