Smishing Threat Campaign
We have been alerted that there is an active phishing text campaign in which clients receive a text message from an international number and it mentions a disbursement from the client's account. It then asks to click on a link to log into their account to verify the transaction. Please review the red flags below to help clients identify if the text is a phishing attempt:
The texts are coming from different international phone numbers.
The texts notify that an ACH was debited from their Schwab account, typically in the thousands of dollars.
The text then instructs the client to cancel the disbursement if they did not request it, by replying "Y" and clicking on the link provided.
The link's URL is a variation of a spoofed Schwab domain
For example https://schwbba.com, https://schwabd.com, https://schwbab.com, etc.
Be aware:
Schwab does not notify client about completed transaction via text message.
Schwab does not send out text messages from international numbers.
Keep in mind: Unlike many other attacks, smishing isn't necessarily an indication that your client has been compromised—the attackers send a message to a large number of randomly chosen phone numbers, hoping some of those people will respond.
Steps to follow if the client suspects smishing:
Take a screenshot of the text and forward it on to phishing@schwab.com (Make sure the phone number is visible).
Delete the text message.
Strongly encourage the client to add security measures on their Schwab accounts, such as two factor authentication and verbal password.
Report suspicious or fraudulent activity in their accounts as soon as possible, including if they entered their Schwab credentials into a fake website.
Note: If the client has clicked on the phishing link, please have them run an anti-virus and anti-malware scan on their device.
Help your clients protect themselves, by reminding them:
Do not click on links or attachments included in a text message.
Slow down if a message is urgent. Urgent account updates and limited time offers are red flags of possible smishing. Remain skeptical and proceed with caution.
Avoid using links or contact information from the message. Go directly to the official channels/websites.
Double check the phone number. International numbers or odd looking numbers, such as 4-digit phone numbers, are tactics that scammers use to mask their true phone number.
Do not enter your Schwab credentials or other personal information via an unverified link. Instead, enter the address you are familiar with directly into your browser to visit the trusted website to log in as usual.
Double check that the URL is not a subtle variation of the real one.
Do not call phone numbers received through unsolicited messages. Always use a verified number that you have used in the past or is found on your account statement.
Resources
For more information on Phishing schemes and other fraud tactics, please visit the Cybersecurity Resource Center > Fraud Prevention in Schwab Advisor Center
Fraud Prevention:
Public site: https://advisorservices.schwab.com/navigating-risk-regulation/cyber-security
Retail site: SchwabSafe | Charles Schwab
1224-CLC7
Read about privacy at Schwab at www.schwab.com/privacy. For general informational and educational purposes only. This material is for institutional investor use only. This material may not be forwarded or made available, in part or in whole, to any party that is not an institutional investor. Schwab Advisor Services™ provides custody, trading, and the support services of Charles Schwab & Co., Inc. ("Schwab"), member SIPC, to independent investment advisors and Charles Schwab Investment Management, Inc. ("CSIM"). Independent investment advisors are not owned by, affiliated with, or supervised by Schwab. © 2024 Charles Schwab & Co., Inc. ("Schwab") All rights reserved. Member SIPC
Stordahl Capital Management, Inc is a Registered Investment Adviser. This commentary is solely for informational purposes and reflects the personal opinions, viewpoints, and analyses of Stordahl Capital Management, Inc. and should not be regarded as a description of advisory services or performance returns of any SCM Clients. The views reflected in the commentary are subject to change at any time without notice. Nothing in this piece constitutes investment advice, performance data or any recommendation that any particular security, portfolio of securities, transaction or investment strategy is suitable for any specific person. Any mention of a particular security and related performance data is not a recommendation to buy or sell that security. Advisory services are only offered to clients or prospective clients where Stordahl Capital Management and its representatives are properly licensed or exempt from licensure. No advice may be rendered by Stordahl Capital Management unless a client service agreement is in place. Stordahl Capital Management, Inc provides links for your convenience to websites produced by other providers or industry-related material. Accessing websites through links directs you away from our website. Stordahl Capital Management is not responsible for errors or omissions in the material on third-party websites and does not necessarily approve of or endorse the information provided. Users who gain access to third-party websites may be subject to the copyright and other restrictions on use imposed by those providers and assume responsibility and risk from the use of those websites. Please note that trading instructions through email, fax, or voicemail will not be taken. Your identity and timely retrieval of instructions cannot be guaranteed. Stordahl Capital Management, Inc. manages its clients’ accounts using a variety of investment techniques and strategies, which are not necessarily discussed in the commentary. Investments in securities involve the risk of loss. Past performance is no guarantee of future results.