With a Santa-sized bag of scams, December brings an annual uptick in attempts to glean your personal and financial information and infect your computer with identity-stealing malware. Here are the top schemes — and how to avoid them.
From bogus order confirmations to courier cons claiming that FedEx, UPS, DHL or the U.S. Postal Service has a delivery for you, the bait is the same: an email — one of millions that are blasted out each holiday season — promising details of a supposed gift if you click on an embedded link. But when you click, malware is delivered to your computer. Don't click! Fake notices typically lack your name, a tracking number and other specifics — and may be sent via a free email service such as Yahoo or Gmail instead of a legitimate "companyname.com" address. Even if you see specific details, don't click on the link. Instead, type in the courier company's website address yourself to authenticate it.
Malware can also be delivered when you find links to bargain prices touted on social media, or through search engine results when you type in the name of the latest hot gift idea. And you can get malware from copycat sites, which mimic the domain names of well-known brands or retailers. But these scams primarily focus on stealing your credit card information or selling you inferior counterfeit goods (assuming you actually receive anything).
Carefully read website addresses for even slight tweaks such as extra letters or words in common names (FavoriteBrrand OnSale.com), or any ending but the usual ".com" or ".org." Websites such as WhoIs.net can tell you who owns the website; avoid ones that shield that information.
When buying from legitimate sites, never provide a credit card number on any page that doesn't have an address beginning with "https://" — the "s" brings security.
With the time for year-end tax write-offs approaching, the season of giving is ripe with bogus charities — especially for hot-button causes claiming to benefit police and firefighters, military veterans, sick or needy children, or victims of natural disasters. Ignore all email solicitations, unless you previously donated to the particular cause. Watch for imitative words, such as "National" being substituted for "American" in a well-known name. Unless you dialed the call, don't provide a credit card number over the phone. And before donating, verify an organization's legitimacy at CharityNavigator.org or Give.org, or through your state's agency that regulates charities. (Find it at NASCOnet.org.)
Free merchandise? Unless it's offered on websites of trusted retailers, assume it's another ploy to install malware or "phish" for sensitive information. Holiday-themed screen savers and phone ringtones can also contain malware. Promises of free vacations, which are common during cold winter months, are often bait to join expensive, hassle-filled vacation clubs that will push you to give them your credit card number for a "deposit."
See also: Watch out for vacation rental scams
Be sure to delete any e-card greeting that arrives with no specific, recognizable name. If the notification contains a confirmation code, safely open the card by first going to its issuer's website, such as Hallmarkecards.com/pickup/ecard.
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.
Also of Interest
Join AARP Today — Receive access to exclusive information, benefits and discounts