While the concept “forewarned is forearmed” is true for every day of the year, it’s particularly true during the holidays. December is the time when most of us focus less on our day jobs and more on family, friends, gift giving and celebration. The holidays are a cause for celebration by scammers, phishers and identity thieves for a very different reason. Because we are their day jobs, our joyful distraction provides them bountiful opportunities to exploit our vulnerabilities for their personal gain.
If you’ve read this column more than once, you’ve heard me say it: There is no avoiding “getting got.” With a new victim every two seconds, identity-related crimes are a fact of life. Indeed, they are the third certainty in life, right behind death and taxes. Whether it’s an old-fashioned identity thief or a trap built by digital sophisticates, the myriad digital scams out there are designed to make each of us a co-conspirator in the theft of our own identity, and there is simply no such thing as being 100% safe.
Here is a shortlist of scams to look out for this holiday season and in the new year.
1. The Gift Card Scam
Anyone can do this, and unfortunately too many folks are. Thieves record the numbers on gift cards then call the customer service departments identified on the back of the cards to see if (and when) they have been activated. Like tax-related fraud, this scam succeeds or fails depending on how fast a transaction occurs. As with the speedy filing of a tax return, this scam can be avoided by using a gift card as soon as possible.
2. Fake Charities
The holidays bring out the best in most people and our thoughts turn to helping out those less fortunate. That’s why you will find so many appeals for the neediest cases out there. Your job: Make sure the appeal is real. Call the main office of any non-profit organization that approaches you to make sure they actually have one. Go online and poke around. Check with Charity Navigator or the Office of the Attorney General in your state. Make sure you are actually making a difference, rather than just making some fraudster a little richer.
3. Temporary Holiday Jobs
Advertised online, these applications are designed to harvest your personally identifiable information and often ask for that skeleton key to your finances, the Social Security number. Remember: It is much wiser to NOT give that number to anyone unless you absolutely have to, and NEVER provide it before you have confirmed that you are dealing with a representative of a real organization looking for prospective employees; have had conversations with actual representatives of that organization; and there is mutual interest in you going to work for them. Never send your information digitally unless you know the recipient uses proper security protocols. (You may not be, so try to be conservative about what you send digitally.)
4. Phishing Emails
These can come in the form of sales promotions from brands you know and love (always make sure the URL matches exactly and that you never provide any personal information on any web page unless the URL is secure and starts with “https”). Also check to make sure the sale that caught your eye is advertised on the site when you navigate to it without the aid of a link in whatever promotional email you may receive. Email links should always be considered suspect. Always double-check URLS.
5. Hotel Scams
Whether it’s the restaurant flyer scam — where menus to non-existent eateries are shoved under the door in the hope you’ll order your own robbery — or the front desk scam — where you get a call from “the front desk” soon after check in asking for another credit card number because “the one you provided was rejected” — be on guard when traveling. Always distrust. Always verify.
I don’t open them unless I already knew it was on the way or I directly contacted the sender to ask if they sent me something. And even then, I don’t always click through. Hey, who doesn’t appreciate the way a cute or warmly worded message can make you feel? Unfortunately, the desire to feel warm and fuzzy shouldn’t trump concern about digital safety and personal security. While I truly appreciate the gesture, I would prefer to avoid downloading malware or ransomware.
7. Fake Shipping Notifications
Whether the message is “we are out of stock” coming from a big brand or a notice that a package was received, thieves take advantage of your “what the —” response, betting you will click their malware-laden links in the quest to find out that what you never ordered won’t come because you’ve been had.
What Can You Do?
In my new book Swiped (cough… great last minute Christmas gift… cough), I outline the 3 Ms, which are designed to ensure that when the fateful day comes and you fall victim to this or that identity-related or “I can’t believe it did that”-related gambit, the damage is contained and resolved. And this time of year, you really have to be vigilant.
The second M stands for monitor. We are in a high season of fraud where monitoring is crucial. That means: Check your credit reports and credit scores as frequently as possible. (You can pull your credit reports for free each year at AnnualCreditReport.com and see your credit scores for free each month on Credit.com.)
You should also review your credit card and financial services accounts every day to make sure every transaction you see is yours. Sign up for transactional alerts from your credit card companies, banks and credit unions. Open all mail from your healthcare providers, since explanations of benefits is often the first indication that someone has tapped into your medical files or health insurance.
The holiday season is busy. You’ve got your regular to-do list (for instance, all those end-of-month bills) and then the holiday checklist. It’s only natural to be a little distracted by it all. But, as I said earlier, with distraction comes vulnerability, and vulnerability is the best present you can give a thief. It is the gift that keeps on giving.