Scammers are using search engine optimization (SEO) to create fake websites that appear in search results for trusted institutions like Schwab. When clients visit these sites, they are exposed to phishing attacks aimed at stealing their information and assets.
How these scams work:
Knowledgeable fraudsters use sophisticated techniques to create websites that appear in search engines when clients are looking for Schwab or other trusted institutions.
The websites are designed to look legitimate, and their position in the search results trick users into believing the top search hits are the most credible. This phishing tactic is very effective: after all, not every user will scrutinize every search result to ensure the link they’re about to click is legitimate.
Once the client clicks on the phishing website and attempts to log in with their credentials, they receive an error message stating there’s a login issue and to contact a hotline number noted in the message for further assistance.
When the client contacts the fraudulent number, the bad actor posing as a Schwab employee states that there’s been a security breach, and someone is attempting to steal money from their account.
Then, the bad actor attempts to convince the client to download software to their device.
The overall goal is to gain access to the device and continue to facilitate additional fraud attacks, which can ultimately lead to unauthorized activity and ID theft.
To help fight these schemes, your clients should avoid using Google, Safari, and Firefox to search for Schwab or other important websites. Instead, they should type the known website in their browsers—for example, www.schwaballiance.com—or use the Schwab Mobile app. They can also save all of their favorite websites’ correct addresses to their browser’s bookmarks.
Be sure to promptly report any issues like this to your firm’s service team, or ask your clients to contact Schwab Alliance at 800-515-2157.