Fraud at the front door: Scammers are appearing at victims' physical addresses

October 23, 2025

Fraud at the front door: Scammers are appearing at victims' physical addresses — how to protect yourself

The FTC recently highlighted a new and disturbing trend that's emerging in the ever-evolving fraud landscape: fraudsters are showing up at victims' homes or arranging in-person meetings with the aim of collecting physical cash, gold bars, or other valuables. This is a significant shift from digital scams—where the victim's financial and other assets and data are at risk—to a scenario in which the victims could end up in imminent danger of physical harm.


Even if scammers don't directly threaten victims in these in-person scenarios, they enable the criminals to use high-pressure tactics and intimidation to get what they want, especially because they're often posing as representatives of the government, banks, or other trusted institutions.


How they work, and who they're targeting:

Like digital scams, these often start with phone calls, emails, or social media messages designed to convince the victim that the scammer is contacting them about a legitimate governmental or business concern. Once their false identity is established, the scam proceeds—maybe with an urgent request for money, an unauthorized transaction in your bank account, a call to transfer money from a compromised account to a safe one, or even a fraudulent investment opportunity—whatever it is, it's nearly guaranteed that the scammer will pressure the victim to act quickly.


Anyone might be a target, but often these criminals focus on older adults or those who may have trouble recognizing scam tactics—often those with diminished capacity. Of course, many of these victims will be particularly vulnerable to intimidation or threats from a person who's standing in front of them. So be suspicious of any unsolicited communications, especially those requesting personal information or insisting they must act quickly.



If a scammer uses an electronic channel:


  • Pause and do not respond immediately: Never feel pressured to act on the spot, even if the message or call seems urgent.
  • Verify the contact's identity: Use official channels to reach out to the organization or person, such as a phone number that you independently looked up or the official website's address, which you typed directly into your browser's address bar. Avoid clicking "sponsored" links, as these can often lead to malicious websites or scams.
  • Do not share information: Legitimate organizations will not request confidential details, such as account numbers, passwords, or payment in the form of gift cards or wire transfers, over unsecured electronic channels like email, text, or social media.
  • Consult trusted individuals: If unsure, discuss the message with your bank, financial advisor, or a family member before taking any action. And remember to add or update your trusted contact information on file at Schwab.
  • Report suspicious activity: Forward suspicious emails or texts to phishing@schwab.com. If you have provided your home address to the scammers, report it to local authorities immediately.
  • Preserve evidence: Take screenshots, save emails or texts, and keep records so you can provide them to authorities if needed.


If someone physically visits your home:


  • Never let anyone you don't know come inside: Genuine government, financial, utility, or other representatives rarely visit you at home without prior notice. When in doubt, keep your door locked and communicate via window or intercom.
  • Insist on valid identification: Ask for official ID and do not hesitate to call the organization using its official contact number to verify the visitor's identity. Genuine officials will not object to verification.
  • Refuse immediate transactions: Never hand over cash, valuables, or personal information to someone who's at your door demanding payment.
  • Call for Help: If you feel threatened or if valuables have already been taken, call local law enforcement immediately (911).
  • Preserve Evidence: Try to remember identifying details—the person's appearance, their vehicle's make, model, and license plate number, the type of documents they presented—and if possible don't touch anything the scammer has touched. This makes it easier for police to conduct future investigations.
  • Report the Incident: Once the scammer is gone, immediately contact your financial institution, local police, and the Federal Trade Commission (FTC) at ReportFraud.ftc.gov.
  • Alert Neighbors: Inform neighbors and local community groups if an impersonator has targeted your area to help prevent further incidents.



Remember that legitimate government, financial, or other institutions will never:


  • Demand money or threaten you with arrest.
  • Promise you prizes out of the blue (even if you didn't enter a contest or sweepstakes).
  • Make unsolicited phone calls.
  • Abruptly request access to your devices or asking you to install software that enables this access.



Remember: It's better to be safe than sorry. If something feels off, trust your instincts and always take the time to verify before you act.

