Introduction: 

• One of the fastest-growing scams aimed at investors involves creating fake but very convincing websites that appear to be run by legitimate businesses, including the financial institutions you rely on. 

• To spoof a website, bad actors purchase "sponsored links" to fake sites which appear at the top of search results. Their goal is to boost their site's visibility and lure unsuspecting users into clicking on them. 

• These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss. 

Not to worry! We're here to arm you with knowledge so you can recognize spoofed websites and steer clear of them. 

Here's what to watch for: 

• URL errors and issues: Look for misspellings or unusual domain extensions. A single letter out of place might mean you're on a fake site.  

• Grammar and spelling mistakes: Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that's often your first clue it's a fake site.  

• False security notification: Once you click on a site link, you're presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention "unauthorized activity" or other details designed to trigger anxiety and panic. 

• Request for personal information: Schwab will never ask you over the phone for your account login password or a SMS passcode. If someone is asking you for your account login password or SMS code by phone, do not provide it.  

• Privacy policy: Genuine sites will have a privacy policy available. If it's missing, think twice. 

Talking points to explain SEO/Spoofed website scams to your clients 

Here's how to protect yourself: 

• Avoid searching for a site: Use your saved bookmarks for visiting websites, especially financial ones, to avoid the risk of phishing and downloading malware. 

• Utilize the app: Download your financial institutions app and utilize biometric authentication if available. Note: be cautious to read reviews and check the number of downloads to ensure you're downloading the legitimate app.  

• Question urgency: Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels. 

• Use secure networks: Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible.  

• Call before acting: If you have concerns about a site or link, it's always best to call us https://talktoric.com/ or email ric@norcalfp.com before taking any action, like downloading software. 

Remember, we're here to help. 

If you're ever in doubt about the legitimacy of a communication from Schwab or any financial institution, or from our firm, please call.