One of the fastest-growing scams aimed at investors involves creating fake, but very convincing, websites that appear to be run by legitimate businesses, including financial institutions. This has become an issue, with many investors falling for these “spoofed websites” as they look identical to the real website. Below are some pointers on how to recognize spoofed websites and steer clear of them.
How Do Websites Get Spoofed?
To spoof a website, bad actors purchase “sponsored links” to fake sites which appear at the top of search engine results. Their goal is to boost their site’s visibility and lure unsuspecting users into clicking on them. These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss.
How to Spot Spoof Websites
- Hover Over Site URL: BEFORE Clicking, hover over the sponsored link and look for any misspellings or unusual domain extensions. A single letter out of place might mean you’re on a fake site.
- Poor Grammar on Website: If the URL looks legitimate and you continue, scan the website for grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in the webpage’s content, that’s often a clue it might be a fake site.
- False security notification: Once you click on a site link, you might be presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention “unauthorized activity” or other details designed to trigger anxiety and panic. Simply close out of your web browser and restart.
- Request for personal information: Financial Institutions such as Schwab will never ask you over the phone for your account login, password or SMS passcode. If someone is asking you for your account login password or SMS code by phone, do not provide it.
- Check privacy policy: Genuine sites will have a privacy policy available. If it’s missing, think twice before proceeding.
Here’s How to Protect Yourself:
- Avoid searching for a site: Manually type in websites such as www.schwab.com and bookmark the site for future use. This will help avoid the risk of clicking a spoofed website and downloading malware.
- Utilize apps: Download apps and utilize biometric authentication (i.e., Face ID) if available. Note: be cautious to read reviews and check the number of downloads to ensure you’re downloading the legitimate app. We are glad to help you install the Schwab app and provide a quick tutorial if needed.
- Question urgency: Phishing attempts often create a sense of urgency designed to cause panic and increase the likelihood of turning over sensitive information. If you feel rushed by a website or someone representing a website, consider this a red flag for obtaining your information.
- Use secure networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible.
- Call when in doubt: If you have concerns about a site or link, it’s always best to call the company directly using a phone number from a reliable source, such as a statement or invoice.
Remember, We’re Here to Help:
If you’re ever in doubt about the legitimacy of a communication from our firm, or Schwab, please call us immediately at 337-233-7758.