A recent phishing scam has deceived clients by email or phone call from a fraudster pretending to work for Schwab or Fidelity. This happened to one of our family members last week and we wanted to pass along the story to you in hopes that we can all avoid and protect ourselves from falling victim to this scam.

“This just happened to my wife, Lynne. The scammers have a way to clone the Schwab phone number, by means of Caller ID Spoofing, so the phone call with supposed credit card activity issues said “Charles Schwab” on the caller ID. The call came after a text that also claimed to be from Schwab (but had a random text number).

In this scam the fraudsters are sending text messages and asking about an amount that you did not transact. Before you could even check, they are spoofing the custodian’s phone number and calling you to ask about the amount they fraudulently texted you about. This gives you the illusion that you were getting a legit text message followed up by a call from the fraud department.

The severe reality here is that the call is coming from a scam. The fraudster asks you to log into your account so the “fraud department” can assist you in rectifying the issue. Once you log in, they can gain access to your accounts. It’s a fairly complex one two punch and I think what makes it so difficult is that they are stealing Schwab & Fidelity’s phone number, so when they call you, it appears that Schwab/Fidelity is calling you.

Luckily, in this case, the call got disconnected and Lynne called her financial advisor at CIA.”

– Wes Moss

In this situation, Lynne avoided providing any personal identifying information over the phone, even though they say they’re calling from Schwab and/or Fidelity. If the situation escalated even further, she could have verified the validity of the caller by immediately hanging up and calling a known Schwab/Fidelity phone number, or by calling our team at CIA to assist.

Please take the time to read the tips and best practices below to protect yourself.

How the impersonation scams work:

Through a phone call, email, or another channel, the scammer makes contact and informs you that there’s an urgent matter—a “refund” or “suspicious trades” that require you to grant remote access to your systems or accounts in order to set up “test transactions” or “catch a criminal.”
Sometimes, the impersonations involve multiple layers of deception—for example, someone who claims to represent “Amazon” says they must connect you to the “Schwab Fraud Department.”

How you can protect yourself, and what you should do if contacted:

We are here to help protect you from falling victim to this and any other scam. Please call us immediately before acting upon any request and we will work with you to help determine the validity of the situation.
Do not click on links or attachments included in unknown or suspicious emails and be on heightened alert when receiving any emails with Office, zip, or other common file types as attachments.
Look for clues within the text of emails that may indicate they were sent by bad actors. These include errors in grammar, capitalization, or spelling.
Hover over links to reveal the website’s URL and see where the link really leads. Do not click on the link if the destination is not what you would expect to see.
Listen for any voices in the background who are providing instructions to the person calling you—advice on what to say, or on the details of any proposed transactions.
Clients should avoid providing any personal identifying information in an email or over the phone, even if they say they’re calling from Schwab and/or Fidelity.
- Note: You can verify validity by immediately hanging up and calling a Schwab/Fidelity phone number that is known to you.