The holiday season is officially in full swing. In addition to the decorations, caroling and roasting chestnuts on an open fire, we have a whole new set of seasonal scams to keep us on our toes.
The scammers know this is the time of year where the wallets open and the money flows, so they will go to great lengths that they knee-deep in that revenue stream somewhere along the line. Whether its phony charities, bogus gift cards or malicious holiday software, these con artists will go to any means, including seemingly embracing the spirit of the season, in order to line their pockets with stolen money and goods.
Here are a few of things to look out for:
FAKE GIFT CARDS
Gift cards a popular item. Customers spend billions of dollars on them specifically in the holiday season. Their popularity is growing even more with the increase and ease of online shopping. When you aren’t sure what to get someone, it seems like the perfect gift, a card that allows them to spend a set amount with a retailer you know they will like. Some of these cards, though, are a hot target for scammers.
At many locations, these cards can be bought from free-standing racks in the front of the store. On each rack you have a myriad of retailers and service providers offering cards. Some come in pre-set denominations, others are open ended. With any of these cards, you will take them to the front and either purchase them outright, or have an amount put on the card that you are looking to gift.
The card is often activated by the teller at the time of purchase. Some cards can be activated later either online and/or by telephone. The crooks have found a way to steal these potential gifts right from under our noses.
They write down the card numbers while still on the rack, and then continually check, either by phone or online, to see if the cards have been activated. Because most of these cards are designed to be used for CNP, or Card Not Present, purchases, the scammers need only have them activated before the spending spree begins. Once the funds are available, the cons spend however much they can before the actual card’s holder has the chance to exhaust it.
In order to fight this fraud, many businesses now include PIN numbers that must be used for all CNP Purchases, and which is hidden below a scratch-off surface. The thieves will scratch these off, noting the pins, and place them back in their cardboard holders so it goes unnoticed until after the card is purchased and/or activated.
If you are purchasing a gift card, always exam both sides of the card carefully for signs of defacement or scratching off of the surface protecting the PIN number, even if that requires removing the card from the packaging.
Besides the in-store racks, these gift cards are often found as items being sold via online auction sites. Be very wary of purchasing cards from these sites, especially if advertised at a reduced price than the balance of the card. Often these cards are fakes. Other times they have been stolen from the stores and, having been reported as such, have been deactivated and will be worthless. Either way, you lose the money spent.
FAKE HOLIDAY ECARDS
The last few years have seen in explosion in online greeting cards being swapped between friends, family members and business associates. Like all things popular, the con artists smell the chance to make a buck off of those not quite up-to-date on how this new technology works. As with the fake ecards making the rounds on Thanksgiving, holiday cards celebrating Hanukkah, Christmas and the season in general will be prime territory for scammers.
Most electronic greeting cards arrive via an email informing you that you have a card waiting at such-and-such a site. A link will be provided for you, and once you click on the link you will be sent to the waiting card. But if you click, beware. You might be getting much more than a seasonal greeting.
You might be sent to what appears to be a genuine Christmas Day card. An elf dances a jig, or Santa golfs in the Florida sun, but the laughter won’t last long. The ecard scams con folks by placing a malicious link in the email. When clicked, it sends the users browser to an exploitive server. After guaranteeing the potential victim doesn’t have the proper patches in the browsing software, the scammers forcibly load a rootkit and a keystroke logger. Then the victim is sent to the legitimate-appearing greeting card.
A rootkit is software which obscures the fact that your computer has been compromised. Keystroke software is exactly what it sounds like, a way the scammer’s can record every keystroke you make and then divine from the information every user name, password, credit card number, bank account number, social security number or any personal information you enter. If you type it, they now have access to it.
On the user’s end, nothing appears out of the ordinary. They got an email asking them to check out a Holiday card, they clicked on the link, noticed it didn’t actually come from anyone they know and then closed it without realizing their identity and financial information was at risk.
Many of these initial emails will be vague. A “business associate”, or “family member”, or “close friend” has sent you a Christmas/Hanukkah card and you can access it by clicking on the provided link. Never click through on emails from unidentified sources.
Even if it comes from a known person, be wary. Your friend or relative might have been the victim of a virus. They opened the card, had the malware unknowingly loaded, then the virus re-sent the bait to everyone in their address book. It would be wise to go directly to the publishing site the card is supposed to have come from and access it there. Otherwise, contact the sender and make sure they sent the card out. If they were the victim of a self-sustaining virus, they might not even realize the fake cards have been sent in their name.
FAKE CHARITY EMAIL SCAMS
This is a classic ruse, made even easier to pull off by our new plugged-in, internet society. It often starts with an email from a charitable organization. But check out the name carefully.
The Better Business Bureau has recently reported on an alarming number of copy-cat charities. They have names that are suspiciously similar to their more familiar counterparts – GrantAWish instead of MakeAWish, or the National Red Cross as opposed to the American Red Cross. They might share a similar name, but chances are good the only charity getting your contributions is the con artists’ bank accounts.
Even worse than spending the “donated” money on themselves, if you pay with a credit card the fraudster has that information as well. If you get one of these emails, do not click on the links. If you are interested, close the message, and then research the company name independently. It will quickly become obvious whether or not they are legitimate.
A new scam involves the victim receiving an email from someone claiming to be a representative of a shipping company like Fed Ex or UPS. They say there has been a gift shipped to you, but the required shipping charges must be paid before it can be delivered.
It’s another ruse to get money from you outright, and access to your credit card information to boot. No shipping company is going to have your email address, and they aren’t going to ask the recipient for payment out of the blue. If you have any questions about a suspicious email, contact the shipping company directly. They will be able to tell you straight off whether or not there is a waiting package.
These are only a few of the ways scammers will look to increase their holiday cheer by stealing money right out of your pocket. Let’s make sure the con artists stockings stay empty this year by staying alert this holiday season.