Scam!

Brdofpray

Brdofpray

Recycles dryer sheets
Joined
Jan 13, 2012
Messages
294
Location
Upstate SC
Just received this email. Sounds serious!

Dear Verified Schwab Account Holder,

Due to several failed attempt at accessing your Online Schwab Account, we have put on hold your Online access for your protection.
To release this hold you would be required to log in to Online Schwab Account and perform an identity verification procedure.
CLICK HERE TO CONTINUE THE IDENTIFY VERIFICATION PROCEDURE
Information provided would be verified against data we have on file for this Account.
Once our internet security team ascertains you are a valid account holder your online banking access would be restored.

Regards,

Schwab Internet Security

BBP ID: P1242557947640


I might be concerned, however, I am not a Schwab customer. What do they do, send out a huge email blast, hoping they hit one actual customer.

Stay on your toes people.
 
Brdofpray said:
What do they do, send out a huge email blast, hoping they hit one actual customer.
Click to expand...

Yes. Here is one case I violate the 'never-say-never' rule:

Never, and I mean NEVER click a link in an email regarding your financial information.

No matter how real it looks, it could be scammers trying to get you to click their site, and collect your logon and password.

-ERD50
 
Any organization they know has a large customer base is subject to this shotgun approach. Get them all the time from places I do no business with.

Main thing is never click on embedded links. Go to the site directly to check it out. Also if you mouse over the embedded link the information will be displayed, it will go to some site not affiliated the organization it supposedly is from.
 
I got a similar message about a credit card for a big bank I do not do business with. It looked very convincing with actual company graphics probably downloaded from somewhere. The tip off (aside from the email asking to login) was that the website looked like the bank's name but actually linked to something completely different in another country. I wonder if it will be long before they can mask that too.
 
Last edited:
I absolutely cannot distinguish a scam email from the real thing. So, any email asking for personal information gets dumped immediately. I'm just not that hard to find should anyone I'm doing business with need to contact me.
 
I got a suspicious email from Paypal last week describing a $900 payment I had (not) made. I did not click on any links, but someone had accessed my Paypal account and made this fraudulent charge, which was debited from one of my bank accounts. I immediately notified both Paypal and my bank, which reversed the charge and froze my accounts until I could visit the branch to get new bank cards. What a hassle! Just in case, I changed passwords on every financial account that I own.
 
Meadbh said:
I got a suspicious email from Paypal last week describing a $900 payment I had (not) made. I did not click on any links, but someone had accessed my Paypal account and made this fraudulent charge, which was debited from one of my bank accounts.
Click to expand...

So far I have refused to give PayPal my bank information. They keep sending emails saying I have almost reached the allowed limit and need to be "verified". If they stop taking the CC I'll go somewhere else, their loss.
 
I got the same email today except substitute "Chase Bank" for "Schwab." I'm not a Chase Bank customer.
 
This weekend I got an email from Vanguard saying that my security questions were answered too many times incorrectly. No links to click on, and it did list my Flagship rep as a contact. They said I'd have to change the security questions when I logged in, and to contact them if it wasn't me that answered them wrong. No links in the email.

Sure enough, upon login I had to change the security questions, so it looks like someone really did try to login as me. Perhaps it was just a mistake, that someone thought my login name was theirs and tried to put in their mother's maiden name or whatever I'd been using for security questions until it failed, or maybe someone tried to hack it. In any case, I'm going to call today and report it.

Mothers maiden name isn't a very good question to have, btw, especially as more people get on facebook and many women list both their married and maiden names. Neither are anything with cities. You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.
 
My friend, who is rather new to Fidelity, has messed up logging in and had gotten locked out on password violations a few times. Fidelity doesn't send out emails like the one the OP described when that happens. Instead, when he tries to log in, he gets a message telling him what to do to get his password reset, and none of them include entering his existing password (he has to answer one or more security questions he preset when he first set up his one line access).

As others have stated here, NEVER click on a link in one of those generic emails no matter how legit they appear. Hovering the mouse over the link will show you a different web address which often includes the real website name as part of the phony one.

At least some of these institutions (the banks, so far) are interested in seeing any of these phony emails. So I have sent any of them to their security email addresses. Not sure what they do with them, though.

Another thing I have seen incresaed use of over the years is a user-selected security image when you go to the institution's homepage and enter only your screen name. You also see the warning not to enter your password if you don't see your security image.
 
