How To Protect Yourself from Spoofed Website Scams
How To Protect Yourself from Spoofed Website Scams
One of the fastest-growing scams aimed at investors involves creating fake but very convincing websites that appear to be run by legitimate businesses, including the financial institutions you rely on, like schwab.com. These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss.
To spoof a website, bad actors purchase "sponsored links" to fake sites that appear at the top of search results. They aim to boost their site's visibility and lure unsuspecting users into clicking on them. The following information will help you recognize spoofed websites and steer clear of them.
Here's What to Watch For:
- URL Errors and Issues: Look for misspellings or unusual domain extensions. A single letter out of place might mean you're on a fake site—for example, schwabb.com, shwab.com, or schwab.io.
- Grammar and Spelling Mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that's often a clue that the site is fake.
- False Security Notification: If you click on a fake site link, you might see a pop-up screen notifying you of a login issue directing you to a hotline number. Wording on these spoofed sites may mention "unauthorized activity" or other details designed to trigger anxiety and panic.
- Request for Personal Information: Schwab will never ask you over the phone for your account login password or a text passcode. If someone asks you for your account login password or code by phone, do not provide it.
- Privacy Policy: Genuine sites will have a privacy policy available. If it's missing, think twice.
How to Protect Yourself:
- When In Doubt, Pull The Plug Out: Schwab created a short video to explain what happens when you click on something on a fraudulent website.
- Avoid Searching for a Site: Save bookmarks for frequently visited websites, especially financial ones, to avoid accidentally clicking on the wrong website.
- Utilize the App: Download the Schwab Mobile app (and apps from other financial institutions). Utilize biometric authentication (like Face ID or fingerprint) if available. Note: Be cautious to ensure you're downloading apps. Verify legitimacy by checking reviews and check the number of downloads.
- Question Urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels.
- Use Secure Networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible.
- Be Cautious With Links: Links can be misleading. Here are two things to watch out for:
- Hover: If you hover your mouse over a link, you can see its true destination. If you're on a phone, lightly press and hold the link to view the actual URL. For example, this link might appear to lead to schwab.com, but it actually goes to Google.
- Inspect: Look at the last part of the link. The part right before the .com, .edu, .gov, or .net indicates the true website. A website that says schwab.account-login.com is fake because schwab is separated from the .com by account-login.
We're Here to Help:
If you're ever in doubt about the legitimacy of a communication from Schwab, any financial institution, or our firm, please call us at 812-333-4726. Your security is our high priority, and we're here to provide the support and guidance you need to protect your investments. Stay vigilant and informed to keep your financial future secure.