Smart Shopping During the Holidays

Friday, November 20, 2020

With online shopping scams on the rise during the holiday season, it's important to know how to keep your finances safe while you shop. Criminals and scammers use many techniques to fool potential victims. 

The NCUA has put together a list of tips you can use to avoid becoming a victim of a holiday scam. Take a look at a few of the newest and most common scams you should watch for this holiday season.

Package Delivery Scam 

If you receive an email with the subject line reading "USPS Failed Delivery Notification," or something similar, don't open it. They claim to be from the U.S. Postal Service and contain fraudulent information about an attempted or intercepted package delivery. The emails instruct customers to click on a link to find out when they can expect delivery. 

Clicking on the link activates a virus, which can steal personal information like usernames, passwords, or financial account information. These emails look almost identical to official notifications from the real shippers by using legitimate-looking email addresses and official logos. This scam is not limited to the USPS. 

Similar email and text scams are circulating that appear to be from other shipping companies such as UPS and FedEx. 

Wi-Fi Network 

Using your laptop, tablet or smartphone at Wi-Fi hotspots in public settings like coffee shops, airports and hotels is convenient. However, they're often not secure. If you send information through websites or mobile apps from a public Wi-Fi network, you risk others accessing it. The bad guys are there too, shopping for your information. 

One way scammers obtain your information is by putting out a Wi-Fi signal that looks just like a complimentary one. This is known as the evil twin. The evil twin is similar to a phishing scam. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your personal or financial information. When you use a Wi-Fi connection in a public place, it is better not to use your credit card. 

To protect your information when using wireless hotspots, send information only to sites that are fully encrypted. Also, avoid using mobile apps that require personal or financial information. 

Online Gift Card Scam 

Gift cards purchased through online auction sites are often fraudulent or stolen. To ensure you aren't scammed out of your holiday money, purchase gift cards directly from the merchant or retail store 

Stripped Gift Card Scam 

Be careful when purchasing gift cards at retail stores. Thieves can write down the gift card code or use a device to scan the magnetic strip on the back. Every few days, the thief will check the balance and redeem it online without you or your gift recipient's knowledge. This is why it's important to choose a gift card that is located behind the counter.

When buying a preloaded card, always have the cashier scan the card to verify that the full amount is available. Also, check to make sure the packaging has not been tampered with or damaged. This may be sign that the gift card has been compromised or replaced with a stripped gift card. If possible, register your gift card with the retailer. 

Phishing and SMiShing Schemes 

In phishing schemes, fraudsters pose as legitimate entities and use email and scam websites to obtain victims' personal information. This could include account numbers, user names, passwords, etc. SMiShing is the act of sending fraudulent text messages to bait a victim into revealing personal information. 

Be leery of emails or text messages that indicate a problem or question regarding your financial accounts. Fraudsters direct victims to follow a link or call a number to update an account or correct a purported problem. The link directs the victim to a fraudulent website or message that appears legitimate. Instead, the site allows the fraudster to steal any personal information the victim provides. 

Current SMiShing schemes involve fraudsters calling victims and offering to lower interest rates for credit cards they don't even possess. If a victim asserts that they do not own the credit card, the caller hangs up. They use TRAC cell phones without voicemail, or the phone provides a busy signal when called, rendering these calls untraceable. 

Another scam involves fraudsters directing victims, via email, to a spoofed website. A spoofed website is a fake site that misleads the victim into providing personal information. The information is then routed to the scammer's computer. 

Phishing schemes related to deliveries are also rampant. Legitimate delivery service providers don't email regarding scheduled deliveries nor state when a package is intercepted or being temporarily held. Consequently, emails informing of such delivery issues are phishing scams that can lead to personal information breaches and financial losses.

Charity Scams 

It's important to recognize the warning signs of charity scams to avoid being robbed of your good intentions. The Federal Trade Commission (FTC) has two websites for consumers on charity fraud and scams. 

Before Giving to a Charity (FTC) 

Charity Scams (FTC)

The IRS website has a search feature that helps consumers find legitimate, qualified charities to which donations may be tax-deductible. 

For more information, please visit the IRS's Exempt Organizations Select Check.

Fraudulent Classified Ads and Auction Sales 

Internet criminals post classified ads and auctions for products they don't have then use stolen credit cards to make it work. Fraudsters receive an order from a victim and charge their credit card for the amount of the order. They then use a separate, stolen credit card for the actual purchase. They pocket the purchase price from the victim's credit card and have the merchant ship the item to the victim. Consequently, an item purchased from an online auction but received directly from the merchant is a strong indication of fraud. Victims of this scam lose the money paid to the fraudster and may be liable for receiving stolen goods. 

Shoppers may avoid these scams by using caution and not providing financial information directly to the seller. Fraudulent sellers will use this information to purchase items for their schemes. Always use a legitimate payment service to ensure a safe, legitimate purchase. 

As for product delivery, fraudsters posing as legitimate delivery services offer reduced or free shipping to customers through auction sites. They perpetuate this scam by providing fake shipping labels to the victim. The fraudsters do not pay for delivery of the packages. Therefore, delivery service providers intercept the packages for nonpayment and the victim loses the money they paid for the product. 

Diligently check each seller's rating, feedback, number of sales, and the dates on which feedback was posted. Be wary of a seller with 100% positive feedback or a low total number of feedback postings. Additionally, it's a red flag if all feedback is posted around the same date and time. 

Follow these tips to avoid becoming a victim of cyber fraud

1. Do not respond to unsolicited (spam) email.

2. Do not click on links contained within an unsolicited email.

3. Be cautious of email claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.

4. Always compare the link in an email with the link to which you are directed. Then determine if they match and will lead you to a legitimate site.

5. Log directly onto the official website for the business identified in the email, instead of "linking" from an unsolicited e-mail. Statements from your bank or credit card issuer, or official correspondence from the company, will provide the proper contact information.

6. Contact the actual business that supposedly sent the email to verify if the email is genuine.

7. If you are asked to act quickly, or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.

8. Verify any requests for personal information from any business or financial institution by contacting them using the main contact information. 11/20/2020