Don’t Fall for the FAKE Schwab ACH Debited Scam Texts

Photo of author

Written by: Thomas Orsolya

Published on:

According to recent reports, scammers are sending out fake text messages claiming to be from Charles Schwab. The messages state that an ACH has been debited from the recipient’s account for a specific dollar amount. This is a scam designed to steal login credentials, identities, and money. Here’s what you need to know about spotting and avoiding this Schwab ACH scam.

Scam

An Overview of the Scam

The scam message reads something like this:

“Schwab: ACH debited for the amount of $3,892.15 USD. If you did not request this ACH, please cancel the request by accessing:

[scam link]

(For your account security, please check your account through the link).”

This text message has all the hallmarks of a scam designed to steal personal information and money. Let’s break down why:

  • The message claims to be from Schwab/Charles Schwab, a well-known financial services company, to add legitimacy. Scammers often impersonate real companies.
  • It states an ACH has been debited, meaning money has been electronically transferred out of the account. This creates urgency to take action.
  • It provides a link to “cancel” the transaction. The link does not go to schwab.com, but rather a fake lookalike site.
  • The message instructs users to “check your account” by clicking the link. Real companies would never ask you to click a link in a text.
  • There are grammatical errors, another red flag of a scam. Legitimate businesses proofread correspondence.

In summary, this Schwab ACH scam text aims to drive victims to a fake site to steal login credentials, personal information, and money. Don’t fall for it!

Who is Behind These Scam Texts?

These types of text message scams are often orchestrated by crime rings located overseas, out of easy legal jurisdiction. Some details on the criminal groups:

  • Organized cybercrime gangs – Sophisticated cybercrime groups often operate these text scams to hack accounts en masse for profit.
  • Individual scammers – Solo hackers/scammers also utilize these phishing texts to make money by stealing login credentials and funds.
  • Groups operating internationally – Countries like China, India, Nigeria, and Eastern Europe are common origins of SMS and phone scams targeting Americans.
  • Use of technology – These scammers utilize technology to automate sending texts to random numbers, quickly building to mass numbers of recipients.
  • Difficult to trace and prosecute – They hide behind complex spoofing and international laws, making shut down challenging.

The combination of technology, remote operation, and quick extraction of funds/info makes these criminal scammers hard to stop once a victim provides account access.

Variations of the Scam Text to Watch For

While this scam specifically cites Schwab and an ACH debit, variations on the text scam exist. Be cautious of:

  • Other major bank/financial brands like Chase, Wells Fargo, Bank of America, TD, etc.
  • Claims of other unauthorized transfers like wire transfers, Zelle payments, or account withdrawals.
  • Different dollar amounts – they customize the amount in each text.
  • Use of your name – some texts address you by name for familiarity.
  • Messages about “updates/changes” to accounts rather than debits.
  • Instructions to “verify account” or “validate account”.
  • Calls to “act now to avoid account suspension”.

The tactics may slightly differ, but the goal remains the same – get victims to a fake login page to steal credentials and money. Don’t click the links or call numbers provided in suspicious texts like these.

How the Scam Works to Target Victims

The scammers behind this scam typically operate in the following way:

  • Step 1: Send out scam text messages en masse. Using SMS spoofing technology, the scammers send texts to thousands of random phone numbers impersonating Schwab.
  • Step 2: Direct victims to a fake website. If someone clicks the link, it takes them to a fake Schwab login page. The site looks like the real thing but is designed to steal logins.
  • Step 3: Harvest entered credentials. When victims enter their username and password on the fake site, the scammers harvest the credentials.
  • Step 4: Use credentials to access real accounts. With the stolen login info, the scammers access the victim’s real Charles Schwab account.
  • Step 5: Transfer funds or steal identities. Once inside the Schwab account, the criminals can transfer out money or steal private identity information for identity theft.
  • Step 6: Delete traces. The scammers then try to delete any traces of unauthorized activity while maxing out the amounts they can take.

This is why it is critical never to click on links in unsolicited texts, even if they look somewhat legitimate. Following the link gives scammers the account access they want.

What to Do If You Get This Scam Text Message

If you receive a text that claims to be from Schwab about an unauthorized ACH debit, here are important tips:

  1. Do not click on any links in the message. The links lead to fake sites designed to steal information.
  2. Report the text as spam/fraud to your cell phone carrier. This helps identify and block the scammers.
  3. Contact Schwab customer support. Call the real Schwab phone number to alert them of the scam using their official site contact info – never a number in the text itself.
  4. Check your account status. Log into your real Schwab account app or website directly to check for any unauthorized activity.
  5. Reset online account passwords. If you have a Schwab account, change online passwords as a precaution. Use unique, complex passwords.
  6. Review account statements. Thoroughly review all Schwab account statements for any questionable transactions. Report unauthorized activity immediately.
  7. Consider a credit freeze. Place a credit freeze with the major credit bureaus if highly concerned about identity theft risk. This restricts access to your credit report.
  8. Beware of follow up calls/texts. Scammers may call pretending to be Schwab security to “help” once you get the text. Do not engage with any follow ups.

The key steps are avoiding clicking any links, reporting the fake text, and closely monitoring your accounts. Schwartz or any legitimate company will never send an unsolicited text with a link to a login page.

A Deeper Look at How the Scammers Operate

Let’s take a deeper look at how these Schwab ACH debit scammers operate to better understand and avoid these text message scams:

Spoofing the Sender Details

The texts are sent from phone numbers spoofed to look like they are coming from a legitimate business. The scammers use technology to falsify the sender ID so it appears as a known number such as Schwab’s customer service line. This tricks people into thinking the text is authentic.

Casting a Wide Net

The criminals send these scam texts to tens of thousands of random phone numbers at once. By texting en masse, they can bring in a lot of victims without needing to target specific individuals.

Creating a Sense of Urgency

The message about an unauthorized ACH debit creates a sense of urgency and need for immediate action. This causes people to click links without thinking it through.

Building a Convincing Fake Page

These scammers are sophisticated enough to build fake Schwab login pages that closely mirror the real website. This tricks users into entering information.

Stealing Logins in Real-Time

The criminals behind the scheme are set up to harvest login credentials entered on the site and access accounts immediately before they can be secured.

Going After Money and Information

With account access, the scammers both drain money and download personal information for identity theft, maximizing the crime before they are shut out.

Covering Tracks

The scammers try to delete records of their IPs accessing the account and any transfers made to hide the fraud from the victim and Schwab.

Understanding these tactics makes it clear why following links in these scam texts can lead to stolen funds and identity theft in quick order.

How to Avoid Falling Victim to These Scam Texts

Here are key tips to avoid becoming a victim of these Schwab ACH scam texts and other similar scams:

  • Never click on links in unsolicited texts/emails, regardless of how official they look. Manually type out web URLs.
  • Don’t call phone numbers, follow security instructions, or provide sensitive information from suspicious texts.
  • Any request from a company for login credentials or account access via text is a scam.
  • Don’t be fooled by convincing branding and urgent wording – take time to verify requests through separate channels before acting.
  • Secure accounts with strong multi-factor authentication like biometrics or token generators.
  • Set up account alerts via real banking/financial apps to monitor transactions closely.
  • Report scam texts to your mobile provider’s spam number to identify and block numbers sending phishing texts.
  • Only access accounts through trusted apps or sites that you manually open – never through links sent to you.
  • Never have links/numbers to financial accounts in texts – delete legitimate ones companies send.
  • Talk to family members about scam awareness – these texts target the elderly.

Staying vigilant against phishing texts, using strong logins, and establishing account alerts are your best defenses.

What to Do If You Fall Victim to This Scam

If you submitted information through one of the scam text links and your Schwab account was accessed, take these steps:

  1. Alert Schwab – Call Schwab’s real customer service and report unauthorized account access immediately. They will freeze the account.
  2. Reset your login credentials – Change your username and password once you regain account access. Enable two-factor authentication.
  3. Review account activity – Look for any money transfers or withdrawals made without your permission and report them.
  4. Initiate dispute/chargeback – For unauthorized debit card or ACH transfers, request a chargeback or dispute the transaction.
  5. Monitor your credit – Pull credit reports and monitor closely for signs of fraud. Place a credit freeze if needed.
  6. Cancel affected cards/accounts – For compromised cards or accounts, request replacements with new account numbers.
  7. Watch out for future scams – Once information is compromised, scammers may target you again. Be extra vigilant.
  8. Report the scam – File a complaint with the FTC and FCC about the scam text for investigation.

With prompt action, banks can often recover unauthorized transactions and prevent further identity theft damage after falling victim to a scam.

Frequently Asked Questions About the Schwab ACH Scam Text

1. I got a text about Schwab debiting an ACH payment. Is it real?

No, this is a scam text designed to steal your personal and financial information. Schwab will never text you out of the blue about unauthorized ACH transfers and provide a link to cancel it. This is a fake message sent by scammers to get your account login details. Do not click any links and instead call Schwab directly to confirm.

2. How can I tell the text message is a scam?

Clues it’s a scam include – grammar/spelling errors, a link unrelated to schwab.com, request to click a link, account threats if you don’t act, spoofed sender details. Legitimate Schwab texts come from a known 5-digit number.

3. What happens if I click the link in the text message?

The link goes to a fake Schwab login page to steal your username and password. Entering any information into these phishing sites gives scammers full access to your accounts and funds. Never click links from unverified texts.

4. What is the scam’s goal?

The scammers aim to trick you into clicking the link and entering your Schwab account username/password on the fake site. With your credentials, they can access your account, steal your identity info, and transfer out money.

5. What should I do if I get this text scam message?

Do not click any links or call phone numbers in the text. Report the scam text to your cell phone carrier. Call Schwab directly to confirm if there is any unauthorized activity. Change any account passwords. Check statements for fraud.

6. What if I clicked the link and entered my account information?

Contact Schwab immediately to freeze your account. Watch for fraudulent activity and change credentials. Enable login multi-factor authentication for added security. Place a credit freeze if identity theft is suspected.

7. How can I avoid falling for this scam?

Never click links or provide sensitive information from unsolicited texts. Manually log into accounts through trusted channels – never via texts. Use strong passwords and enable multi-factor authentication. Learn to spot scam red flags like spoofed numbers, threats, and grammar errors.

8. Who is behind these types of text scams?

They often originate overseas from cybercrime groups in countries like China, India, and Eastern Europe. The scammers use technology to spoof IDs and blast out scam texts to steal money and identities at scale.

9. How do text scammers get my phone number?

Scammers use automated programs to generate random phone numbers and send mass texts hoping to hook victims. Your number may have come from a data breach. They do not specifically target individuals.

10. What variations of this Schwab ACH scam may I see?

The text may cite other banks, different dollar amounts, account verification requests, threats of suspension, and more. Any unsolicited urgent text with a link is a scam. Verify messages separately.

The Bottom Line

This Schwab ACH scam message is just one example of the many phishing text scams out there ready to steal your money and personal information. Whenever faced with an unsolicited text asking you to click a link and provide any account credentials or access, remember it’s a scam. Avoid clicking links, report the scammer, and manually confirm any account alerts or requests through official communication channels to stay secure.

With SMS phishing attacks growing in sophistication, the best defense is extreme caution with any texts asking for sensitive information or account access. Verify requests through separate contacts before clicking links or calling numbers provided in a text message. Avoid being rushed into any finance-related actions from out-of-the-blue texts.

By understanding common tactics that scammers use, only accessing accounts through trusted channels you initiate yourself, and implementing strong login protections, you can avoid becoming the next victim of these ACH debit scams and other text phishing schemes. Being vigilant and verifying requests before acting can protect your finances and identity from these malicious attacks.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Exposing the ATO Tax Refund Text Scam Targeting Australians

Next

The Gayle Pemberton PayPal Money Request Scam Explained