Social engineering—a growing threat, especially during the holidays

December 18, 2024

Scam definitions and prevention client guide


As you know, protecting your assets and data is priority number one for our firm. But it’s also important that you know about threats you may encounter in other interactions online—from your personal email account to social media and dating apps. In each of these channels, you may run into scams specifically designed to steal your information or assets. To help you recognize and avoid such situations, we’re providing this guide, which explains what scams are and some telltale signs to help you recognize a number of prevalent ones. We also outline steps that you can take if you ever fall victim to a scam. By reviewing this information, maintaining best practices, and exercising caution in your online activities, we can work together to keep you safe.


What is a scam?


A scam is a dishonest or fraudulent scheme. In a typical scam, victims are convinced to send money or provide personal information, believing it’s for a legitimate purpose or going to a trusted recipient. A scammer might also attempt to involve an individual as an intermediary, using them to launder funds stolen from another individual, business, or government agency.


Communications from scammers can originate from almost any source—including mail, email, social media, telephone, and text message—and are often made to appear as though they are from trustworthy parties.


Scams are on the rise, and no one is immune. People of all ages and levels of financial experience have been and continue to be affected. The first step in protecting yourself from falling victim is to be aware of the types of scams and the telltale signs that one may have targeted you.


Types of Scams:


1.Romance/marriage/sweetheart

2.Sweepstakes/lottery

3.Government impersonator

4.Tech or fraud support

5.Real estate scam

6.Business email compromise

7.Investment scam


Download our Scam definitions and prevention client guide here.




May 8, 2025
Schwab has identified a new twist on the "smishing" fraud threat which is being used by fraudsters hoping to capitalize on market volatility and investor emotion to steal funds and data. This version begins when a client receives a text message prompting them to "verify a transaction"—clicking the link leads the investor to a fraudulent website that mimics Schwab's login page, where they are prompted to enter their credentials. Once the credentials have been entered, the fraudsters use them to access Schwaballiance.com. The fraudulent website may also prompt the client to enter a two-factor verification code that they would automatically receive from Schwab, which once submitted allows the fraudster to complete the login process. Once they have access, the fraudster will then change the security token on the account so that it points to a device in the hands of the criminals, instead of the client's own device. At this point, the client is effectively locked out of the account, and the fraudster can begin initiating wire transfers that rapidly drain assets from the account. What to do: Verify the legitimacy of transaction requests prior to taking any action. This can mean, logging into your Schwab account via you normal browser, do not click on the link texted to you. You can also reach out to our office to verify the legitimacy. Monitor accounts closely for any unusual activity. Be on the lookout for client-initiated transactions and for unusual beneficiary account features, such as long or otherwise strange-looking account numbers. Report any unusual activity to us or Schwab immediately. Reminders: Do not click on links or attachments received via text message. Instead, visit the official Schwab site by typing the URL into your web browser manually. Or utilize Schwab's mobile application. Do not enter Schwab credentials or other information into a page reached by clicking a link. The same applies to phone numbers received via text message. Use a verified number you've used in the past. Double check that the URL provided is not a subtle variation of the real one. Stay calm and verify using official verified channels. If you suspect a smishing attack, you should follow these steps: Take a screenshot of the text and forward it to phishing@schwab.com (Be sure the phone number is visible). Delete the text message. If you clicked on the link, you should stop logging into their online accounts and immediately run an anti-virus/malware scan and remove anything identified in that scan. Next, verify the operating system on the device is updated, and then change all relevant passwords. We strongly encourage all clients to add security measures to their Schwab accounts, such as two-factor authentication and verbal passwords, which can help to secure against these attacks. Additionally see our guide to better protect you account: 10 simple tips to protect your Schwab account. Be sure to report any suspicious or fraudulent activity in your accounts as soon as possible, especially if you entered your Schwab credentials into a fake website.