SEO Scam Alert

In light of my recent post about cybersecurity, I wanted to point out a recent notice that Schwab sent out to the advisory community regarding search engine optimization (SEO) scams.

Scammers are buying adds on Google to direct people to fake websites in order to steal personal information or money.

Here is a screenshot provided by Schwab that illustrates an example of a fake Google advertisement:

Screenshot provided by Schwab showing an example of a scam Google advertisement

Looking at the advertisement on Google, there is really no way to discern that it is a fake and ultimately leads to a bogus website. And unless you are REALLY paying attention, clicking on the ad will bring you to a fake website that looks identical to schwab.com in almost every way.

And if you try to log in, you will generally get an error message directing you to call a phone number. If you call the number, then the scammers will try to trick you into providing more personal information or steal your assets.

Screenshot provided by Schwab showing an example error message on a fake/scam website

These scammers are well trained and sophisticated. They will use persuasion tactics to induce a sense of fear and urgency in your actions.

For example, when you call, the scammer may say there has been a security breach and your assets are at risk. They will urge you to take swift action to stop the breach. Simultaneously, they will act like your best friend and offer to swiftly fix the “problem.”

And often, while you are on the line with one scammer, another scammer is talking to a real Schwab representative in an effort to set up a wire transfer to a bogus bank account. They may ask you to provide 2-factor authentication (2FA) codes or other login information so they gain full access to your account and steal your money. They may even request that you download/install bogus software to your computer so they can gather your information over time.

For a recent, real life example, take a look at this story about Andy Cohen.

In order to combat these scams, it’s important to follow a few precautions.

  1. Always type in the web address (or URL) for Schwab (or any financial institution) directly into your web browser software. For Schwab clients, this means https://www.schwab.com. Try to avoid searching for the address on Google or any other internet search engine.
    • If you don’t want to type in the address each time, simply save your bank’s/broker’s website as a “Favorite” or “Bookmark” in your web browser.
  2. In general, try to avoid clicking on internet advertisements. This includes the ads offered by reputable companies such as Google
    • Consider using an adblocker on your computer
    • Consider using the mobile app offered by Schwab (or any financial institution)
  3. Always triple check the phone number you are using to call your financial institution. If you are a Schwab client, go to Schwab.com and click the “Contact us” link at the top of the page.
  4. If you believe you have entered your user ID and password into a fraudulent site, stop what you’re doing and call Schwab (or your financial advisor). They can help you get your password changed and secure your assets.

Cybersecurity can be tedious, but a little effort can go a long way towards reducing your overall risk.

Matthew Jenkins is the Founder of Noble Hill Planning LLC. Matthew has over 15 years of experience working in both large and small financial services firms. Before starting his career in finance, Matthew served as a U.S. Army Ranger. Matthew values transparency and fair dealing and enjoys helping people prepare for a great retirement.

Matthew is a CFA® Charterholder and CERTIFIED FINANCIAL PLANNER™ Professional. He is also a member of the National Association of Personal Financial Advisors (NAPFA) and the Fee Only Network.