Search Engine Optimization (SEO) abuse attacks

September 10, 2025
One of the fastest-growing scams aimed at investors involves creating fake but very convincing websites that appear to be run by legitimate businesses, including the financial institutions you rely on. To spoof a website, bad actors purchase "sponsored links" to fake sites which appear at the top of search results. Their goal is to boost their site's visibility and lure unsuspecting users into clicking on them. These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss. Not to worry! We're here to arm you with knowledge so you can recognize spoofed websites and steer clear of them. Here's what to watch for: URL errors and issues: Look for misspellings or unusual domain extensions. A single letter out of place might mean you're on a fake site. Grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that's often your first clue it's a fake site. False security notification: Once you click on a site link, you're presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention "unauthorized activity" or other details designed to trigger anxiety and panic. Request for personal information: Schwab will never ask you over the phone for your account login password or a SMS passcode. If someone is asking you for your account login password or SMS code by phone, do not provide it. Privacy policy: Genuine sites will have a privacy policy available. If it's missing, think twice. Here's how to protect yourself: Avoid searching for a site: Use your saved bookmarks for visiting websites, especially financial ones, to avoid the risk of phishing and downloading malware. Utilize the app: Download your financial institutions app and utilize biometric authentication if available. Note: be cautious to read reviews and check the number of downloads to ensure you're downloading the legitimate app. Question urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels. Use secure networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible. Call before acting: If you have concerns about a site or link, it's always best to call us or email before taking any action, like downloading software. Remember, we're here to help. If you're ever in doubt about the legitimacy of a communication from Schwab or any financial institution, or from our firm, please call us immediately.

New "transaction verification" smishing campaign

May 8, 2025
Schwab has identified a new twist on the "smishing" fraud threat which is being used by fraudsters hoping to capitalize on market volatility and investor emotion to steal funds and data. This version begins when a client receives a text message prompting them to "verify a transaction"—clicking the link leads the investor to a fraudulent website that mimics Schwab's login page, where they are prompted to enter their credentials. Once the credentials have been entered, the fraudsters use them to access Schwaballiance.com. The fraudulent website may also prompt the client to enter a two-factor verification code that they would automatically receive from Schwab, which once submitted allows the fraudster to complete the login process. Once they have access, the fraudster will then change the security token on the account so that it points to a device in the hands of the criminals, instead of the client's own device. At this point, the client is effectively locked out of the account, and the fraudster can begin initiating wire transfers that rapidly drain assets from the account. What to do: Verify the legitimacy of transaction requests prior to taking any action. This can mean, logging into your Schwab account via you normal browser, do not click on the link texted to you. You can also reach out to our office to verify the legitimacy. Monitor accounts closely for any unusual activity. Be on the lookout for client-initiated transactions and for unusual beneficiary account features, such as long or otherwise strange-looking account numbers. Report any unusual activity to us or Schwab immediately. Reminders: Do not click on links or attachments received via text message. Instead, visit the official Schwab site by typing the URL into your web browser manually. Or utilize Schwab's mobile application. Do not enter Schwab credentials or other information into a page reached by clicking a link. The same applies to phone numbers received via text message. Use a verified number you've used in the past. Double check that the URL provided is not a subtle variation of the real one. Stay calm and verify using official verified channels. If you suspect a smishing attack, you should follow these steps: Take a screenshot of the text and forward it to phishing@schwab.com (Be sure the phone number is visible). Delete the text message. If you clicked on the link, you should stop logging into their online accounts and immediately run an anti-virus/malware scan and remove anything identified in that scan. Next, verify the operating system on the device is updated, and then change all relevant passwords. We strongly encourage all clients to add security measures to their Schwab accounts, such as two-factor authentication and verbal passwords, which can help to secure against these attacks. Additionally see our guide to better protect you account: 10 simple tips to protect your Schwab account. Be sure to report any suspicious or fraudulent activity in your accounts as soon as possible, especially if you entered your Schwab credentials into a fake website.
Charles Schwab Scam definitions and prevention client guide

Social engineering—a growing threat, especially during the holidays

December 18, 2024
There is a pressing need to identify the tactics used in social engineering scams. We are helping raise awareness among potential victims or those who may have already become victims of scams. As you know, protecting your assets and data is priority number one for our firm. But it’s also important that you know about threats you may encounter in other interactions online—from your personal email account to social media and dating apps.