Beware of Holiday Scams

As the holiday season kicks into high gear, unfortunately so do scams.

This time of the year we see an increase in debit/credit card fraud and social engineering scams. Social engineering is the use of deception to manipulate individuals into sending money, or divulging personal information that may be used for fraud.

  • Cyber criminals can change their caller ID phone number to make their phone call look like it’s from your local area code or from a trusted name. Caller ID cannot be relied upon these days.
  • Unless you placed the call, never give the other party information that they should already have. For example, if the bank called you, they shouldn’t be asking for your account number.
  • If you believe a phone call is an attack, simply hang up. If you want to confirm that the phone call was legitimate, go to the organization’s website (such as your bank) and call the customer support phone number directly yourself. That way, you really know you are talking to the real organization.
  • Anytime anyone calls you and creates a tremendous sense of urgency or pressure, be extremely suspicious.

Popular Scams

Scammers are usually after your money or personal information. They trick unsuspecting individuals into sending money or divulging personal information by creating situations that feel very urgent and realistic.

Imposter Scams

A scammer pretends to be someone you trust — a government agency like the Social Security Administration or the IRS, a family member, a love interest, or someone claiming there’s a problem with your computer. The scammer can even have a fake name or number show up on your caller ID to convince you.

Scammers use caller ID spoofing
Scammers can make any name or number show up on your caller ID. That’s called spoofing. So even if it looks like it’s a government agency like the Social Security Administration calling, or like the call is from a local number, it could be a scammer calling from anywhere in the world.

Scammers make unsolicited calls
Phone scams come in many forms, but they tend to make similar promises and threats, or ask you to pay certain ways. They con the victim into sending cash, usually through a prepaid debit card or wire transfer. They may also leave “urgent” callback requests through phone “robo-calls,” or phishing emails.

Callers try to scare their victims
Many phone scams use threats to intimidate and bully a victim into paying. They may even threaten to arrest, deport or revoke a license if the victim doesn’t immediately pay a debt, fine, or fee.

Online Shopping Scams

Online shopping scams happen when you purchase items online at extremely low or unbelievable prices but never receive them. Tempting ads on social media will promote incredible prices and have links that take you to sites that appear to be legitimate and sell well-known brands, but these sites are often fake. Be wary of websites that have no contact information, broken contact forms, or use personal email addresses. Type the name of the online store or its web address into a search engine to see what others have said about it. Look for terms like “fraud,” “scam,” “never again,” and “fake.” Be very cautious of online promotions or deals that appear too good to be true. It’s far safer to purchase items that may cost slightly more, but from trusted sites that you or your friends have used before.

Money Mule Scams

A Money Mule scam is a type of scam in which criminals use their victims to move stolen funds. Money mule scams can take many forms, and commonly involve online dating, work-at-home jobs or prizes. In a typical scam, the fraudster sends the victim money to deposit into a bank account and then asks them to send some of it to someone else, usually through a gift card or a wire transfer. When the initial check is later found to be fake, victims are on the hook for the full amount.

You can avoid money mule scams by never using your own bank account or opening a new account in your name to transfer money for an employer; never pay to collect a prize or move any money out of your “winnings”; and never send money to an online love interest. If a money mule scam is suspected, you should break off contact with the scammer, inform your bank and report the incident to the FTC.

How do you avoid being a victim?

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Do not reveal personal information (account numbers, social security numbers, etc.) on a phone call unless you have initiated the phone call.
  • Don’t send sensitive information over the internet before checking a website’s security. (See Protecting Your Privacy for more information.)
  • Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with “https”—an indication that sites are secure—rather than “http.”
    Look for a closed padlock icon—a sign your information will be encrypted.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls for Home and Small Office UseProtecting Against Malicious Code, and Reducing Spam for more information.)
  • Take advantage of any anti-phishing features offered by your email client and web browser.

What do you do if you think you are a victim?

  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
  • Watch for other signs of identity theft. (See Preventing and Responding to Identity Theft for more information.)
  • Consider reporting the attack to the police, and file a report with the Federal Trade Commission.