Search engine optimization (SEO) scams are targeting Schwab clients.

Scammers are using search engine optimization (SEO) to create fake websites that appear in search results for trusted institutions like Schwab. When clients visit these sites, they are exposed to phishing attacks aimed at stealing their information and assets.

How these scams work:

• Knowledgeable fraudsters use sophisticated techniques to create websites that appear in search engines when clients are looking for Schwab or other trusted institutions. 

• The websites are designed to look legitimate, and their position in the search results trick users into believing the top search hits are the most credible. This phishing tactic is very effective: after all, not every user will scrutinize every search result to ensure the link they're about to click is legitimate. 

• Once the client clicks on the phishing website and attempts to log in with their credentials, they receive an error message stating there's a login issue and to contact a hotline number noted in the message for further assistance. 

• When the client contacts the fraudulent number, the bad actor posing as a Schwab employee states that there's been a security breach, and someone is attempting to steal money from their account. 

• Then, the bad actor attempts to convince the client to download software to their device. 

• The overall goal is to gain access to the device and continue to facilitate additional fraud attacks, which can ultimately lead to unauthorized activity and ID theft.

The best way to avoid these types of scams is to not use Google (or other search engines) to access Schwab’s website. Save the official Schwab website as a bookmark in your browser, and use that to access the site.