Schwab Identity Verification Required
Is Now Available for Review Scam
Redirects to spoofed (Fake) website: https://secure-update59.ink/WmHMd9
You may have received a phone call about the same subject. It is an attempt to get you to enter confidential information (typically a social security
number, name, address, bank account information, etc., to allow the scammers to
steal your identity and open credit cards in your name.
This email was not sent by Schwab
; Schwab
is a victim as well.
This is referred to as spoofing (making a fake email that looks legitimate, "phishing" (when by email) or "vishing" (when by
telephone). If you receive
an email similar to the one below, DO NOT click on the link, and do not enter
any information on the forms there.
The website that the link leads to is a spoof; a fake website, not created by
Schwab
. It uses Twitter / X's url link shortener to create a disguised url like https://t.co/4oeRu9te8X, to go to
the fake website that looks exactly like the real Schwab website! When you enter the information they ask for, you will simply be
handing the thieves the keys to your bank accounts. That is how spoofing, phishing
and vishing works.
Remember, no reputable business would send you
an email or a phone call requesting your personal account information. Any such email you
receive asking for this information should be considered phony and brought to
the attention of the business being 'phished'.
Key Tip:
Hover your cursor over the links / buttons in the email - but do not click them. You will see the url of
the lionk; usually something like https://secure-update59.ink which is OBVIOUSLY NOT
https://www.Schwab.com
Anytime you need to go to a website for your bank, credit card companies or
other personal, financial or confidential information; do not follow a link in
an email; just type their address in your browser directly (such as
www.Schwab.com )
Below are actual phishing emails that started circulating in 2025. We
removed the links to the phisher's website, which is https://t.co/4oeRu9te8X DO NOT go to this website!
Notice obvious errors and clues that this is a scam, like the return email address at lsu.edu.
Capital One is a business, not a university, school or educational organization. Notice that the do not know
your real name, only your email address.
From: Charles Schwab <donotreply@schwab-secure00062.ink>
Sent:
Wednesday, October 29, 2025 12:48 PM
To: <your email address>
Subject: Schwab Alert
|
|
Identity Verification Required
|
|
Your account has been restricted due to suspicious activities. To regain full access, please
complete the identity verification process.
SECURITY VERIFICATION LINK
CONFIRM YOUR IDENTITY
Protect your personal information.
We appreciate your trust in Schwab for financial services.
|
|
|
|
Need assistance? Visit Schwab.com/support
Securely update contact information through your account portal.
Schwab never requests sensitive data via email. Learn about our
Security Guarantee.
All communications are monitored and archived.
Charles Schwab & Co., Inc. | 3000 Schwab Way, Westlake, TX 76262
©2025 Charles Schwab & Co., Inc. All rights reserved.
SIPC member.
|
|
(0322-1NTK) SUAAD
|
What is Phishing?
Phishing is an attempt by an individual or group to solicit personal
information from unsuspecting users by employing social engineering techniques.
Phishing emails are crafted to appear as if they have been sent from a
legitimate organization or known individual. These emails often attempt to
entice users to click on a link that will take the user to a fraudulent website
that appears legitimate. The user then may be asked to provide personal
information such as account usernames and passwords that can further expose them
to future compromises. Additionally, these fraudulent websites may contain
malicious code.
Tips
- Don't open unknown or suspicious attachments or click links l
- Hover over all embedded link URLs
- If the the email contains a QR code, verify the source by checking associated links, email
addresses, and phone numbers before scanning
Learn More About Phishing
The following documents and websites can help you learn
more about phishing and how to protect yourself against phishing attacks.
Methods of Reporting Phishing Email to US-CERT
- In Outlook Express, you can create a new message and drag and drop the
phishing email into the new message. Address the message to phishing-report@us-cert.gov and
send it.
- In Outlook Express you can also open the email message* and
select File > Properties > Details.
The email headers will appear. You can copy these as you normally copy text
and include it in a new message
tophishing-report@us-cert.gov .
- If you cannot forward the email message, at a minimum, please send the URL
of the phishing website.
* If the suspicious mail in question includes a file attachment, it is safer to
simply highlight the message and forward it. Some configurations, especially in
Windows environments, may allow the execution of arbitrary code upon opening and
viewing a malicious email message.
For more information about phishing, see this page.
Recommendations- What to do:
- Only open email or IM attachments that come from a trusted source
and that are expected
- Use an anti-virus/anti-spam package (we recommend Norton 360 or
Norton Internet Security scan all attachments prior to opening.
Click here to see Norton 360 prices, reviews, ordering, etc. .
- Delete the messages without opening any attachments
- Do not click on links in emails that come from people you do not
know and trust, even if it looks like it comes from a company you know.
- Keep your anti-virus software up to date
- Keep your operating system up to date with current security patches.
Click here for an article that describes how to do this.
And please let us know about any
suspicious calls or emails you receive. We look for patterns so that we
can alert the authorities and victims to new scams, before it is too late!
For a comprehensive list of national and international agencies to report scams, see this page.