At least once a month, I have a client ask me about a cyber security related question (setting up two-factor authentication, best practices regarding wi-fi use, password issues, etc). It’s a great topic to discuss and sadly, it is also one that is becoming increasingly important with each passing minute.

Our custodian, Charles Schwab, does a very nice job letting us advisors know of the latest cyber threats/scams so we can be vigilant in our own practice but also pass key learnings along to clients. I received an email this week discussing yet another new scam – this time involving search engine optimization.

Search engine optimization (SEO) is a technique that embeds key words on websites, allowing search engines (like Google, Firefox, Safari, etc) to find the websites and bring them up in your search results. SEO, when used properly, can be very useful in helping you find what you want to find online.

However, cyber bad guys are now using SEO to create fake websites that will appear in search results for trusted brand name financial institutions, like Schwab. When you visit these fake sites, you are then exposed to phishing attacks, where you will be tricked into providing your information.

Here is the detail on the scam that appeared in the alert from Schwab:

• Knowledgeable fraudsters use sophisticated techniques to create websites that appear in search engines when clients are looking for Schwab or other trusted institutions
• The websites are designed to look legitimate, and their position in the search results trick users into believing the top search hits are the most credible. This phishing tactic is very effective: after all, not every user will scrutinize every search result to ensure the link they’re about to click is legitimate. 
• Once the client clicks on the phishing website and attempts to log in with their credentials, they receive an error message stating there’s a login issue and to contact a hotline number noted in the message for further assistance. 
• When the client contacts the fraudulent number, the bad actor posing as a Schwab employee states that there’s been a security breach, and someone is attempting to steal money from their account. 
• Then, the bad actor attempts to convince the client to download software to their device. 
• The overall goal is to gain access to the device and continue to facilitate additional fraud attacks, which can ultimately lead to unauthorized activity and ID theft.

Below is an illustration of such a scam detected for a google search of Schwab

There are several things you can do to avoid this latest scam and protect yourself (and your money) including:

1.) Hover over any link that appears in search results (or confirm it once it appears in your browser). This will allow you to see that you have reached a fraudulent or suspicious site.

2.) Use mobile apps on your phone versus websites – if you don’t have a computer or prefer using your phone, consider using the verified apps for your financial institutions (with the right safety of course – such as two factor authentication, log-in every time you access, and no public wi fi). It can be harder to see website addresses on the smaller screen of your phone

3.) Type in addresses directly versus doing a google search. Most large financial institutions have websites that bear their name (schwab.com, americanexpress.com, etc.). Skip the search and go right to the source. And if you are a time-saver by nature, once you get to the right site, you can always bookmark it for the future

4.) Most of all….slow WAY down… When I hear of clients coming close to falling for – or falling for – cyber crimes, there is usually some element of “I was rushing to get it done” or “I got flustered and didn’t think” It is HIGHLY unusual for a financial institution to tell you to call them or to say you need to download software or give your credentials. It would be highly unusual for someone to be trying to steal money from your account due to a security breach (ie: what this scam is telling people). Slow down, try to not react too fast, and trust your instincts. You are the best – and first – line of defense. Don’t let yourself down

Stay safe out there!