Cybersecurity Spotlight: Search Engine Optimization (SEO) abuse attacks are on the rise

Did you know that October is National Cybersecurity Awareness Month? And while we have enough spooky things this month to keep up us at night, CWM and our partners at Charles Schwab do NOT want your cybersecurity well-being to be one of them.

Search Engine Optimization (SEO) abuse attacks, also known as SEO poisoning, are on the rise and becoming more sophisticated. In an SEO abuse attack, scammers use sophisticated “spoofed” websites to convince users they are visiting legitimate sites owned by trusted businesses, including the financial institutions you rely on.

How does it work?

According to CrowdStike.com, SEO abuse attacks work by increasing “the prominence of malicious websites, making them look more authentic to consumers.” These attacks rely on the assumption that the first displayed websites on a search engine are the most credible. Scammers use a variety of methods to accomplish the attack, but the most common way is typosquatting. Have you ever entered a website URL and accidentally omitted, transposed, or included an extra letter? That’s typosquatting. And malicious actors exploit these minor user errors and a person’s trust in the search engine results to gain access to systems.

To spoof a website, malicious actors purchase "sponsored links" to fake sites which appear at the top of search results. Their goal is to boost their site's visibility and lure unsuspecting users into clicking on them. These deceptive sites can pose serious risks by exposing investors like you to potential malware, identity theft, and financial loss.

How do I protect myself?

Not to worry! We're here to arm you with knowledge so you can recognize spoofed websites and steer clear of them. Here’s what to keep an eye out for:

• URL errors and issues - Look for misspellings or unusual domain extensions. A single letter out of place might mean you're on a fake site.
• Grammar and spelling mistakes - Legitimate sites take care to avoid errors. If you spot poor grammar, spelling, or formatting mistakes in content, that's often your first clue it's a fake site.
• False security notification - Once you click on a site link, you're presented with a screen notifying you of a login issue and directing you to a hotline number. Wording on these fake sites may mention "unauthorized activity" or other details designed to trigger anxiety and panic.
• Request for personal information – Comprehensive Wealth Management and Schwab will never ask you over the phone for your account login password or a SMS passcode. If someone is asking you for your account login password or SMS code by phone, do not provide it.
• Privacy policy - Genuine sites will have a privacy policy available. If it's missing, think twice. Most websites have a link to the company’s privacy policy as a link in the footer of their website. As an example, CWM’s privacy policy can be located at the very bottom of every page on our website.

• Avoid searching for a site - Use your saved bookmarks for visiting websites, especially financial ones, to avoid the risk of phishing and downloading malware. It’s why we always encourage you to bookmark your Client Portal website.
• Utilize the app - Download your financial institutions app and utilize biometric authentication if available. (Note: be cautious to read reviews and check the number of downloads to ensure you're downloading the legitimate app.)
• Question urgency - Phishing attempts often create a sense of urgency. Take a moment to verify the information through official channels.
• Use secure networks - Access financial accounts only through secure networks and consider enabling multi-factor authentication where possible.
• Call before acting - If you have concerns about a site or link, it's always best to call us at (425) 778-6160 before taking any action, like downloading software.

Remember, Comprehensive Wealth Management and our custodial partner Charles Schwab are here to help. If you're ever in doubt about the legitimacy of a communication from CWM, Schwab, or any financial institution, please call us immediately at (425) 778-6160 - because the only frightening thing you should experience this month is how much candy you have left over on November 1^st.

Want to learn more about your personal cybersecurity and how to protect your online life? Watch this video of our exclusive interview with cybersecurity expert Tim Villano of Artemis Global Security and learn about the ways you can take charge of your online security.