Tuesday, December 13, 2016

"Ho! Ho! Ho!" or "Oh No No!"

Here are a few holiday tips to make sure "Ho! Ho! Ho!" doesn't turn into "Oh No No!"

It's December! A time for family gatherings, vacation travels, Christmas shopping - and holiday scams. Here are a few tips to make sure "Ho! Ho! Ho!" doesn't turn into "Oh No No!"

Shop with credit cards - never debit

As chip card readers slowly become common in US retail stores, fraud at brick-and-mortar stores has dropped over the last two years. Instead, scammers are focusing more on online scams. The advice to shop only with credit cards is important at brick-and-mortar stores, but even more so online. Consumer liability laws in the US are a little more favorable for credit card shoppers. More important, a debit card is directly tied to your bank account and can leave you in a bind if the rent comes due while you are disputing a fraudulent charge with the bank.

On a similar note, be wary of anyone who asks you to pay for purchases using unusual methods. Prepaid debit cards, gift cards, bitcoin, and wire transfers may be difficult if not impossible to trace, and you may not be able to recover the lost money.

Of course, this doesn’t work for all people and for all circumstances. There are a number of legitimate reasons someone may not want to use credit cards. If that describes you, here are two alternatives. A debit card linked to a spending account with a low balance – separate from the account you use to pay necessary bills – is a good alternative. Prepaid debit cards too will limit what a thief can steal from you, although fraud against a prepaid card may be impossible to undo.

Be alert for look-alike websites

Websites imitating well-known brands can be hard to identify. Scammers will often set up an imitation website using a common brand name along with extra words. More difficult to detect are domain names using characters visually similar to the ones you are used to. International character sets mean there are a half dozen characters that look exactly like the letter "o" in the English alphabet. Your best bet is to type in the address yourself - advertisement and email scams imitating a well-known store but with a fake address are common, and even Google search results can be poisoned to send fraudulent results to the top of the list.

Treat shipping notifications with skepticism

Fake delivery notifications, or fake notices of a failed delivery, are very common this time of year. The US Federal Trade Commission has warned of package delivery fraud for at least three Christmas seasons and there's no reason to think scammers will stop using a trick that works.

The usual form is an email message claiming to be from the a delivery company (I've seen examples imitating USPS, UPS, FedEx, and DHL), and reporting that a package could not be delivered. These may instruct you to print out an attachment and take it to the local delivery office to pick up your package. Other variations have a link to a websites with more information. Invariable though, the attachment or the web link will download malware on your computer to steal your identity and your passwords. The best bet? Copy the shipping confirmation number out of the email, and look it up at USPS, FedEx, DHL, UPS, etc. If the email does not include a confirmation number, it is certainly a scam.

Grandma was stranded / mugged / injured overseas!

Well, probably not. If you get a call from a family member or friend claiming to be in an accident, arrested, or hospitalized while traveling in another country especially if it is a family member not prone to globe trotting - take a deep breath first. Confirm with a trusted source before sending any money. For that matter, call the supposedly stranded person at home. They may just answer the phone!

Free Disney Tickets! just click here...

Is a deal too good to be true? Pop-up ads or email offering free gift cards are often just a ploy to get your personal information that can later be used for identity theft. Travel scams are common around comon family travel periods such as Thanksgiving, Christmas, Spring Break, and summer.

In particular, I often see Facebook scams offering free Disney theme park "giveaways" this time of year. The usual pitch is, if you like and share a Facebook page, you'll get free tickets to Disneyland or Walt Disney World (though Southwest Airlines tickets are another common bait). Alas, no one is winning free tickets.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen