So, the spirit of Christmas and Hannukah is here: houses and trees lit up, gift wrapping — and scammers. The denizens of the underworld may ruin your holiday while you are concentrating on shopping and giving. They even steal from charitable givers.
SHOPPING
E-commerce sales rose 7 percent during 2022 to $1.03 trillion. That’s thirty-two percent of the Better Business Bureau’s (BBB) complaints; three in four victims report they lost money through an attack.
Spoofed (bogus or legitimate-looking) websites, mobile apps, SMS (text) messages, pop-up ads, or email coupons can harvest personally identifiable information (PII) for use in identity theft. So can completely fabricated sites.
A well-known store that offers huge discounts on well-known brand names should be a warning. Watch for familiar logos, slogans, and URLs that are easily mistaken for the real thing. Be suspicious when you are offered free shipping and overnight delivery.
Do your research to spot a scam and stop it.
Watch for:
– Is an offer too good to be true?
– Does the site or email show shoddy website design or sloppy English?
– Are there limited or suspicious contact options and not a legitimate business address? Is the customer service email at a Yahoo or Gmail account or a legitimate email address?
– Are the URLs phony, with extraneous words, characters, or unusual domains (.bargain, .app, or a foreign domain instead of .com or .net)?
– Are you being asked to download the company’s software or enter PII to access discount coupons or codes?
– Are you being asked to pay by wire transfer, money order, or gift card?
PACKAGE SCAMS
Maybe you’ve seen the exploding confetti or stink bombs that burst forth from bogus packages, but the reality around counterfeit packages is more sinister.
Everyone loves packages. What could it be? It could be a free package for you! The email or text asks you to confirm a delivery or say that a delivery attempt was unsuccessful and you must reschedule. You are just requested to click a link that will take you to a website where you can confirm or clarify.
Phony delivery notifications are the most common threat in package scams, i.e., a text or email supposedly coming from the U.S. Postal Service, FedEx, or UPS. A scammer intends to take advantage of your busy shopping, maybe through a fake gift from your family or friend. An email or text link can lead to a bogus site where you’ll be asked to enter PII or financial data. There goes your identity. You may get a package of malware instead.
Watch for:
– In 2021, over 23 billion fake messages were sent to text links — more than 1 in 4 (RoboKiller).
– Watch for real-life scams, too: delivery service employees asking for PII or credit information or leaving a failed-delivery notice with a bogus phone number and asking for information.
– “Porch pirates” peruse the streets for packages delivered to a doorstep but not gathered by the addressee yet. This is all too common.
– Is there a notice of a package you don’t remember ordering?
– Do you have urgent requests for payment or your PII?
– Does the message display evidence of a scam, like poor English?
– Don’t let unsolicited phone or texts blind you.
– Keep track of your orders, where they are, and when they should be delivered.
– If you hover over a link in a suspect email, is the link recognized as the one you expect it to be?
– If you call FedEx or UPS, use a number or email from their official website or a contact page chat function.
– To avoid porch pirates, ask your neighbors to pick up your deliveries when you are not home or have your packages sent to your work or neighbors’ house.
– Use the U.S. Postal Service’s or Amazon’s locker delivery at no extra charge.
– Any requests to provide, update, or verify your PII should be warning signs.
– Don’t click on links or open attachments from unknown parties.
– Don’t give out PII, credit card details, user IDs, or passwords to a caller.
– Don’t call a number on a delivery notice that is left on your door; again, call the numbers on the official website.
– Watch for spoofed logos or language.
CHARITY SCAMS
Americans gave $319.04 billion to charity in 2022 (Giving USA Foundation). But the bad guys take advantage of this generosity without qualms about wrongdoing, even on holidays.
Watch for:
– No one is immune: even veterans, people with disabilities, and disaster victims are targets.
– Watch for fake telemarketing, direct mail, email, door-to-door solicitations, social media accounts, and websites.
– Some organizations are wholly fabricated.
– Other genuine organizations use donations for other reasons.
– Some use impressive fundraising networks (such as political action committees and candidates) but use donations for themselves.
– Beware of urgency and the pressure to give immediately.
– Beware of a thank-you donation.
– Beware of requests for cash, gift cards, or wire transfers.
– Review Charity Navigator, CharityWatch, and the Better Business Bureau’s Wise Giving Alliance for their ratings on an organization and your state’s charity regulator for the organization’s registration to operate as a charitable organization.
– Do your research online.
– Be aware of the charity’s name and web address being spoofed, specifically for the site’s exact name (i.e., beware of sites or emails like redcrosss.org or wycliffeee.org, etc.).
– Keep a record of your donations and review your account statements for charges
– Don’t give PII to someone asking for donations.
GIFT CARD PAYMENT SCAMS
Impostors and phone scammers use gift cards. According to the FTC, gift card scams in 2022 amounted to $228.3 million.
Watch for:
– Are you being asked to repay a debt you didn’t know existed or for a service you don’t recognize?
– Are you being asked to buy gift cards to make a quick payment?
– Watch for legitimate companies that ask for payment via gift card.
– Beware of urgent calls for help from a family member or someone you’ve met online.
– Users of auction or resale sites can also offer goods at a discount or a too-good-to-be-true price. Beware if you’re asked to pay with a gift card.
– “Clergy members” or parishioners asking you to buy gift cards are a warning.
– Watch for legitimate card balances; crooks can scratch off and replace the film strip on the back of the physical cards.
– Phony giveaways act through email and texts saying you’ve won a gift card and ask you to claim it by providing your PII or contact information.
– Again, watch emails or texts for links that can load malware or expose your PII for identity theft or marketers.
– Beware of someone claiming to be a government official, company representative, friend, or family asking you to buy a gift card to cover a debt, bill, or emergency.
– Are you being asked to pay using a gift card from a different retailer from the one you are buying from?
– Watch out for cards that look to be tampered with.
– Purchase cards directly from the company’s website
– Beware of physical cards that look to be tampered with.
– Ask the retailer (through the email on the retailer’s website) that issued the gift card you used to pay a scammer to get you a refund.
– If possible, register the gift card with the retailer.
– Don’t trust callers supposedly from government agencies (tax or IRS), tech companies, utilities, or other businesses.
– Don’t click or download unsolicited emails or text messages that offer a gift card.
– Don’t give PII to anyone in exchange for a gift card. All I Want For Christmas Is Not To Be Scammed