Staying Safe Against Remote Access Tools (RATs)

Schwab has identified a recent trend where fraudsters have been using Remote Access Tools (RATs) in combination with phishing attacks to compromise digital devices like mobile phones, tablets, laptops and desktops. These RATs are tools that are used for legitimate purposes—IT support for example. However, bad actors can abuse them to steal assets and data.

How a RAT-based attack works:

1. First, the fraudster sends a phishing email with a link or attachment that appears legitimate.

2. Once the victim clicks, the RAT is installed on that device without any notification to the user, and automatically connects to a remote server controlled by the attacker.

3. At this point, the attacker can:

• Steal sensitive data (passwords, financial details, etc.)

• Monitor user behavior through keylogging and screen recording

• Gain access to anything the user accesses using the infected device, which can include Schwab Advisor Center or Schwab Alliance. This online access can let them set up fraudulent trades and/or money movements.

4. This type of attack is difficult to detect for many reasons, including:

• The fraudulent activity is generated by a device that's trusted by the user.

• These attacks may use legitimate applications, so the problem may not show up in antivirus/malware scans.

Unlike many other scams, RAT-based attacks do not require interaction with a scammer or taking action to download malicious software—for that reason, these attacks can seem "invisible". RAT-based attacks are versatile and difficult to detect, so they are particularly dangerous.

Click here for a full primer on how to avoid these malicious activities.