May 2025 Schwab Alert

May 2025 Schwab Alert: New “transaction verification” smishing campaign targeting clients with Schwab accounts

Schwab has identified a new twist on the “smishing” fraud threat which is being used by fraudsters hoping to capitalize on market volatility and investor emotion to steal funds and data.

This version begins when the client receives a text message prompting them to “verify a transaction”—clicking the link leads the unwary investor to a fraudulent website that mimics Schwab’s login page, where they are prompted to enter their credentials. Once the credentials have been entered, the fraudsters use them to access Schwaballiance.com. The fraudulent website may also prompt the client to enter a two-factor verification code that they would automatically receive from Schwab, which once submitted allows the fraudster to complete the login process. Once they have access, the fraudster will then change the security token on the account so that it points to a device in the hands of the criminals, instead of the client’s own device. At this point, the client is effectively locked out of the account, and the fraudster can begin initiating wire transfers that rapidly drain assets from the account.

Important reminders:

• Do not click on links or attachments received via text message. 
  • Instead, visit the official Schwab site by typing the URL into your web browser manually.
  • Or utilize Schwab’s mobile application.
• Do not enter Schwab credentials or other information into a page reached by clicking a link in a text message.
• Double check that the URL provided is not a subtle variation of the real one.
• Stay calm and verify using official verified channels.

If you suspect a smishing attack, you should follow these steps:

• Immediately contact your service team at LVW Advisors. Your Client Service Associate can call Schwab’s fraud team with you immediately to ensure your accounts are secure.
• Take a screenshot of the text and forward it to phishing@schwab.com (Be sure the phone number is visible).
• Delete the text message.
• If you clicked on the link, you should stop logging into your online accounts and immediately run an anti-virus/malware scan and remove anything identified in that scan. Next, verify the operating system on the device is updated, and then change all relevant passwords.
• If you have not done so already, add security measures to your Schwab accounts, such as two-factor authentication and verbal passwords, which can help to secure against these attacks.
• Be sure you report any suspicious or fraudulent activity in their accounts as soon as possible, especially if you entered their Schwab credentials into a fake website.