Cybersecurity for Investment Accounts – How to protect your online banking accounts

The FBI estimates that more than $10 billion dollars were lost in 2022 due to cyber related crimes.

It has never been more important to keep yourself safe online, but it is becoming harder and harder to prevent your personal information from falling into the wrong hands. Here’s 4 tips to help keep your online investment and banking accounts secure:

Beware SEO (Search Engine Optimization) Scams

Scammers are using search engine optimization (SEO) to create fake websites that appear in search results for trusted institutions like Schwab. When you visit these sites, you are exposed to phishing attacks aimed at stealing your information and assets.

How these scams work:

• Knowledgeable fraudsters use sophisticated techniques to create websites that appear in search engines when clients are looking for Schwab or other trusted institutions.
• The websites are designed to look legitimate, and their position in the search results trick users into believing the top search hits are the most credible. This phishing tactic is very effective: after all, not every user will scrutinize every search result to ensure the link they’re about to click is legitimate.
• Once the client clicks on the phishing website and attempts to log in with their credentials, they receive an error message stating there’s a login issue and to contact a hotline number noted in the message for further assistance.
• When the client contacts the fraudulent number, the bad actor posing as a Schwab employee states that there’s been a security breach, and someone is attempting to steal money from their account.
• Then, the bad actor attempts to convince the client to download software to their device.
• The overall goal is to gain access to the device and continue to facilitate additional fraud attacks, which can ultimately lead to unauthorized activity and ID theft.

To help fight these schemes, you should avoid using Google, Safari, and Firefox to search for Schwab or other important websites. Instead, type the known website in your browser—for example, www.schwaballiance.com—or use the Schwab Mobile app. You can also save all of their favorite websites’ correct addresses to their browser’s bookmarks.

Be sure to promptly report any issues like this to us, or Schwab Alliance at 800-515-2157.

Use a Password Manager

These tools help you generate secure, complex passwords, and help make it easy for you to remember them.

Popular examples are LastPass, Dashlane, 1Password, Keeper, and there are many more. These have the same general function in creating secure passwords for you, and then automatically filling in the login information for you.

This makes sure you are using secure passwords, but makes it much easier for you to log into accounts without having to remember complex passwords.

Use Multi-factor authentication (MFA)

This adds an additional layer of security to your accounts, and is critical to have on your more sensitive accounts such as bank accounts, and investment accounts. With MFA set up, even if someone has your password, they won’t be able to get into your account.

MFAs work by requiring you to enter a code that is texted to your phone when you try and log in. For example, with MFA set up on your Charles Schwab investment account, you will receive a text message like this when you log in.

You will be prompted to enter that code on your computer.

Beware of email phishing

Make sure you know who is sending the email before you click any links. It is very easy to disguise an email to appear to be from a large company. Most common are messages pretending to be from a bank, Amazon, Apple, or Norton Security. Never click links in emails that are suspicious and never call the number listed in the email. Always use an independent source to verify the phone number.

Always call to verify the email is real if you are in doubt.

Learn More

We have previously done a longer webinar on cybersecurity and feature specific examples of some of the most common scams, here: