Fraudsters don't take holidays

Fraudsters Holiday

The holiday season always comes with challenges, including increased risk and more opportunities for fraudsters to strike. Criminals know that we let our guard down—that we can become distracted by events and year-end deadlines. This season presents a host of new fraud threats as we close out the year still coping with a global pandemic.

Remember that all transactions carry potential risk, and your clients need your help safeguarding their assets. Below are some recent fraud trends and ways you can protect your clients and firm. Log in to view our  for additional information on each of these schemes.

Recent fraud schemes and how they typically happen


  • Fraudsters send emails that appear to be from a trusted source; messages are designed to lure an individual to click a link to a fake website that looks legitimate. The individual is then directed to provide their credentials—login name and password—giving the criminals access to the account.
  • Similar to phishing emails, smishing occurs when an individual receives a fraudulent text message that appears to be from a legitimate source; the message links to a fake website designed to acquire the individual’s login credentials, account number, or personal information.
  • Both of these schemes can install malware on a device.

Online account takeover

Criminals gain unauthorized access to a client’s account using stolen credentials, malware, or breached information.

Email account takeover

  • Scammers gain unauthorized access to an email account or spoof the email address to impersonate the account holder, steal information, and gain further access to brokerage, bank, or other accounts, often by intercepting security codes.
  • They monitor email traffic and may even route new messages to an alternate folder or email address.
  • Criminals look for information in the email that they can use to commit fraud or identity theft.
  • Posing as a client, fraudsters insert themselves into an existing email conversation or compose a new email to an advisor to request forms or transactions. Often, they attach counterfeit documents such as a voided check for Schwab MoneyLink®
    • In this case, bank accounts for Moneylink disbursements
      • may appear to be in a client’s name because the voided check is altered, and the account is truly in the name of a money mule
      • is in the client’s name but is an unauthorized account established by a fraudster (ID Theft)

High-dollar purchases

  • Using email account takeover tactics, fraudsters gain access to an individual’s or third-party’s email account and send fraudulent wire instructions to the individual or their advisor.
  • Recipients of the wire instructions do not verbally verify them after receipt and then process the fraudulent request.

Tech support scam

Scammers send a pop-up message or plant fake websites in search results that claim there is a problem with an individual’s device or account. Victims have reported calling phone numbers in such messages and reaching impersonators of financial institutions or other companies. Victims also allow the bad actor to remotely access their devices.

Data incident

Incidents may involve the theft of a company laptop, unauthorized access to email and password-protected accounts, and the exploitation of software vulnerabilities resulting in a financial loss or system compromise.

Resources to protect you and your clients

  • Verbally verify all disbursements—without exception. Confirming your clients' identity and transaction details via phone or video chat remains one of your strongest fraud prevention weapons. This includes like-registration requests.

  • Report suspected or confirmed fraud activity to Schwab and review the Advisor Fraud Guidelines for additional information.

  • Encourage your clients and employees to create strong and unique credentials for each site they access, and consider using multifactor authentication by signing up for a free software token. This option adds an additional layer of security when accessing secure Schwab sites.

  • If a client or an employee clicks a fraudulent link and supplies any credentials or information, encourage them to immediately run an antivirus/anti-spyware check on all of their computers and mobile devices—and then change their passwords. Employees should escalate the matter in accordance with your firm's protocols.

  • Consider using eAuthorization tools to quickly and securely process money movements. Always verbally verify the instructions you input for your clients and ensure that they have verbally verified the instructions they received.

  • Monitor your clients' accounts to uncover suspicious activity. Watch Schwab Advisor Center® Alerts for unusual requests, which could include phone number/email address changes, online user ID activations, transfers of assets, and client-initiated money movements. Call your client immediately if you see anything unusual.

  • Educate your clients by customizing the Tips for Preventing Fraud checklist  to provide best practices to help them protect their data, information, and assets. The checklist also provides suggestions for what to do if you suspect that there has been a breach.

  • Regularly review your firm's security practices and report data incidents to Schwab.

All these resources and more can be found in our Cybersecurity Resource Center. Visit our Cybersecurity page for a preview and log in for the full suite of resources and tools.  

If you're thinking about becoming an independent advisor, consider a custodian that invests in your success. Contact us to learn more about the benefits of a custodial relationship with Schwab.