Cybercriminals love the holidays. They know consumers spend a lot of time and money online during this time, and that people are often distracted when traveling and making memories with family and friends. The bad guys are waiting in the wings for you to let your guard down, so they can cash in. Holiday scams include everything from fake deliveries and gift card scams to stealing data to sell on the dark web or encrypting it to collect ransoms. Far too often in this business, we see large sums of money diverted to fraudulent bank accounts.
Keep in mind that holiday schemes don’t just target emails; they also use voice and text messages, as well as fake QR codes. And thanks to rapid advances in technology like artificial intelligence (AI), it’s getting harder to spot imposters. Fortunately, there are proven ways to combat these threats.
Learning how to identify telltale signs of fraud is your first and most important line of defense. Read on to identify common schemes that cybercriminals use to trick their targets into opening an attachment, clicking a link or revealing sensitive information.
Red Flags
- Order or shipping confirmations that provide attachments or links to view or track items you did not order – even if they look credible.
- An attachment to claim a prize for a sweepstakes you did not enter.
- Messages instructing you to reset your password by clicking a link.
- Communications inviting you to rate the U.S. Postal Service or another company by clicking a link.
- Unsolicited requests to purchase gift cards.
- Unexpected requests to provide data or remit payment for services.
- A phone call that appears to come from a family member in trouble who needs money right away.
If you receive any of these communications, ask yourself:
• Did I place an order for this item? If you don’t recall, go straight to the source. Check your receipts or order status on the vendor’s official website.
• Do I remember entering this contest? Who doesn’t love getting free stuff? Before getting too excited, remember that fraudsters love to reel folks in this way. If it’s too good to be true, it probably is. By clicking a link in an email to claim your prize, you could infect your computer or mobile device with malware.
• Would someone sending me a gift spoil the surprise by using my email address for order or shipping confirmation? Although some delivery companies request the recipient’s email or phone number, confirmation of receipt is triggered after delivery, so you know who to thank. If you did not receive the item referenced in the email, don’t take the bait.
• Was I recently locked out of my account or request a password reset? If not, a fraudster may be trying to access your account. It could also be someone impersonating a vendor to trick you into revealing your username or password in order to access your personal or financial data.
• Is it normal for a friend, family member or coworker to make urgent requests to send them money or purchase gift cards on their behalf? If this is not typical behavior, it could be a fraudster who hacked the alleged requestor’s email or used AI tools to clone the voice of someone you trust – all to pressure you into sending them money. The safest course of action is to ignore the request until it has been verified directly by a legitimate source.
· Does something about a real estate transaction feel off? Perhaps the seller insists on using their own remote notary, the mailing address they provided does not match the property address in public records, or the buyer receives a change in wiring instructions. These are common red flags.
Trust Your Instincts
If something feels “off,” trust your instincts. Take a moment to review the tips below to learn how to spot red flags and avoid becoming a victim of fraud.
Pro Tip #1: Never use the contact information provided in an unsolicited communication.
Never assume it is safe to click on unverified links, scan QR codes or open attachments, and never share your log-in credentials or password! If you’re unsure whether a link or QR code is legitimate, do not click or scan it. Be wary of unknown phone numbers and unsolicited texts, and never use any of the contact information they provide.
Pro Tip #2: Always be suspicious of changes to wiring instructions.
Legitimate changes to wiring instructions are rare – even if they appear to come from your title company or closing agent. If you are unsure, follow the next step.
Pro Tip #3: Always use a verified phone number to confirm the legitimacy of a request.
Unfortunately, it can be hard to know if someone is really who they claim to be in the digital world. It’s always best to go straight to the source to confirm the legitimacy of a request before acting on it. Before closing on a real estate transaction, consider adding your title company or closing agent’s direct line to your cell phone contacts for quick reference.
Educating yourself about the latest cybercrimes can help protect your funds and keep your holidays merry and bright. For more information about holiday scams, check out this brief video from the Federal Bureau of Investigation.