00:00:06 – VERNESA HARPER:
My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Today, I want to bring attention to a common fraud scheme that can have immediate and sometimes long-term impacts to your firm.
Phishing is when fraudsters send fake emails and texts appearing to be from a trustworthy source, hoping that you will click on a link or download an attachment. You see, the end goal is to trick you into inputting and capturing your sensitive information.
Let's take a look at a few fishing examples and red flags to be on the lookout for.
We've seen fraudsters send phishing emails appearing to be from Schwab. The phishing email requests that you click on a link, login to schwab.com with your credentials to review account information.
Always look for spelling, grammatical errors, and logos that may appear slightly different. There are also schemes targeting the industry, attempting to trick advisors and advisory firm employees to gain access to your firm's network.
More recently, FINRA released two regulatory bulletins to make registered investment advisors aware of phishing emails appearing to be from them. Be on the lookout for an immediate response or threatens an adverse action unless there is a response to the email.
Now let's talk about how you can protect your firm. Number one, before you click, scrutinize every email and assume that the email is fraud until you can prove that it's not. Number two, take your mouse and hover over the email address and look to see if the email address is spoofed. Number three, avoid using email to share confidential information unless you're using a secure email channel. Number four, companies generally don't contact you to request your username and password. Number five, create a unique username and password for every website that you login to or utilize a password manager. And, lastly, number six, use two-factor authentication.
Schwab provides you with access to the Fraud Encyclopedia on the Cybersecurity Resource Center, where you can learn more information about phishing schemes and other fraud schemes. In addition, there are several resources on the Cybersecurity Resource Center to help you build and strengthen your cybersecurity program.
If your firm becomes the victim of a phishing scheme or any fraud scheme where you believe your clients' non-public information has been compromised, Schwab would like to work with you to ensure that your clients' data and assets are protected.
To learn more information about how you can work with Schwab, please review the Data Incidents and Cyber Risk video.