1. Shopping setups
During the holidays, scammers, working like type A elves, try to steal money and personal information from unsuspecting shoppers. One popular scheme: rogue websites that appear on your search engine results when you type in the names of hot-selling gifts or even terms such as "discount toys." Promising deals, the sites instead steal credit card information, passwords and other sensitive data when you click on links infected with malware. (The same can apply to holiday-themed videos that fraudsters post on Facebook.)
Also, beware of what's known as cybersquatting, in which crooks steal or slightly alter the website address of a well-known company to launch a copycat site that may be a spot-on replica of the real thing. While these sites may have malware, they primarily function to collect your credit card information for the purchase of inferior counterfeit goods — assuming you actually receive them.
So when shopping online, carefully read website addresses before clicking, to ensure you're headed to a recognized and legitimate vendor. Once on the site, look for phone numbers and street addresses (versus just email addresses and P.O. box numbers) as signs of legitimate vendors. You can check who owns the website's address at Whois.net.
2. Gift card gotchas
Taking gift cards from display racks, thieves peel and copy or use a portable scanner to get the code underneath the scratch-off strip. Then they put the cards back on the rack and wait for them to be bought and activated. By dialing the cards' toll-free numbers, they can find out exactly how much value is on the card. All's clear now for them to make online purchases or generate cloned copies for in-store use, leaving your intended recipients with worthless cards.
Your best bet: Purchase gift cards from a store's customer service counter or website, rather than from untended display racks. If you do buy from a display rack, make sure the cashier scans and activates the card in your presence — you don't want the cashier just pocketing the money. And make sure you get a receipt to give to the gift recipient in case there's a problem.
3. Courier cons
An email claiming that FedEx, UPS, DHL or the U.S. Postal Service is trying to deliver a package. Unless you provided your email address — unlikely, since many shipping forms don't ask — you can assume the email is scammer-sent. You'll likely install malware by clicking on the attached link promising details of the supposed delivery holdup.
Also beware of mailed postcards about "undeliverable" packages. They could be a trick to get you to make an expensive overseas phone call and/or to reveal personal and financial information. Area codes 809, 876 and 284 take you to the Caribbean, a hotbed of scams, where the idea is to make you pay phony fees or simply run up a high long-distance charge that will partially go to the scammers.
When in doubt, look up the courier service's callback number and dial it. Don't use the number on the postcard.
4. Greeting card cheating
When e-cards come from an unnamed "friend" or "admirer" — or an unrecognized name — that's your cue for a quick delete. It's another tease to click on a malware-likely link. Even e-cards bearing the names of people you know should be suspect; they may be the result of a botnet virus that captured your email address. Legitimate e-card notifications should include a confirmation code to use to safely open the card at the issuing website.
5. The grift that keeps on taking
Mobile apps are an easy way for scammers to gather personal information via malware, so download wisely — and only from reputable vendors. The same applies to "free" holiday-themed screen savers. If you buy or receive computers, smartphones or gaming devices as gifts, learn how to protect them from future malware.
6. Travel scams
Phony offers of accommodations with too-good-to-be-true prices proliferate during the holiday vacation season. Get wise to these lies.
7. Charity cons
Once again, unless you provided your email address to an organization, assume that all email solicitations bearing that charity's name are scams. Don't provide credit card information to phone solicitors. Keep a close ear for soundalike names, such as the National Heart Association instead of the legit American Heart Association. Be especially suspicious of heartstring-pulling solicitations to supposedly benefit disabled veterans, police and firefighters, or sick or needy children (those conning causes most often target older donors). When in doubt, check a charity's legitimacy.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.
Also of Interest
- 10 ways to protect your credit in a divorce
- 7 loans you should never cosign
- 9 common ailments that drive you crazy
- Get free help with your taxes with AARP Foundation Tax-Aide
Join AARP Today — Receive access to exclusive information, benefits and discounts