My wife and I get these "phishing" emails five or six times a year. Most of them are relative to our checking account, locked account, etc. My bank has a fraud alert email address to which I forward things of this nature.
 
Two other things you can do easily:

1. Notice spelling and grammar mistakes in the message (the OP contains a good example, since there are several of them).

2. Hover your pointer over the link in the email, and see where it actually goes. Generally, it will be to some unidentifiable server somewhere.
 
RunningBum said:
You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.
Click to expand...

I use a couple containing the names of dogs who have been dead for at least 30 years. Probably only my two sisters would remember those.
 
A good security question I have seen is "First car you owned?" or "Name of favorite teacher?" Neither are easy if possible to figure out.
 
Problem I have answering those is I remember very little from that far back, especially something like the name of teacher.
 
scrabbler1 said:
A good security question I have seen is "First car you owned?" or "Name of favorite teacher?" Neither are easy if possible to figure out.
Click to expand...

Remember you don't need to answer these questions "truthfully".

I keep a list of my security questions for various important accounts along with the answers. It looks something like this (obviously not exactly like this):

First National Bank of MyCity:
First car owned? algeria7blush
Mother's maiden name? five888alpha
Name of favorite teacher? professional8turkey

Basically, just other password/passphrase.

And then I keep that list encrypted (with another strong password of course).

That way no one can google me and figure out that information.

It never made any sense to me to have a good strong password, then let someone get in if they can guess my mother's maiden name and eye color...
 
Rich said:
I absolutely cannot distinguish a scam email from the real thing. So, any email asking for personal information gets dumped immediately. I'm just not that hard to find should anyone I'm doing business with need to contact me.
Click to expand...
Agreed. If I have any questions, I can go directly to their web site (typing in the known URL, not clicking on an e-mail link). In any event, all the financial firms I do business with have my phone number, and if they really needed to get hold of me, they can call.
 
I recall my ladyfriend once got one of those scam emails but by coincidence she was having problems gaining access to the institution's website. This made the email seem more legit. However, she is savvy enough to know not to click on strange links. Instead, she called the toll-free number she has called before and got her actual problem solved while letting them know about the email which they confirmed was a scam and asked her to send it to their fraud department (which she did).
 
RunningBum said:
This weekend I got an email from Vanguard saying that my security questions were answered too many times incorrectly. No links to click on, and it did list my Flagship rep as a contact. They said I'd have to change the security questions when I logged in, and to contact them if it wasn't me that answered them wrong. No links in the email.

Sure enough, upon login I had to change the security questions, so it looks like someone really did try to login as me. Perhaps it was just a mistake, that someone thought my login name was theirs and tried to put in their mother's maiden name or whatever I'd been using for security questions until it failed, or maybe someone tried to hack it. In any case, I'm going to call today and report it.

Mothers maiden name isn't a very good question to have, btw, especially as more people get on facebook and many women list both their married and maiden names. Neither are anything with cities. You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.
Click to expand...

Actually as more and more obituaries go online, if they have both the survivors names and your mothers maiden name the information is mineable.
 
I get these two to three times a day (set up the account in 2000). I never click on them. I never click on the legit notifications but instead go to the link that I have previously booked marked.

I also use a password holder which won't display a password at fake site.
 
Peggy is for inbound calls, Rachel for outbound.
 
And then there's "Jennifer", who was a real person with a strong Indian accent. I asked her: Where are you? New Delhi, was the answer. She admitted that her real name was Preeta. The western name is just to make westerners more comfortable. Personally, I would rather speak with Preeta.
 
You must log in or register to reply here.

Similar threads

Mo Money
Anyone Use Schwab's Securities Lending Fully Paid (SLFP) Program?
Replies
14
Views
925
youbet
youbet
PaunchyPirate
Helping an elderly parent stay on top of their financial accounts
Replies
24
Views
935
1242Vintage
1
M
A little nervous about a potential scam, any bankers?
2
Replies
27
Views
2K
Bryan Swink
B
Sojourner
Schwab doesn't support automated, recurring sales of SWVXX?!
2
Replies
40
Views
4K
indiajust
I
Tranquility Base
Stock Ratings
Replies
13
Views
906
OldShooter
OldShooter

Latest posts

Back
Top Bottom