Holiday shopping season is upon us, and criminals have begun their annual flood of cyber-scams intended to steal from people seeking to enjoy the holidays. I recommend that everyone be aware of the following scams and some simple ways to reduce the risk of falling prey:
1. Phony e-greeting cards – Malware can easily be hidden in attachments, and links to retrieve cards can also direct users to phishing sites or to malware-distributing sites. As a matter of policy, I don’t open e-greeting cards, and I recommend that you follow a similar approach.
2. Phony stores – The fact that a store appears in a Google GOOG -0.2% search, or that a price comparison engine lists it as offering the lowest price for a particular item, does not mean that the store – or the price – is legitimate. Criminals solicit victims by creating phony offerings with attractive prices so as to be “found” by search engines and people looking for deals. As the old adage goes, if a price is too good to be true it probably is. Also, exercise caution when dealing with any store about which you have never heard before, and about which you cannot find information online. Don’t rely on positive reviews – criminals can create phony recommendations very easily; impartial information and negative comments are often a lot more revealing.
3. Anyone can advertise – even crooks – Just because a company is advertising on a legitimate website does not mean that it itself is legitimate – so exercise caution when clicking on ads for offerings from vendors about which you have never heard, and about which little information appears online.
4. Fake delivery-related emails – During holiday season most Americans will receive items shipped by UPS, FedEx FDX -0.83%, DHL, and/or the US Postal Service, so criminals often send out emails impersonating correspondence from these services. Malware may be attached, or links in the email may direct a user to a rogue website that impersonates the shipping company’s real site. If you have questions about a delivery go to the carrier’s website; don’t click on links in an email or open attachments.
5. Fake store emails – Criminals send out emails that appear to be from Amazon, ebay, WalMart, and other major online retail outlets, but which spread malware or direct would-be shoppers to phishing sites. If you receive notification of some “great deal” via email, or have questions about an order, go to the vendor’s website; do not click links in an email or open attachments.
6. Charity scams – The holidays are a time for giving, and criminals want to be the beneficiaries of your generosity. All sorts of charity scams abound this time of year – before you give to a charity that is soliciting your hard-earned money, confirm its worthiness with the Better Business Bureau, Charity Navigator, or another legitimate charity search engine. Also, when making a donation, always initiate contact with the charity via its website/listed phone number/physical address; never give payment, or send payment details, to someone who contacts you claiming to represent the charity.
7. Gift card scams – Criminals are quite happy to sell you phony gift cards, or cards purchased using a stolen credit card. If you plan to buy gift cards you are best off purchasing them directly from the vendor. The few dollars more that it might cost versus purchasing on the secondary market (e.g., through an exchange or on ebay) are insurance that your cards are the real thing. Even if a site offers a money back guarantee — do you really want recipients of your gifts calling you when their cards don’t work?
8. Credit card scams – Many Americans rely on credit cards to do holiday shopping, so criminals routinely create fake credit card offers this time of year. Credit card applications should always be done by entering the URL of the issuing bank, not by clicking links that appear in blogs or other online forums discussing credit card offers or related deals.
9. Email/Texting/Phone scams – If anyone emails/texts/calls you, claims to be a party with whom you have done business, and asks you for personal information, before providing the data initiate a different channel of communication that ensures the party is who he claims to be. For example, if a credit card company calls to tell you about an issue with your card, don’t discuss the account on that call, instead call back using the number that is printed on the back of the relevant credit card.
10. Social media post scams – Exercise caution when clicking on links found on social media. Many a time has someone fallen prey to a scam that commenced with his clicking a nefarious link found in a trustworthy friend’s social media post – only to find out later that the friend’s account had been hacked.
11. Free software scams – Holiday apps, screen savers, and other “fun and free” software may be Trojan horses containing malware. Download only from legitimate parties, exercise caution, and ask yourself – why is someone giving me something for nothing?