This version begins when a client receives a text message prompting them to "verify a transaction"—clicking the link leads the investor to a fraudulent website that mimics Schwab's login page, where they are prompted to enter their credentials. Once the credentials have been entered, the fraudsters use them to access Schwaballiance.com. The fraudulent website may also prompt the client to enter a two-factor verification code that they would automatically receive from Schwab, which once submitted allows the fraudster to complete the login process.

Once they have access, the fraudster will then change the security token on the account so that it points to a device in the hands of the criminals, instead of the client's own device. At this point, the client is effectively locked out of the account, and the fraudster can begin initiating wire transfers that rapidly drain assets from the account. 

• Verify the legitimacy of transaction requests prior to taking any action. This can mean, logging into your Schwab account via you normal browser, do not click on the link texted to you. You can also reach out to our office to verify the legitimacy. 
• Monitor accounts closely for any unusual activity. Be on the lookout for client-initiated transactions and for unusual beneficiary account features, such as long or otherwise strange-looking account numbers.
• Report any unusual activity to us or Schwab immediately.

• Do not click on links or attachments received via text message. Instead, visit the official Schwab site by typing the URL into your web browser manually. Or utilize Schwab's mobile application.
• Do not enter Schwab credentials or other information into a page reached by clicking a link. The same applies to phone numbers received via text message. Use a verified number you've used in the past.
• Double check that the URL provided is not a subtle variation of the real one. 
• Stay calm and verify using official verified channels.

• Take a screenshot of the text and forward it to phishing@schwab.com (Be sure the phone number is visible).
• Delete the text message.
• If you clicked on the link, you should stop logging into their online accounts and immediately run an anti-virus/malware scan and remove anything identified in that scan. Next, verify the operating system on the device is updated, and then change all relevant passwords. 

We strongly encourage all clients to add security measures to their Schwab accounts, such as two-factor authentication and verbal passwords, which can help to secure against these attacks. Additionally see our guide to better protect you account: 10 simple tips to protect your Schwab account. 

Be sure to report any suspicious or fraudulent activity in your accounts as soon as possible, especially if you entered your Schwab credentials into a fake website.