A person sits at a desk and types on a laptop.

Cybersecurity & Fraud Prevention

Help protect your firm and your clients from digital threats by reinforcing your cybersecurity program and honing your fraud prevention strategies. Our educational resources, tools, and insights are designed to help you identify areas of weakness and strengthen your business operations.

 

 

Get the latest on cybersecurity threats

Review the latest risk alerts from the Securities and Exchange Commission's Division of Examinations.

Help protect your vulnerable clients

Are you worried about your vulnerable clients falling victim to fraud? Our collection of resources on the topic explores how you can help keep them safe.

Take a holistic approach to data security

Safeguard against potential threats to your data infrastructure by identifying security vulnerabilities and learning how to mitigate those risks.

Strengthen your firm's cybersecurity

Don't become a statistic. Nearly 75% of advisors have reported experiencing cyberattacks directly or through one or more of their vendors.1

Cybersecurity program checklist

Launching a cybersecurity program or looking to strengthen an existing one? Follow these five steps to develop powerful security measures for your firm.

Knowledge is your cybersecurity power

Identify potential gaps in your firm's cybersecurity and develop a plan to keep your business and clients safe with the Strengthen Your Cybersecurity Program virtual education series.

Enhance your digital defenses

Train your team on best practices with easy-to-use tools and resources in our Cybersecurity Resource Center. As your custodian, Schwab can help you create a thoughtful strategy that helps keep your firm and your clients safe.


Help protect your business and clients from fraud

Tighten up your internal and external processes to develop good defenses against fraud. Then pass along your learnings to your clients.

Fraud resources for advisors

When it comes to fraudulent activity, you have an elevated level of responsibility as a financial advisor. Follow these tips to help safeguard your client information and protect your firm.

Help keep your clients safe

Help your clients strengthen their fraud prevention strategies by sharing these 10 tips for protecting their accounts.

VERNESA HARPER:  My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Today, I want to bring attention to a common fraud scheme impacting advisors and clients, business email compromise, which is also known as email account compromise. Scammers know that you and your clients rely on email to conduct business, which is the same reason that email is the number one gateway to cybercrime. 
    
This scheme is carried out when a fraudster compromises a legitimate business or personal email account through social engineering or computer intrusion techniques, malware, for example, to request unauthorized transfers of funds.

Once the fraudster has access to the client's email account, they will search to see if the client has a relationship with an advisor. Fraudsters will piggyback on an existing email conversation between the advisor and the real client a request to send an outgoing transaction to an account that the fraudster controls. 

One of the tricks that sophisticated fraudsters use is spoofing the client's email address, which happens when they create a new account that looks very similar to the client's real email address. Then the fraudster sends an email from this new email address to the advisor posing as their client to request an outgoing fraudulent transaction.

We've also seen fraudsters leverage a relationship between a client and some third party. The end goal is to get the advisor to facilitate a fraudulent outgoing transfer from the client's account. Let's look at some red flags to watch out for. 

The first red flag is a spoofed email address. As mentioned earlier, the fraudster will create an email address that looks very similar to the client's real email address. 

The second red flag is fraudsters will piggyback on existing email communications with the advisor. Look for an abrupt change in the email tone. 

The third red flag is creating a sense of urgency. Every email request from a fraudster is supposedly urgent, and fraudsters will try to play on the advisor's emotions to get them to act quickly. 

The fourth red flag is inconsistent grammar or spelling errors. 

The fifth red flag is attempting to limit communication to email. The fraudster will come up with reasons as to why they're unable to get on the phone with you to verbally verify the request, using the excuse that they only have access to their email. 

The sixth red flag, the money movement instructions are sent in an email followed by a new set of instructions that are sent by the fraudster. 

And the seventh and last red flag is the transaction is rejected by the receiving bank. 

Schwab requires advisors to call clients to verbally verify the details of all money movement instructions, especially email, before sending the instructions to Schwab. Fraudsters succeed in their schemes when an advisor acts on fraudulent money movement instructions without verbally verifying them with their client, resulting in a successful email compromise fraud incident. 

The Schwab Security Guarantee doesn't cover fraud loss when the money movement activity is facilitated by the advisor. In these cases, the advisor is liable for the loss in their client's account. 

The verbal verification is not just a Schwab requirement, but most insurance companies require it, as well.

