Protect yourself and your clients from fraud during the holidays
Cybercriminals can be more aggressive during the holidays because they think you'll have your guard down.
Phishing, account takeovers and other scams are at the root of many fraud incidents.
Double-checking account actions verbally and verifying important details can help you catch many scams ahead of time.
Cybercriminals know that this time of year we often get distracted by holiday events and year-end deadlines. But fraudsters don't take days off. In fact, they often use this time to try out new tricks. Fraud is always evolving so it's important to stay aware of the latest threats and common schemes to stop scams before they strike.
Common schemes and how they happen
Fraudsters send phishing emails that appear to be from a trusted source but are designed to lure you to a website that looks like a familiar login page. When you type your username and password, fraudsters take it and use it to access your systems.
Besides email, these kinds of scams can occur via text message, chat, social media, and any other online space. Phishing scams can also be designed to get you to click on a link that installs malware on your device.
Online account takeover
Criminals gain unauthorized access to a client's account using stolen credentials, malware, or breached information.
Email account takeover
If a scammer can gain unauthorized access to your email account, they can impersonate you, which may allow them to steal additional information or gain further access to brokerage, bank, or other accounts. They often gain access by changing passwords and intercepting security codes.
A takeover of a client's email account could come with additional layers of fraud, including counterfeit documents such as a voided check for the setup of a new Schwab MoneyLink® that is connected to an account under the control of thieves.
Using email account takeover tactics, fraudsters gain access to a trusted email account and send fraudulent wire instructions. They're counting on recipients of the wire instructions to not verbally verify the details.
Tech support scams
Scammers can send a pop-up message or plant fake websites in search results that claim there is a problem with an individual's device or account. When victims try to remedy what they think is a problem, scammers can take login, account, or other personal information and use it to steal money or control devices remotely.
Incidents may involve the theft of a company laptop, unauthorized access to email and password-protected accounts, and the exploitation of software vulnerabilities resulting in a financial loss or system compromise.
How to protect yourself and your clients
- Verbally verify all disbursements—without exception. Confirming your clients' identity and transaction details via phone or video chat is one of your strongest fraud prevention weapons.
- Report suspected or confirmed fraud to Schwab. Log in to review our Advisor Fraud Guidelines for additional information.
- Encourage your clients and employees to create strong and unique credentials. Each site they access should have a different set of credentials. You can also activate multifactor authentication when it's available. This option adds an additional layer of security when accessing secure sites, like Schwab Advisor Center®.
- Address the problem immediately. If a client or an employee clicks a fraudulent link and supplies any credentials or information, encourage them to run an antivirus/anti-spyware check immediately on all their computers and mobile devices—and then change their passwords. Employees should escalate the matter according to your firm's protocols.
- Consider using eAuthorization. Always verbally verify the instructions you input for your clients and ensure that they have verbally verified the instructions they received.
- Monitor client accounts for suspicious activity. Get alerts on client account activity at Schwab Advisor Center®. There you can spot unusual requests, which could include phone number/email address changes, online user ID activations, transfers of assets, and client-initiated money movements. Be sure to call your client immediately if you see anything unusual.
- Educate your clients. Share this fraud prevention checklist with your clients to help them protect their data and assets. It also suggests key steps to take if a client suspects fraud.
- Regularly review your firm's security practices and report data incidents to Schwab.
We're in this together
Fraudsters might be out there trying to burst in on your holiday cheer, but you don't have to let them. Keep these common schemes and tips handy throughout the year and stay vigilant against attacks on your firm and clients. And always know that we're here to help with people, tools, and resources to help strengthen your defenses.
What you can do next
- If you custody with Schwab:
- Check out the Fraud Prevention page in our Cybersecurity Resource Center
- Watch our fraud prevention and cybersecurity best practices session from SOLUTIONS 2023
- Enroll in Schwab's Virtual Practice Management Strengthen Your Cybersecurity series for tips and tools to bolster your efforts to build and maintain a comprehensive cybersecurity program.
- Consider a custodian that invests in your success. If you're thinking about becoming an independent advisor, contact us to learn more about the benefits of a custodial relationship with Schwab.