New "Transaction Verification" Smishing Campaign Targeting Schwab Accounts

Laurie Barrett |

Schwab has identified a new twist on the "smishing" fraud threat which is being used by fraudsters hoping to capitalize on market volatility and investor emotion to steal funds and data.

This version begins when clients receive a text message prompting them to "verify a transaction" โ€” clicking the link leads the unwary investor to a fraudulent website that mimics Schwab's login page, where they are prompted to enter their credentials. Once the credentials have been entered, the fraudsters use them to access Schwaballiance.com. The fraudulent website may also prompt the client to enter a two-factor verification code that they would automatically receive from Schwab, which once submitted allows the fraudster to complete the login process.

Once they have access, the fraudster will then change the security token on the account so that it points to a device in the hands of the criminals, instead of the client's own device. At this point, the client is effectively locked out of the account, and the fraudster can begin initiating wire transfers that rapidly drain assets from the account. 

Why this matters now:

Fraudsters exploit market conditions like those we're seeing now โ€” times of uncertainty and volatility โ€” knowing that an anxious investor is less likely to think carefully about security measures when they're worried about their investments. The best defense is heightened vigilance on your part.

What to do:

  • Do not click on links or attachments received via text message.
    • Instead, visit the official Schwab site by typing the URL into your web browser manually.
    • Or utilize Schwab's mobile application.
  • Do not enter Schwab credentials or other information into a page reached by clicking a link. The same applies to phone numbers received via text message. Use a verified number you've used in the past.
  • Double check that the URL provided is not a subtle variation of the real one.
  • Stay calm and verify using official verified channels.

If you suspect a smishing attack, follow these steps: 

  • Take a screenshot of the text and forward it to phishing@schwab.com (Be sure the phone number is visible).
  • Delete the text message.
  • If you clicked on the link, you should stop logging into your online accounts and immediately run an anti-virus/malware scan and remove anything identified in that scan. Next, verify the operating system on the device is updated, and then change all relevant passwords.
  • Be sure to report any suspicious or fraudulent activity in your accounts as soon as possible, especially if you entered your Schwab credentials into a fake website.

We strongly encourage you to add security measures to your Schwab accounts, such as two-factor authentication and verbal passwords, which can help to secure against these attacks.  Download this brochure for help:  10 Simple Steps to Protect Your Schwab Account.