Let's talk about how you can protect your firm and your client assets. Assume the email is fraud until you can prove that it's not. Look for spoofed email addresses. Avoid sharing confidential information in an email. Verbally verify all money movement instructions received in an email with your client. Encourage your clients to utilize two-factor authentication, which is an added layer of security for email accounts. And, lastly, utilize the eAuthorization channel, which is the fastest and safest way to move money in your client's account. 

If your client becomes the victim of the email account compromise scheme, please contact Schwab immediately and we will reach out to the receiving firm to recall the funds.


 

Video Transcript

Fighting business email compromise fraud

VERNESA HARPER:  My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Today, I want to bring attention to a common fraud scheme impacting advisors and clients, business email compromise, which is also known as email account compromise. Scammers know that you and your clients rely on email to conduct business, which is the same reason that email is the number one gateway to cybercrime. 
    
This scheme is carried out when a fraudster compromises a legitimate business or personal email account through social engineering or computer intrusion techniques, malware, for example, to request unauthorized transfers of funds.

Once the fraudster has access to the client's email account, they will search to see if the client has a relationship with an advisor. Fraudsters will piggyback on an existing email conversation between the advisor and the real client a request to send an outgoing transaction to an account that the fraudster controls. 

One of the tricks that sophisticated fraudsters use is spoofing the client's email address, which happens when they create a new account that looks very similar to the client's real email address. Then the fraudster sends an email from this new email address to the advisor posing as their client to request an outgoing fraudulent transaction.

We've also seen fraudsters leverage a relationship between a client and some third party. The end goal is to get the advisor to facilitate a fraudulent outgoing transfer from the client's account. Let's look at some red flags to watch out for. 

The first red flag is a spoofed email address. As mentioned earlier, the fraudster will create an email address that looks very similar to the client's real email address. 

The second red flag is fraudsters will piggyback on existing email communications with the advisor. Look for an abrupt change in the email tone. 

The third red flag is creating a sense of urgency. Every email request from a fraudster is supposedly urgent, and fraudsters will try to play on the advisor's emotions to get them to act quickly. 

The fourth red flag is inconsistent grammar or spelling errors. 

The fifth red flag is attempting to limit communication to email. The fraudster will come up with reasons as to why they're unable to get on the phone with you to verbally verify the request, using the excuse that they only have access to their email. 

The sixth red flag, the money movement instructions are sent in an email followed by a new set of instructions that are sent by the fraudster. 

And the seventh and last red flag is the transaction is rejected by the receiving bank. 

Schwab requires advisors to call clients to verbally verify the details of all money movement instructions, especially email, before sending the instructions to Schwab. Fraudsters succeed in their schemes when an advisor acts on fraudulent money movement instructions without verbally verifying them with their client, resulting in a successful email compromise fraud incident. 

The Schwab Security Guarantee doesn't cover fraud loss when the money movement activity is facilitated by the advisor. In these cases, the advisor is liable for the loss in their client's account. 

The verbal verification is not just a Schwab requirement, but most insurance companies require it, as well.

Let's talk about how you can protect your firm and your client assets. Assume the email is fraud until you can prove that it's not. Look for spoofed email addresses. Avoid sharing confidential information in an email. Verbally verify all money movement instructions received in an email with your client. Encourage your clients to utilize two-factor authentication, which is an added layer of security for email accounts. And, lastly, utilize the eAuthorization channel, which is the fastest and safest way to move money in your client's account. 

If your client becomes the victim of the email account compromise scheme, please contact Schwab immediately and we will reach out to the receiving firm to recall the funds.


 

Business email compromise

Learn how to identify scammers via your email, the number one gateway to cybercrime.

00:00:06 – VERNESA HARPER: 
My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Being the victim of cybercrime is a frightening and a stressful experience. And when your client's information is exposed, time is of the essence to help minimize the impacts to your clients. 

00:00:28
Today, I'm going to highlight some of the common data incidents and cyber risk events, and I'll discuss how you can work with Schwab if your firm has to respond to one of these situations.

00:00:41
Let's review four common data incidents and cyber risk events that we've seen impacting our advisors. Microsoft Office 365 email compromise. And for this particular data incident, the point of compromise is usually phishing. You or a firm employee receives an email appearing to be from a trustworthy source. You click on a link or download an attachment. The outcome is a bad actor is able to gain access to your email. 

