Protect yourself and your clients from fraud during the holidays

Key Points

  • Cybercriminals can be more aggressive during the holidays because they think you'll have your guard down.

  • Phishing, account takeovers and other scams are at the root of many fraud incidents.

  • Double-checking account actions verbally and verifying important details can help you catch many scams ahead of time.

Each fall, many of us look forward to days off and seasonal treats, but now's not the time to let your guard down. Fraudsters adapt to every season, taking advantage of the moments when you're most vulnerable. 

That's why Schwab's got your back, no matter what season. We're here to help you stay vigilant so you can stop scams before they strike. Here are the schemes on our radar and some ways to protect your clients and your firm. 

Common schemes and how they happen

Phishing. Fraudsters send phishing messages via email, text, messaging apps, and social media. These messages can appear to be from trusted sources but are designed to lure you to click on a link that installs malware on your device or gives them login information. If they upload malicious software on your device, they can control that device and capture your keystrokes when typing passwords, potentially spreading into multiple systems. If they steal login credentials for one account by, for example, sending a link to a spoofed banking website, they may quickly change the personal information on the account and then steal whatever they can.     

Online account takeover. Stolen credentials, malware, or breached information can allow criminals to gain unauthorized access to a client's account. Once they're in, they often have the power to steal funds and impersonate the client.

Email account takeover. Email is the number one gateway to cybercrime and is a treasure trove of sensitive information. If a scammer can gain unauthorized access to your email account, they can impersonate you, which may allow them to steal additional information or gain further access to brokerage, bank, or other accounts. They often maintain access to your online accounts by changing passwords and intercepting security codes.

A takeover of a client's email account could come with additional layers of fraud. For example, thieves could use their email access to create counterfeit documents that allow them to set a link to transfer money to their own accounts.  

Fraudulent wires. Using email account takeover tactics, fraudsters gain access to a trusted email account and send fraudulent wire instructions. They're counting on recipients of the wire instructions to not verbally verify the details.

Tech support scams. Scammers may send pop-up messages or plant fake websites in search results that claim there is a problem with an individual's device or account. When victims click to fix a problem that doesn't exist, the scammers can log into online accounts, gain access to other personal information, and use that information to commit ID theft, steal money, or control devices remotely.

Data incidents. You could lose data via theft of a company laptop, unauthorized access to email and password-protected accounts, and the exploitation of software vulnerabilities. Lost data can result in financial loss, exposed secrets, or system compromise.

How to protect yourself and your clients

Dialogue: "Hi, it's Marnie, your advisor, calling to verify a transaction..."

If you work with Schwab, you have access to all the processes and resources we've created to help you protect your firm and clients. If you don't work with Schwab, just know you can still apply these basic principles to your practice.

Verbally verify all money movement disbursements—without exception. Confirming your clients' identity and transaction details via phone or video chat is one of your strongest fraud prevention weapons.

Report suspected or confirmed fraud to Schwab or your firm ASAP. If you work with Schwab, log in to review our Advisor Fraud Guidelines for what to do.

Encourage your clients and employees to create strong and unique credentials. Each site they access should have a different set of credentials. Or consider using a password manager to help create a unique password for online accounts. You can also activate multifactor authentication when it's available. This option adds an additional layer of security when accessing secure sites, like Schwab Advisor Center®.

Encourage clients to add a verbal password. At Schwab, clients can set a verbal password—this is a password they only give to a Schwab representative over the phone. If a bad actor calls into Schwab and attempts to impersonate your client, a verbal password can serve as an additional roadblock to fraud.

Address problems immediately. If a client or employee clicks a fraudulent link and supplies any credentials or information, encourage them to run an antivirus/anti-spyware check immediately on all their computers and mobile devices and then change their passwords. Firm employees should escalate the matter according to your firm's protocols.

Use eAuthorization for money movements. It's the fastest, easiest, and safest way to move money to clients' Schwab accounts. However, always verbally verify the instructions you input for your clients and ensure that they have verbally verified the instructions they received using a trusted phone number.

Monitor client accounts for suspicious activity. Get alerts on Schwab client account activity at Schwab Advisor Center®. There you can spot unusual requests, which could include phone number/email address changes, online user ID activations, transfers of assets, and client-initiated money movements. Be sure to call your client immediately if you see anything unusual.

Regularly review your firm's security practices and report data incidents to Schwab. The more layers of security you have in place, the harder it is for fraudsters to break through.

Educate yourself and your clients. Schwab has a wealth of resources advisors can use to keep up with the latest cybersecurity best practices. If you work with Schwab, we also have resources you can share with clients to help them understand different scams and take steps to protect their accounts.

We're in this together

Cybercriminals might be out there trying to burst in on your holiday cheer, but you don't have to let them. Keep these common threats and tips handy throughout the year and talk about them with clients, family, friends—everyone needs to know how to stay safe in a digital world. And as always, we at Schwab are here to assist you, providing people, tools, and resources to help you strengthen your defenses. 

What you can do next

Related articles

(1225-M9E0)

Read more about Schwab's privacy policy.

Third-party firms and their employees are not affiliated with or employed by Schwab. Their mention should not be construed as a recommendation, endorsement, or sponsorship by Schwab. The views expressed are those of the third parties and are provided for informational purposes only. The experiences shared are no guarantee of future performance or success and may not be representative of you or your experience. Third-party trademarks are the property of their respective owners and used with their permission.

Schwab does not provide investment planning, legal, regulatory, tax, or compliance advice. Consult professionals in these fields to address your specific circumstances.

Schwab Advisor Services™ provides custody, trading, and the support services of Charles Schwab & Co., Inc. ("Schwab"), member SIPC, to independent investment advisors and Charles Schwab Investment Management, Inc. ("CSIM"). Independent investment advisors are not owned by, affiliated with, or supervised by Schwab.

© 2025 Charles Schwab & Co., Inc. ("Schwab") All rights reserved. Member SIPC.