Fraud and cybercrime are serious threats, so constant vigilance is key. Our firm plays an important role in helping safeguard your assets, but you can also take action yourself to protect and help secure your information.
If you haven’t already, check out our one-page Cyber Security Tips for Clients that summarizes common cyber fraud tactics, as well as security tips and best practices. In the checklist below, we’ll focus more specifically on phishing prevention, as these types of attacks have become increasingly sophisticated and difficult to spot. Some suggestions may be things you’re doing already, whereas others may be new to you. We also cover actions to take if you suspect that your personal information has been compromised. If you have questions, we’re here to help.
In phishing attacks, a fraudster’s goal is to obtain information to access your account and assets or to sell your information for this purpose. Criminals often take the path of least resistance, so following best practices and applying caution when sharing information and executing transactions makes a big difference.
10-point checklist to prevent and combat phishing attacks
Be suspicious of unexpected or unsolicited phone calls, emails, and texts asking you to send money or disclose personal information. If you receive a suspicious call, hang up, then dial the caller back, using a known contact number.
Be cautious when sharing sensitive information and conducting personal or confidential business via email because it can be compromised and used to facilitate identity theft.
Be cautious when receiving money movement instructions via email. Call the sender at their known number (not a number provided in the email) to verbally validate all instruction details before following instructions or providing your approval.
Do not click on links or attachments in emails and text messages if you question the validity of the sender. Instead, type the real web address, such as https://www.schwaballiance.com, in your browser.
Hover over questionable links to reveal the site’s full URL and see where the link really goes. Do not click on links that don’t match the sender or don’t match what you expect to see.
Check the sender’s domain name in the email address, such as john.doe@schwab.com, to see if it matches what you would expect to see.
Be suspicious of emails that have grayed-out Cc: and To: lines—they may have been sent to a mass distribution list.
Activate the spam filters in your email settings to help prevent unsolicited emails from going to your inbox.
If you suspect that an email appearing to be from Schwab is a phishing email, forward it to phishing@schwab.com.
If you suspect that you are the victim of a phishing attack after clicking a link and entering your Schwab account information, please immediately call our office at 209-633-3101 as well as the Schwab Alliance team at 800-515-2157.
Learn more
Visit these sites for more information and best practices:
- National Cybersecurity Alliance > StaySafeOnline.org
- Federal Trade Commission > OnGuardOnline.gov
- Federal Deposit Insurance Corporation > Consumer Assistance Topics
- Federal Bureau of Investigation > Scams and Safety