Skip to main content

Urgent Alert: Beware of Smishing Text Scams Targeting Schwab Clients

Written by Minich MacGregor Wealth Management on . Posted in Uncategorized.

Smishing Texts

Smishing Threat Campaign

Schwab has alerted us that there is an active phishing text campaign in which clients receive a text message from an international number and it mentions a disbursement from the client’s account. It then asks to click on a link to log into their account to verify the transaction.  

  • The texts are coming from different international phone numbers.
  • The texts notify that an ACH was debited from their Schwab account, typically in the thousands of dollars.
  • The text then instructs the client to cancel the disbursement if they did not request it, by replying “Y” and clicking on the link provided.
  • The link’s URL is a variation of a spoofed Schwab domain For example https://schwbba.com, https://schwabd.com, https://schwbab.com, etc. 

Be aware:

  • Schwab does not notify client about completed transaction via text message.
  • Schwab does not send out text messages from international numbers.

Keep in mind: Unlike many other attacks, smishing isn’t necessarily an indication that the client has been compromised—the attackers send a message to a large number of randomly chosen phone numbers, hoping some of those people will respond. 

Steps to follow if you suspect smishing:

  • Take a screenshot of the text and forward it on to phishing@schwab.com (Make sure the phone number is visible).
  • Delete the text message.
  • We strongly encourage you to add security measures on your Schwab accounts, such as two-factor authentication and verbal password. 
  • Report suspicious or fraudulent activity in your accounts as soon as possible, including if you entered your Schwab credentials into a fake website.

Note: If you have clicked on the phishing link, you should run an anti-virus and anti-malware scan on your device.

Remember:

  • Do not click on links or attachments included in a text message. 
  • Slow down if a message is urgent. Urgent account updates and limited time offers are red flags of possible smishing. Remain skeptical and proceed with caution. 
  • Avoid using links or contact information from the message. Go directly to the official channels/websites.
  • Double check the phone number. International numbers or odd looking numbers, such as 4-digit phone numbers, are tactics that scammers use to mask their true phone number. 
  • Do not enter your Schwab credentials or other personal information via an unverified link. Instead, enter the address you are familiar with directly into your browser to visit the trusted website to log in as usual. 
  • Double check that the URL is not a subtle variation of the real one.
  • Do not call phone numbers received through unsolicited messages. Always use a verified number that you have used in the past or is found on your account statement.

We are here to help.  Please feel free to reach out to us if you have any questions.

Visit our Cybersecurity page to learn valuable tips on safeguarding yourself and your finances from hackers, scammers, and identity theft.

Scrollable