Financial Planning Articles
RSWA » Latest Articles
View Categories
Financial Planning
11.13.2025 by Wendi Smith

Beware of smishing campaign posing as Schwab

Smishing, what is it? The term “phishing” is a broad term for scams that use various methods like email. “Smishing” is a specific type of phishing that uses text messages (SMS) to steal information.

Smishing Tactics – what to look for….

  • Urgent Transaction Alerts: Scammers send texts claiming a large, unauthorized ACH debit or wire transfer has been made from your account and prompt you to "cancel the disbursement" by replying "Y" or clicking a link.
  • Malicious Links: The texts contain links to fake websites that mimic the official Schwab login page (e.g., variations like schwbba.com or schwabd.com) to capture your credentials and potentially your two-factor authentication codes.
  • Suspicious Sender Numbers: Messages often originate from international or unusual-looking phone numbers.
  • Requests for Personal Information: The messages ask you to provide sensitive data, such as usernames, passwords, or account numbers, which legitimate Schwab representatives will never request via unsolicited text or email.
  • Generic Salutations and Errors: The texts may have spelling or grammar mistakes and use generic greetings rather than addressing you by name. 

What to Do If You Suspect Smishing

If you receive a suspicious text message claiming to be from Schwab, follow these steps:

Do Not Click or Reply:
  1.  Do not click on any links, open attachments, or reply to the message.
  2. Take a Screenshot: Capture a screenshot of the text message, ensuring the phone number is visible.
  3. Forward to Schwab: Email the screenshot to your RSWA team and we'll get it to Schwab's fraud department at phishing@schwab.com.
  4. Delete the Text: Delete the message from your phone immediately after forwarding it.
  5. Contact RSWA and Schwab Directly: If you are concerned about your account's security, do not use any contact information provided in the suspicious message. Instead, navigate directly to the official Schwab website by typing the URL manually into your browser or use the official app, or call them at a verified number, such as Schwab Alliance at 800-515-2157. RSWA’s direct number is 207-874-9840.
If You Clicked a Link:
  1. Stop logging into your accounts and run an anti-virus/malware scan on your device.
  2. Update your device's operating system.
  3. Immediately change all relevant passwords.
  4. Report the incident to your RSWA team and Schwab immediately. 

How to Protect Yourself

  • Enable Two-Factor Authentication (2FA): Add security measures like 2FA and a verbal password to your Schwab accounts for added protection.
  • Be Skeptical of Urgency: Scammers use a sense of urgency or fear to make you act without thinking. Slow down and verify the information through official channels.
  • Know How Schwab Communicates: Schwab will never ask you to provide your password or other personal information via text or email, nor will they ask for remote access to your computer. They send security alerts from a specific short-code number, and these alerts never include links or a request to reply. 
RSWA-retirement-planning

We're sharing our market and economic insights & helping you with retirement!

Subscribe to our Weekly Newsletter and receive our Quickstart Guide to Retirement Planning!