Good morning and Happy Tuesday. Last week I talked about my desire to slow my professional adoption of AI due to privacy concerns. This has to do with wanting the various privacy issues to solidify more before considering allowing these technologies to interact with your information. Call me paranoid, but I’ll watch the bandwagon roll by a little longer.
This week’s post is also from a negative bent. But as I mentioned last week, I’m not anti-AI. I’m actually excited at what these technologies are/could be capable of and how they might aid businesses and, eventually, humanity in general. I’m just wary of how fast things are changing and how the creative destruction going on can easily absorb the uninitiated.
Unfortunately, and as always, fraudsters are at the leading edge of new technologies and are leveraging them to make ripping you off that much easier. One example is how email phishing attempts used to be straightforward to catch. The sender’s email address looked strange if you hovered over it with your cursor. There were formatting and grammatical issues within the email, and other relatively obvious clues if we slowed down enough to see them. Still, enough people clicked links in these emails to make the process pay for fraudsters, so it continued for years.
Now AI has amped that up. It’s simple now for crooks to use AI to send you a unique and enticing email containing personal detail scraped from the internet while often evading typical fraud filters. Their email has one or more links leading you not to a site that immediately asks for your personal information, but to a professional-looking-but-AI-generated website from which it’s hoped you’ll reach out via email or phone. It’s a faux-personalized approach that can be implemented at scale, and all crafted by AI.
So, the “when in doubt, call and find out” approach could only lead to more problems. If anything, you’d probably want to independently verify the company/person’s existence before actually calling or emailing them – the fraudulent façade can quickly crumble if you did so. Still, if enough people clicked traditional phishing links to make them profitable for fraudsters, how many people do you think might fall prey to this more elaborate scheme?
Along these lines I want to pass on some information about data security from Schwab. These are updates to standard best practices that will apply wherever your money is. Schwab (and firms like it) offer a security guarantee covering 100% of money or investments lost to fraudulent activity that it should have been able to stop. That said, the ultimate responsibility is ours to do the best we can at protecting our own information. And that’s not getting easier.
Here’s the SchwabSafe guarantee page if you’re interested. https://www.schwab.com/schwabsafe/security-guarantee
The last thing I’ll say about this is, at least from a practical perspective, it’s very difficult for someone to break into my systems and Schwab’s systems. Nothing is impossible so if someone accessed your accounts they could monitor your details, download statements, or maybe place some trades (which could be covered by Schwab). They could move money electronically but only using links we have already established together, such as to your outside bank account. Setting up new links or trying to wire money or having a check cut to a third party all require your written authorization after authenticating you. I’m also updated throughout the day as various activities take place, such as trading, address and beneficiary changes, and money movement, so there are multiple layers (tech and human) of monitoring and security working for you.
How to spot, and stop, imposter scams.
Investment scammers are getting more savvy and increasingly personal. They may pose as investment professionals, leaders of trusted financial institutions, and even Schwab employees, all to gain your confidence and trust. With vigilance and a few tips on imposter tactics and techniques, you can recognize these fraudsters and steer clear of their traps.
Here are four signs to watch out for:
- Too-good-to-be-true offers. If you're getting an unsolicited investment offer, especially one claiming guaranteed or unusually high returns, watch out. Opportunities that sound too good to be true probably are.
- High-pressure tactics. Messages or social media ads that demand your attention are trying to press your panic button. Don't fall for any urgent requests to act immediately to "protect" your account, avoid losses, or accept a special offer.
- Contacts from out of the blue. Unexpected messages you receive through social media, messaging apps, texts, or emails you didn't initiate are often a good sign you're being targeted by a fraudster.
- Access and download requests. Think twice if you receive any requests to download software, share one-time passcodes, or allow remote access to your device. You never want to give fraudsters access to your accounts or private information.
If you encounter any of these:
Stop. Don't give out or confirm any personal information (even if they already have it). Never send money, open new accounts, or take any action without stopping to verify what you are doing is legitimate. We'll never contact you through social media or messaging apps to offer investments or request personal information.
Drop. Scammers can't reach you if you disengage. Hang up the call, ignore the chat, swipe past the ad, or leave the group and then block the phone number or profiles so they can't contact you again. Then report the incident as spam or scam to the company or platform where you received It.
Report. If you received a suspicious call or notice any suspicious activity on any of your Schwab accounts, please contact your advisor immediately, or call Schwab Alliance™ at 800-515-2157 (or +1-602-355-3405 if calling from outside the U.S.).
We all try to be extra-vigilant during these periods. But unfortunately, today's scams are more sophisticated and subtle than in previous years—with some offering no obvious red flags. The reason? AI.
Gone are the days of misspelled emails from dodgy addresses: these days, many fraudsters send professional, personalized communications that appear to come from trusted sources.
AI allows scammers to create realistic communications that feel timely and in line with legitimate communications you receive from trusted institutions, including polished emails, convincing phone calls, and messages tailored to you. These tactics are designed to create a sense of urgency, encouraging you to act quickly without verifying the request.
Real-world examples of tax scams
- "Refund on hold" texts or emails
Taxpayers may receive a notice that their refund can't be paid until their personal information is verified. A link leads the victim to a realistic-looking fake website designed to capture personal or banking details. - Tax professional impersonation phone calls
Scammers use calm, professional-sounding human or AI voices to impersonate professionals from the IRS, a tax preparer, or a financial institution. These authoritative voices reference real names and firms to appear credible and encourage recipients to take urgent action to "pay back taxes," "claim a refund," or "verify their information," which of course leads to the theft of data or assets. - Personalized "action required" emails
These messages, which may advertise an unclaimed tax refund, a tax account update, or an important notice from the IRS, may include the victim's name and top-of-mind tax season topics, making the message seem legitimate, and encouraging quick action without double-checking. - REMEMBER: tax authorities do not initiate contact by email, phone calls or text to request sensitive information. The IRS initiates most contacts through regular mail, not phone calls, and will never demand immediate payment or threaten arrest over the phone.
How to protect yourself
- Pause before acting—urgency is a common scam tactic.
- Verify any communications—if the "IRS" has contacted you, visit IRS.gov. and check the message you've received using a legitimate phone number.
- Avoid clicking links or opening attachments in unexpected messages.
- When in doubt, don't respond—talk to your advisor or tax professional first.
Have questions? Ask us. We can help.
