The holidays provide a great opportunity for fraudsters to unleash their schemes, knowing that we are busy traveling, shopping, and spending time with friends and families, all the while using technology that gives them an opportunity to attack.
Recently, we heard from a few clients who successfully thwarted attacks against their accounts, Charles Schwab in one case, American Express in the other.
Each attack followed the same script:
- Imposters pose as bank, credit card, or custodian (e.g., Schwab) employees and contact clients and advisors via phone, email, and text messages.
- The fraudster gains access to the client’s personal information including first and last name, phone number, and home address, potentially from the dark web or a hacked website, or from information posted on social media.
- The imposter spoofs a Schwab, AmEx, etc. phone number to call the client and then identifies themselves as an employee in the fraud department. “Spoof” means that a legitimate company name shows up on caller ID, even if the number is NOT associated with that company. (Our clients reported that the callers seemed to know everything about their accounts and also spoke with standard American accents.)
- The fraudster alleges that a suspicious charge has been found in a client’s account and makes the client aware that the charges will need to be reversed.
- The fraudster uses a reasonable sounding explanation to get the client to provide their credentials (username and password.) For example, the caller will say that the victim needs to provide a text code to prove that he or she is the account owner. When the system sends an automated SMS text code to the client’s phone for verification, the fraudster requests the code from the client.
- Once the fraudster has the SMS code, they will update client’s password, log into the client’s account, and initiate unauthorized transactions.
These criminals know that worries about account breaches are heightened during the holidays when increased spending can provide more opportunities for key information to fall into the wrong hands.
Criminals also know that victims are distracted by year-end work demands and holiday planning and are therefore more likely to exercise poor judgement.
Fortunately for our clients, each smelled a rat, put the callers on hold, then called Schwab and American Express on known numbers (for example, as posted on the company website or printed on the back of the credit card). The clients learned on that call that there was no fraud alert on their accounts. They promptly hung up on the imposters and called us to help mitigate any further risk.
For the client with the Schwab account, we blocked access to their account online and also froze outbound cash or asset transfers. For the client with the AmEx account, we recommended closing their current card and issuing a card with a new number. (Note: the credit card companies are so accustomed to this problem that subscription charges associated with the previous card will automatically transfer to the new card.)
If you have any doubts about a caller regarding your accounts, put that call on hold and call the company directly. You can also call your advisor directly for advice.
We hope this is helpful and wish you a happy (and safe) holiday season.
Please note: Wealthspire Advisors will never use WhatsApp to communicate with you. If you are receiving WhatsApp communications from someone purporting to be a Wealthspire employee, this is a scam. Please follow the instructions in this link to report it.