This scam has a lot going for it. The scammer has gone to quite a bit of effort to make it look legitimate. They used a plausible color and shape for the formatting, there are only a couple of subtle errors in the text, and there are no sensational warnings or exclamation marks.
This scam would have been obvious I had never had a Charles Schwab account, but at one time I did have a Schwab account. If I wasn’t careful I could have been caught thinking that perhaps that account wasn’t properly shut down. However, I do know I haven’t been trying to access that account, so I could not have exceeded the number of attempts allowed. But what if the email makes me worried? If I am concerned that the account wasn’t properly shut down, I could worry that someone was trying to hack my old account and respond.
Smart scams like this underscore the necessity of knowing how to properly respond to any email you may receive, because sometimes the professional look may be perfect.
Test Your Skills
You should be able to find at least six red flags that tell you this e-mail is fraudulent. Scroll down to see the picture below with the answers, but try to find them yourself, first. If you find five, you’re a pro with little to worry about. If you find fewer than four, consider practicing on some more of our spam scam examples.
Here are the clues that this is a scam:
- The email is not addressed to me. If I was truly being notified by Charles Schwab that there was an issue with my account, they would know my name.
- Again, they don’t know my name, “Dear Customer” isn’t an identifier. And the words Online Banking are capitalized throughout the text.
- I haven’t attempted to sign into a Schwab account, so could not have exceeded the number of attempts allowed.
- It says “Please visit www.schwab.com/activate Reset Account your account.” It doesn’t make sense, and certainly should have bolded text, but since most people scan emails quickly, an error this small usually doesn’t get noticed.
- Here is the crux of the issue. A smarter scammer could have corrected all the previous mistakes, including knowing my name and email address, so nothing would have triggered your alarm bells. What you’re being asked to do in this point is what will determine whether you fall for the scam.
See how they try to reassure you? They encourage you to confirm the email is from Schwab….. by using the link they provide. Look at the 6th flag, this shows the true email address displayed when you hover your mouse over any link on this page. See that the website is actually http://almall.us? The scammer added the words /schwab.com/ after their website’s true name in an attempt to look legitimate, but this site is anything but legitimate
You do not have to be a super sleuth to avoid this or similar scams. Applying two actions consistently will protect you from these.
- Install or activate a web tool that will identify malicious sites for you. I happen to use McAfee’s FREE SiteAdvisor tool (NOTE: I am not paid to use this product or endorse it), but there are options within your browser you can activate, and other free services you can choose from. To show you how this protection works, I clicked on the link in the email – don’t try this at home – and SiteAdvisor blocked my browser from taking me to the site and provided a warning. (See image below.)
- Drive, don’t be pulled. Stay in the drivers seat by getting to Schwab’s site by yourself. If you use Schwab, you may already have a bookmark for the website you can use, if not, use a search engine and type in Charles Schwab, then use the link from your search engine to go to Schwab’s site.
This is the ONLY way to guarantee you land on the legitimate site. If you use the link (or phone number) in an email, IM, ad on a website/blog site/forum/social network/etc., where you land (or who you talk to) is their choice, not yours. The website they take you to (or the ‘bank manager’ on the phone) may be a very convincing copy, and all your information will be stolen and abused.
I had to laugh when I saw that within 5 minutes of receiving the Schwab scam, I received a second one with the same title – just using a different bank.
Opening this one, you can see it is far less sophisticated. There is no fancy formatting with the banks logo, the grammar is poor and there are weird characters interspersed, and it suffers from an overall lack of sophistication.
Far fewer people would fall for this version, but it is the same scam, even directing potential victims to the same http://almall.us site.
Simple precautions will determine how safe your online experience will be.