00:01:13
We've also seen ransomware attacks, where a bad actor is able to gain access to your firm's server files through an unpatched system. The files are downloaded or encrypted. 

00:01:27
In addition, we've seen advisor device compromise. And this happens when you or someone at your firm clicks on a link or downloads an attachment in a phishing email or visits a fraudulent website. Then malware is installed on the device, which allows a bad actor to record keystrokes, capture passwords, and review unprotected spreadsheets. 

00:01:56
And, lastly, you may encounter physical loss of information, such as a stolen laptop where you have clients' data and files stored. 

00:02:06
It's critical that you let us know as soon as possible when your firm experience one of these scenarios because we may be able to assist with heightened security measures.

00:02:19
Like you, Schwab has a vested interest in your clients' security. And we treat the safeguarding of client information as our top priority. 

00:02:31
To learn more information about how you can work with Schwab, please visit the Cybersecurity Resource Center and review the advisor data incidents and cyber risks requirements resource. Also look for information on the Cybersecurity Resource Center to help you build and strengthen the cybersecurity program at your firm.

00:02:53
In case you review the data incidents and cyber risk requirements video first, I would like to encourage you to review the phishing video. This video will provide you with examples of phishing attacks that fraudsters use that can lead to an advisor data incident and cyber risk event.


 

Video Transcript

Preventing Fraud - Data Incidents and Cyber Risk

00:00:06 – VERNESA HARPER: 
My role is dedicated to keeping you and your firm aware of fraud and cybersecurity threats that you may encounter. Being the victim of cybercrime is a frightening and a stressful experience. And when your client's information is exposed, time is of the essence to help minimize the impacts to your clients. 

00:00:28
Today, I'm going to highlight some of the common data incidents and cyber risk events, and I'll discuss how you can work with Schwab if your firm has to respond to one of these situations.

00:00:41
Let's review four common data incidents and cyber risk events that we've seen impacting our advisors. Microsoft Office 365 email compromise. And for this particular data incident, the point of compromise is usually phishing. You or a firm employee receives an email appearing to be from a trustworthy source. You click on a link or download an attachment. The outcome is a bad actor is able to gain access to your email. 

00:01:13
We've also seen ransomware attacks, where a bad actor is able to gain access to your firm's server files through an unpatched system. The files are downloaded or encrypted. 

00:01:27
In addition, we've seen advisor device compromise. And this happens when you or someone at your firm clicks on a link or downloads an attachment in a phishing email or visits a fraudulent website. Then malware is installed on the device, which allows a bad actor to record keystrokes, capture passwords, and review unprotected spreadsheets. 

00:01:56
And, lastly, you may encounter physical loss of information, such as a stolen laptop where you have clients' data and files stored. 

00:02:06
It's critical that you let us know as soon as possible when your firm experience one of these scenarios because we may be able to assist with heightened security measures.

00:02:19
Like you, Schwab has a vested interest in your clients' security. And we treat the safeguarding of client information as our top priority. 

00:02:31
To learn more information about how you can work with Schwab, please visit the Cybersecurity Resource Center and review the advisor data incidents and cyber risks requirements resource. Also look for information on the Cybersecurity Resource Center to help you build and strengthen the cybersecurity program at your firm.

00:02:53
In case you review the data incidents and cyber risk requirements video first, I would like to encourage you to review the phishing video. This video will provide you with examples of phishing attacks that fraudsters use that can lead to an advisor data incident and cyber risk event.


 

How to respond to fraud

Minimize the impacts of data incidents and cyber risk events by following these steps.


Schwab's data protection

When you work with a custodian, you expect them to keep your information and your clients' data safe. Learn the details of Schwab's multi-layered data protection measures.

Schwab clients: Access more resources

Still worried about your firm's fraud protection? Schwab's resources are designed to help you and your clients stay safe from cyber attacks, data breaches, and other forms of fraud. Log on to learn more.

We can help you spend less time worrying and more time with clients

All of Schwab's services, products, and resources are designed to help you focus on the rewarding part of the job: serving clients. Connect with a Schwab Business Development Officer today for a completely confidential conversation.

reii
genlp
(0624-5JXV)

1. Office of Compliance Inspections and Examinations ("OCIE"), Volume IV, Issue 4, February 3, 2015, Cybersecurity Examination Sweep Summary.

scroll50-dblclk
reii-genst