Charles Schwab QR Code Scam: What It Is and What to Do
A QR code claiming to be from Schwab deserves extra caution. Brokerage, bank, and retirement accounts are high-value targets, and a fake code can send you to a login page that looks official while handing your credentials to an attacker.
How fake Schwab QR code scams work
Schwab customers are used to receiving digital notices about trading, banking, retirement accounts, and security alerts. Scammers copy that language and add a QR code to make the message feel mobile-first and urgent.
- Fake account activity alerts: A text or email says a large transfer, trade, or login attempt needs your review. The QR code leads to a lookalike Schwab login page that collects your username, password, and sometimes one-time security codes.
- Fake Schwab Bank offers: A mailer advertises a promotional checking, savings, or debit-card offer. The QR code asks for banking details, date of birth, address, and account credentials before showing a generic confirmation.
- Fake account migration notices: Messages reference account transitions or profile updates and tell you to scan a code to keep access. That urgency is designed to make you skip the normal step of typing schwab.com yourself.
This is a form of quishing: phishing that uses a QR code instead of a visible link. The QR pattern hides the destination until after you scan.
What Schwab will not ask you to do through an unsolicited QR code
Treat a Schwab-branded QR code as suspicious if it asks you to:
- Verify a brokerage, bank, or retirement account from a text or unexpected email
- Enter your full password, one-time passcode, SSN, or card details
- Approve a pending trade, wire, ACH transfer, or account profile change
- Complete a migration or security update from a domain that is not clearly Schwab-controlled
The safer move is simple: close the QR page, open Schwab directly, and check secure messages or alerts from inside your account.
What to do if you scanned one
- If you only scanned, close the page. Do not enter credentials or tap any download prompt. Your risk is usually low if you did not submit information.
- If you entered your password, contact Schwab immediately. Use the number on schwab.com or on an official statement, not the suspicious message.
- Change your Schwab password from a trusted device. Then change any other account that used the same or a similar password.
- Review account activity. Look for new payees, pending transfers, profile changes, address changes, and unfamiliar device logins.
- Protect linked financial accounts. If you entered card or bank information, call that institution and ask about freezes, replacement cards, and dispute options.
For the broader recovery checklist, use our guide on what to do after scanning a suspicious QR code.
Frequently asked questions
Does Charles Schwab send QR codes for account verification?
You should not trust an unsolicited QR code for account verification, security review, trade confirmation, or migration. Go directly to schwab.com or the Schwab Mobile app and check from there.
What if the QR code opened a real-looking Schwab page?
Branding is easy to copy. Check the destination domain before entering anything. If the domain is unfamiliar, shortened, misspelled, or buried behind a redirect, close it and open Schwab directly.
Should I freeze my Schwab account?
If you entered credentials, one-time codes, bank details, or personal information, call Schwab and ask what account restrictions or transfer holds are appropriate. The right action depends on what was exposed.
Check the destination before you open it
QRsafer previews the QR code destination and checks it before your browser opens the page.
