‘Tis the Season – Don’t Fa La La to Holiday Scams

As another holiday season quickly approaches and holiday gift lists are started, the scammers are also looking to deck the halls during one of their favorite times of the year. As many begin planning for shopping and holiday festivities, unscrupulous scammers are presented with ample opportunities to spoil celebrations. They are more than willing to use the festive mood to get into your wallet. Do you know what some of the red flags are to avoid these scams? With a bit of preparation and vigilance, you can cut down on the risk of becoming a scam victim this holiday season.

Deloitte’s recent holiday retail survey indicates that average holiday spending is going to increase 5% and that “Digital platforms that consumers tried during the pandemic for safety reasons have become habits because of the conveniences they offer” Well, guess what? This also means more opportunities for grinches to exploit our holiday habits. But don’t be frightful! Protecting your finances during the holiday scam season requires vigilance on your part, and this article will provide you with tips that can help you keep your holidays merry and bright.

The Naughty List - Holiday Scams

• Charity scams: One-third of all charitable giving is typically done in December. These types of scams exploit generosity via fake websites and pushy telemarketers.
• Delivery scams: As holiday packages inundate mail delivery, scammers send out phishing emails disguised as UPS, FedEx, or U.S. Postal Service notifications of incoming or missed deliveries. Links lead to bogus sign-in pages asking for personal information or to sites infected with malware. Additionally, fraudsters know you will receive unexpected packages this season and will send realistic-looking delivery failure notifications, so you will follow up and reveal personal info.
• Free gift cards: Nothing brings good cheer like the word 'FREE'. Scammers are known to take advantage of this weakness by sending bulk phishing emails requesting personal information to receive free gift cards. In some of these emails, scammers impersonate legitimate companies and promise gift cards to loyal customers supporting their business throughout the pandemic.
• Letter from Santa scams: A custom letter from the North Pole may sound enticing and fun for the little ones on your holiday list, and although many offers are legitimate, scammers are known to steal personal information about you or, worse, your kids or grandkids, who may not learn until many years later that their identity was stolen and their credit compromised.
• Mobile malice: Keeping yourself or your little ones occupied during a long flight, layovers, or a long car ride may entice you to install a distracting mobile game to help pass the time. However, do so with caution! Mobile games can steal passwords and other data from your device. Additionally, there are several holiday-themed apps where children can video chat live with Santa, light the menorah, watch Santa feed live reindeer, track his sleigh on Christmas Eve, or relay their holiday wish lists. This holiday season, like last year when COVID-19 caused children to skip the traditional in-person visit with Santa, apps may play a more important role than ever. Free apps can also contain malware.
• Must-have gift scams: You search the internet endlessly for that must-have gift, and you stumble upon the deal of the holiday season. How do you know if this is for real? A telltale cautionary sign is that the item is in high demand, has low supply, and inflated prices on eBay sites. Almost on cue, websites will pop up offering the hard-to-get item at an unbelievably low price. Don’t fall for this “deal” — the advertiser likely does not have the product and uses the offer to harvest personal information or payment through PayPal.
• Public Wi-Fi: It may be tempting to jump on the public Wi-Fi while you are taking a shopping break at the local coffee shop, waiting in the airport, or putting your feet up in the hotel while you are relaxing with your favorite drink. However, scammers target hotel visitors, coffee shop patrons, and other public Wi-Fi users with pop-ups that request that they install a program (i.e., data-stealing malware) before connecting to a network.
• The usual scams: Holiday phishing scams (by email), vishing (“voice” or phone-related scams), smishing (by text), and QRishing (QR codes) are pervasive but often become more common around the holidays. Each of these involves getting contacted by what appears to be a trusted source, asking you to click a link, which subsequently installs malware, or asks you to send money.

The Red Flags

Here are some basic red flags to look out for to avoid holiday scams:

• Seller asks you to provide some unusually detailed personal information
• Seller insists on payments via wire transfer or cash apps and refuses to accept credit cards
• The online shop’s website address looks strange
• The product page is filled with many 5-star (but seemingly irrelevant) customer reviews
• There are lots of typos and questionable wordings on the web page or contained in the email or SMS message
• There are no valid contact details on the site
• Too-good-to-be-true deals

Tips to Stay Safe from the Fraudster’s Wish List

• Ask yourself if using public Wi-Fi is worth the risk: Using public Wi-Fi to access bank accounts or other sensitive info is never a good idea. If you do choose to use public Wi-Fi, remember that you should not have to install anything.
• Avoid sellers who have unusual payment requirements: Includes paying via wire transfers, cashier’s checks, gift cards, and prepaid cards as these types of payments are almost impossible to recover. Even popular payment apps, like Zelle and Venmo, do not offer fraud protection. Keep in mind that such apps are linked directly to your bank account. Once the payment is sent, your money leaves your account for good. Try to limit your financial interactions on these platforms to smaller amounts, and only with people you have come into contact with or have received a good or service.
• Be on the lookout: Word misspellings, bad grammar, no clear method of contacting the company, and no information about the company's location are some common signs that something is amiss.
• Check privacy policies: Before providing personal or financial information, check the website's privacy policy to make sure you understand how your information will be stored and used. If a site doesn’t have a privacy policy, that’s a big red flag that it may be a scam.
• Check websites for the https and padlock: Look for indications that your information will be encrypted on online shopping websites. This is typically identified by a URL that begins with "https:" (instead of "http:") and a padlock icon. Remember that some attackers may trick website visitors by displaying a fake padlock icon, so be sure that the icon looks authentic and is in the appropriate location for your browser.
• Check your online statements: Keep a record of your purchases and copies of confirmation pages and compare them to your bank statements. If there is a discrepancy, report it immediately. Go online regularly during the holiday season to check electronic statements for fraudulent charges to your credit card, debit card, and checking accounts.
• Charitable donations: If you are looking to help those in need, first verify the person, cause, or organization is legitimate.
• Choose apps wisely: Be aware that some mobile apps could be a scam, and other legitimate apps may collect a lot of personal information. Look for apps that tell you what they do with your data and how they keep it secure. Keep in mind that there may be no legal limit on your liability with money stored in a shopping app or on a gift card. Unless otherwise stated in the terms of service, you may be responsible for all charges made through your shopping app. Always do a quick search to check the validity of the app you are downloading and read the permissions carefully.
• Deliver gifts securely: It is a good idea to have packages delivered to a secure location. If you will not be home, send them to your place of work, or ask a neighbor to watch for deliveries. Consider requiring a signature for delivery or look for options to pick up your package at a nearby store or mailing center. If you plan to send a gift card by mail, use a method that allows you to track the delivery. If it is being sent online, use a technique that is password protected.
• Do your homework on unfamiliar retailers: One of the best ways to avoid online shopping scams is to make your purchases on the websites of retailers you already know and trust. Suppose you find an unfamiliar retailer that has an item you just cannot find anywhere else. In that case, Consumer Reports provides a list of ways to research the retailer Make a note of the retailer’s phone number and physical address if there is a problem with your transaction or your bill.
• Install and update anti-virus software on all your devices: Install firewall, anti-virus, and anti-spyware software on your computer, tablet, and smartphone. Check for and install the latest updates and run virus scans regularly.
• Purchase gift cards from a reputable source: The Retail Gift Card Association recommends purchasing gift cards only from trusted sources and known brands, especially when buying online. If you are buying a gift card in-store, check the card to see if the wrapping has been tampered with, or if the PIN has been revealed. If a gift card looks suspicious, take it to an employee and pick a different card. If the gift card is digital, store it in an online account or mobile wallet that requires a password. If you receive a gift card this holiday season, use it as soon as possible to avoid loss or theft, or register the gift card and change the PIN.
• Stay alert to phishing attacks: Be wary of phishing emails that are often designed to look like an authentic message from a well-known brand. Avoid clicking on links in unsolicited emails and be cautious of email attachments. Do not provide sensitive information through email. If you receive an unsolicited email from a business but wish to learn more about the offer, log on to the authentic website directly by opening a browser and typing the web address yourself. Do not click on the link provided.
• Verify the sender before opening ecards: Make sure that the sender's name is visible, be careful if you are required to enter personal information to access the card, and avoid opening suspicious emails but especially those with an attachment that ends in “.exe” which could download a virus.

What to Do in Case of Suspected Fraud

If you believe that you have been a victim of fraud or theft, report it immediately to your bank or credit institution as well as to the proper authorities to minimize your losses and begin working toward a resolution.

• File a complaint with the FBI's Internet Crime Complaint Center (IC3).
• Report the incident to your local police and file a report with the Federal Trade Commission.
• Report suspected identity theft to the Federal Trade Commission on their website IdentityTheft.gov.

Although the information provided in this article mostly pertains to your personal activities, many individuals also find themselves being victimized by these same scams in the workplace. Such incidents have cost organizations thousands to millions of dollars in losses and fines, and has also resulted in damage to brand reputations. Compass IT Compliance has spent the past decade assisting organizations across the US in training and testing their staff to recognize these threats on a daily basis. Contact us today to learn more about our unique and cost-effective approach to strengthening your cybersecurity posture!