Beware of New Cyber Threats: Remote Access Tool (RAT) Attacks Targeting Investors

In today’s digital world, cybersecurity threats continue to evolve—and one of the latest, and most concerning, involves Remote Access Tools (RATs). Originally designed for legitimate uses such as IT support, these tools are now being exploited by fraudsters to infiltrate mobile phones, tablets, laptops, and desktops. Schwab has identified a rising trend where RATs are being used in combination with phishing attacks to gain unauthorized access to investor accounts.

As your trusted advisory partner, we want you to be informed and protected. Below is an overview of how RAT-based attacks work, warning signs to watch for, and steps you and your family can take to stay safe.

---

What Is a Remote Access Tool (RAT)?

A RAT allows someone to control a device from another location—often silently and without the user’s knowledge. When used maliciously, it gives cybercriminals a backdoor into your digital life, enabling them to steal data, monitor your activity, and even access your financial accounts.

---

How These Attacks Happen

1. Phishing Email or Text – The attacker sends a fake communication that looks like it’s from a trusted source, such as a government agency or financial institution.
2. Silent Installation – If the link or attachment is clicked, the RAT installs in the background without alerting the user.
3. Remote Access Granted – The attacker now has full visibility and control of the device and can:
   • Capture passwords and financial data
   • Record keystrokes and screen activity
   • Access secure platforms like Schwab Alliance to make unauthorized trades or move money

These attacks are especially dangerous because they often occur on a device the user trusts and may not trigger any antivirus warnings. They can appear “invisible” and go unnoticed until damage is done.

---

Red Flags to Watch For

• You click a link in what appears to be a legitimate message, but nothing happens—this could mean a RAT was silently installed.
• Your device shows unusual messages such as “Do not turn off your computer. Computer is currently being scanned.”
• You notice strange account activity that doesn’t match your usual behavior.

---

Real-World Scenario: Client Account Takeover

A client receives a fake text message from what looks like their financial institution, asking them to verify account information. They click the link and unknowingly install a RAT. The attacker then uses the tool to gain access to the client’s online account and initiates unauthorized activity, such as stealing funds or personal data. The Schwab Security Guarantee may or may not apply in such cases—each incident is reviewed individually.

---

What To Do If You Suspect a RAT Infection

• Disconnect from the internet immediately to cut off access.
• Contact your IT support team or a cybersecurity professional.
• Remove unknown or suspicious apps from your device.
• Avoid changing your passwords right away—do this only after the RAT is removed, or the attacker might steal your new credentials.
• In some cases, a factory reset may be required for full removal.

---

How You and Your Family Can Stay Protected

Share these tips with anyone in your household who accesses financial accounts online:

• Close your browser window immediately after logging out of Schwab Alliance or other secure platforms.
• Ask us about the “limited view” option in Schwab Alliance to help restrict access and prevent unauthorized transfers.
• Always keep antivirus/anti-malware software up to date.
• Avoid clicking on unknown links or downloading unsolicited attachments.
• Type website URLs directly into your browser instead of clicking links in emails or texts.
• Remove unrecognized apps from your devices.
• Use strong, unique passwords—and consider a password manager.
• Enable multi-factor authentication and biometric login features.
• Keep your devices and software updated regularly.

---

Report Suspicious Activity Immediately

If you notice any suspicious behavior on your Schwab account, contact Schwab Alliance at 800-515-2157 right away. Early action can help prevent financial loss and protect your information.

---

At Sterling Advisory Group, your security is our priority. If you have questions about this type of fraud or want help strengthening your digital defenses, please don’t hesitate to reach out. We’re here to help you navigate these challenges with confidence and peace of mind.