facebook twitter instagram linkedin google youtube vimeo tumblr yelp rss email podcast blog external search

Website Scams on the Rise

According to a report from Charles Schwab, scammers are increasingly using sophisticated "spoofed" websites to convince users they are visiting legitimate sites. In their recent report, they say their "fraud investigators have seen that these attacks are not only increasing in frequency and severity, but in complexity as well. As they recently noted, The bad actors are getting better at the social engineering aspect—they're more convincing, so potential victims stay on the phone longer and increase their chances of being successfully scammed." 

Here's a summary of what these scams look like:

  • One of the fastest-growing scams aimed at investors involves creating fake but very convincing websites that appear to be run by legitimate businesses, including the financial institutions you rely on. 
  • To spoof a website, bad actors purchase "sponsored links" to fake sites which appear at the top of search results. Their goal is to boost their site's visibility and lure unsuspecting users into clicking on them. 
  • These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss. 

Not to worry! We're here to arm you with knowledge so you can recognize spoofed websites and steer clear of them. 

Here's what to watch for: 

  • URL errors and issues: Look for misspellings or unusual domain extensions. A single letter out of place might mean you're on a fake site.  
  • Grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that's often your first clue it's a fake site.  
  • False security notification: Once you click on a site link, you're presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention "unauthorized activity" or other details designed to trigger anxiety and panic. 
  • Request for personal information: Schwab will never ask you over the phone for your account login password or a SMS passcode. If someone is asking you for your account login password or SMS code by phone, do not provide it.  
  • Privacy policy: Genuine sites will have a privacy policy available. If it's missing, think twice. 

Here's how to protect yourself: 

  • Avoid searching for a site: Use your saved bookmarks for visiting websites, especially financial ones, to avoid the risk of phishing and downloading malware. 
  • Utilize the app: Download your financial institutions app and utilize biometric authentication if available. Note: be cautious to read reviews and check the number of downloads to ensure you're downloading the legitimate app.  
  • Question urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels. 
  • Use secure networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible.  

Remember, we're here to help. If you're ever in doubt about the legitimacy of a communication from Schwab or any financial institution, or from our firm, please call us immediately at 410-494-6680.

-Chris Benson, CPA, PFS

The views expressed represent the opinions of L.K. Benson & Company and are subject to change. These views are not intended as a forecast, a guarantee of future results, investment recommendation, or an offer to buy or sell any securities. The information provided is of a general nature and should not be construed as investment advice or to provide any investment, tax, financial or legal advice or service to any person. Please see Additional Disclosures more information.