November 17, 2019
It’s prime time for criminals who will be looking to get a piece of the approximately $730 billion consumers are expected to spend this year in winter holiday retail sales, according to forecasts from the National Retail Federation.
“Individuals tend to not look at accounts closely (during the holidays),” says Allen Spence, director of product leadership at IDShield, a company providing identity theft protection and resolution services. Instead, they may wait until after the dust settles in the new year to reconcile accounts and identify problem charges. By that time, it may be more difficult to contain damage that has occurred because of stolen passwords or personal information.
Identity theft products can help minimize the effects of holiday shopping scams should you become a victim. However, it also helps to recognize and avoid scams in the first place.
“(Scammers) are not computer geniuses,” says Andy Zolper, senior vice president and chief information security officer at the financial firm Raymond James. “They are master manipulators.”
Here are 10 common scams you might see used by fraudsters this holiday season:
– Sham order confirmations.
– Bogus shipping notices.
– Shady email scams.
– Cloned websites.
– Disappearing packages.
– Fake charities.
– Unreal relatives in distress.
– Sob stories on social media.
– Phony classified ad listings.
– Intercepted data.
Sham Order Confirmations
Although not an entirely new technique, Zolper says there seems to be an uptick in scams involving fake online orders. Victims receive an email that appears to be from a reputable retailer or a payment service like PayPal confirming a purchase.
“Your natural reaction is to say, ‘I didn’t buy that,'” Zolper says. Scammers will have included a link in the email that people can click to dispute or cancel the order. After clicking on that link, victims will be asked to provide personal or payment information that will be used for identity theft or to make fraudulent purchases.
If you receive an email like this and are concerned someone has gained access to your shopping account, don’t click any links in the email. Instead, go to the retailer’s main page, log into your account from there and check for any fraudulent activity.
Bogus Shipping Notices
A variation of fake order scams involves messages purportedly from FedEx, UPS or the Post Office that notify recipients of a delayed shipment. The message may include a link to track the package. However, clicking the link could download a virus onto your computer. If you’re expecting a package, visit the merchant site to receive tracking information, rather than clicking a link in an email.
There’s also an offline version of this scam, says Michael Gerstman, CEO of the Dallas-based advisory firm Gerstman Financial Group LLC. “You might find an official-looking notice in the mailbox,” he says. It could state that a delivery couldn’t be made for some reason and includes a number to call. Victims who call the number may then be asked to provide a credit card number or other information. “Anyone asking for personal information is a tip off that something is not right,” Gerstman says..
Shady Email Scams
Phishing scams are a tried-and-true method to steal personal information. They involve sending emails that look like official communications from trusted websites, but are actually forgeries.
“Right now, it’s becoming very app-driven,” Spence says. Emails may direct people to download apps that look legitimate but are harvesting data from unsuspecting users instead. Other fake apps may use Open Authorization, known as OAuth, to connect to Google or Facebook accounts and access information there. Another common phishing scam involves emails warning that a failure to confirm personal details could result in an account being closed.
The best defense against phishing scams is to never click links in an email. Instead, manually type the web address into your browser to visit the site. That way, you can confirm whether a requested action is legitimate.
People need to be wary of all unsolicited emails they receive, since it’s easy for scammers to clone a website to make it resemble a site you know and trust. They may send you a sale coupon that, when clicked, takes you to a fake website that looks just like the real site.
Keep in mind, criminals aren’t necessarily looking for your credit card information. The cloned site might simply ask you to log in and then redirect you to the real website so you never realize you were on a cloned page. Once a thief has your login credentials, he or she can access your account to make unauthorized purchases.
“It’s key to look for that lock symbol or the ‘https’ in the browser,” Spence says. That indicates the site is secure. Also pay attention to the URL address. Cloned site URLs will look similar to the site they’re replicating, but aren’t exactly the same. For instance, scammers might us a web address like Amazon-12345.com if they are trying to trick people into thinking they are on Amazon.com.
Not every holiday scam happens online. Some criminals steal the joy of the season by swiping deliveries from front porches. They may cruise through neighborhoods looking for deliveries left while residents are at work.
Installing a home security camera could help law enforcement identify and catch the thieves, but it might be easier to make arrangements so your packages won’t be left unattended by the door.
For instance, Amazon offers several special delivery options. Those with Key by Amazon smart lock systems can have packages delivered directly to a vehicle trunk or inside a house. There are also Amazon Hub Lockers at various locations throughout the country, which can receive packages for you to pick up at your convenience. For other retailers, having packages delivered to a workplace may be a more feasible option.
The spirit of the season makes people feel generous, and scammers capitalize on that. They may create fake GoFundMe pages for a seemingly good cause or impersonate legitimate charities on the phone.
“Everyone has to be very wary of donation solicitations,” Zolper says. To avoid charity scams, be deliberate about your giving. Do your research and don’t make phone donations to unsolicited callers. Any request to wire money overseas should be a red flag.
Sob Stories on Social Media
Social media sites make it easy for people to share appeals for assistance, and that can make it a breeding ground for scammers. As the holidays approach, be aware that not every story shared on social media may be accurate.
The most glaring example of this is a couple who raised more than $400,000 on the crowdfunding platform GoFundMe last fall using a false story about helping a homeless man. Both the couple and the man were prosecuted for the scam when it came to light.
If you want to give money to a GoFundMe account, it may be best to stick to those with a personal or local connection. That way, you can verify that the organizer is authorized to raise money for the recipient.
Unreal Relatives in Distress
Although not limited to the holidays, another common scam involves fraudsters impersonating a relative facing a crisis. Seniors are commonly targeted, and they may get a call allegedly from a grandchild in trouble. This child may have supposedly been arrested or have some other urgent need to have money wired to them.
Spence’s advice: “Hang up and call a family member to confirm.” Be equally cautious about emails outlining similar scenarios, such as a relative whose wallet and passport have been stolen while traveling. Make contact with the relative through another means before offering any financial assistance.
Phony Classified Ad Listings
Scams on Craigslist, Facebook Marketplace and similar online venues can be a problem year-round. Always meet in a public place to make a transaction and test any electronic devices before paying. The lobby of a local police department or city hall can be a good meeting place.
If a seller has posted an item on a local classifieds site but says it needs to be shipped, that should be a red flag. The same goes for any situation in which a person wants you to cash a money order or cashier’s check and wire money to another party. Tickets to concerts and events can also be risky on classified ad sites since they may be fake or canceled.
Think twice before doing your Christmas shopping on the public Wi-Fi network at the library or coffee shop. “Do not jump on a public Wi-Fi to buy something,” Spence advises. Hackers in the area can intercept data over public systems, giving them access to account passwords, payment information and more.
While home networks are often more secure, they too can be prone to breaches. Use a virtual private network, or VPN, to add a layer of encryption and protection to all your browsing and online shopping activity.
To learn more about avoid holiday shopping scams so you do not fall victimn to online schemes, read this article on the FBI Website.
(Sources: US News & World Report and the Federal Bureau of Investigation)