Watch Out for Fraudsters This Holiday Season

Information and tips provided by Schwab Advisor Services

The holidays are upon us, and fraudsters are ready to take full advantage of any opportunity, knowing that we are busy traveling, shopping, and spending time with friends and family.

There are two threats that you and your clients should be aware of:

The holidays are upon us, and fraudsters are ready to take full advantage of any opportunity, knowing that we are busy traveling, shopping, and spending time with friends and family.

There are two threats that you and your clients should be aware of:

• Imposters pose as an organization's employees and contact you via phone and other channels, including email and text messages.
• Scammers are using search engine optimization (SEO) to create fake websites that appear in search results to be trusted institutions, like Schwab. When you visit these sites, you're exposed to phishing attacks aimed at stealing their information and assets.

Fraudsters Posing as Schwab Employees

1. First, the fraudster gains access to your personal information, such as first and last name, phone number, and home address, potentially from the dark web or a hacked website (such as social media).
2. The imposter may spoof the organization's phone number to call the client and then identify themselves as an employee in the fraud department.
3. The fraudster alleges that a suspicious charge has been found in your account with that organization and makes the client aware that the charges will need to be reversed.
4. The fraudster will use social engineering to get the client to provide your username, and then when the system sends an automated SMS for verification, the fraudster requests the code from you.
5. Once the fraudster has the SMS code, they will update your password, log into your account, and initiate unauthorized transactions.
6. Fraudsters will take advantage of your emotions and the holiday activity to get you to let your guard down and act quickly.

Fraudsters Using SEO To Drive Users To Phishing Sites

1. Fraudsters use sophisticated techniques to create websites that appear in search engines when you are looking for Schwab or other trusted institutions. The websites are designed to look legitimate, and their position in the search results tricks users into believing the top search hits are the most credible.
2. This phishing tactic is very effective as not every user will scrutinize every search result to ensure the link they're about to click is legitimate.
3. Once you click on the phishing website and attempt to log in with your credentials, you'll receive an error message stating there's a login issue and to contact a hotline number noted in the message for further assistance.
4. When you contact the fraudulent number, the bad actor posing as a legitimate employee states that there's been a security breach and someone is attempting to steal money from your account.
5. Then, the bad actor attempts to convince you to download software to their device. The overall goal is to gain access to the device and continue to facilitate additional fraud attacks, which can ultimately lead to unauthorized activity and ID theft.



Mitigate Fraud This Holiday With These Fraud Prevention Tips

• Avoid supplying any personal identifying information in an email or over the phone, even if you think you're talking to that financial institution
• Note: You can verify who you're speaking with by ending the call & calling a verified phone number for that organization
• If an organization, such as Schwab, sends you an SMS text code to verify account access, do not share this with anyone
• Legitimate representatives will never ask for this information
• Download your financial institution's app and utilize biometric authentication if available
• Note: Be cautious to read reviews and check the number of downloads to ensure you're downloading the legitimate app
• Scrutinize email addresses, URLs, and spelling used in any correspondence
• Hover your mouse cursor over the email address, and check the sender's domain (for example, the "abc.com" in the address john.doe@abc.com) to ensure it's what you would expect
• Avoid using Google, Safari, and Firefox to search for Schwab or other important websites. Use your saved bookmarks or type the known website in your browser
• For example, www.claytonfinancialgroup.com, or use the app and save important websites to your web browser's favorites/bookmark
• Use good cyber hygiene when surfing the internet, and avoid visiting unsecured websites or public WiFi
• Contact the impersonated organization immediately to report all suspicious or fraudulent activity

If you have any questions or concerns regarding these fraudulent scams and the steps you can take to avoid them, contact your Clayton Financial Group advisor, and they will be happy to help you out and bring you peace of mind!