Tis the Season for Scams: Here's How to Spot and Avoid Them
Dec 13, 2023
The chaos of the holidays is a prime opportunity for scammers to take advantage of busy, stressed-out people. While Gen Z and Millennials may be tech savvy, no age group is immune to cybercrime. In fact, victims aged 30-39 were the largest group to report that they got scammed, while people aged 60 and older report losing the most money.
Think it can’t happen to you? Learn about the many ways scammers target victims and how you can avoid becoming one this year.
Purchase fraud
The scam: You buy something that seems too good to be true—and it is.
Where it often happens: Online shopping and social media.
Examples:
- Alex, 22, sees an ad for an amazing makeup palette by a company she has never heard of before. It’s a great price and they claim to manufacture eco-friendly products, so she buys it. But what she gets in the mail is a palette of entirely different colors that also looks used—and there’s no way to contact customer service.
- Stef: 48, sees a limited-time offer for 70% off a hot toy that has been difficult to find in stores this year. She jumps on it, amazed at her luck, but the item never arrives.
Data theft
The scam: When your personal information like your name, IP address, and even behavioral data is stolen or exploited by complex terms of service agreements.
Where it often happens: Fake and exploitative mobile apps—including those from big-name organizations.
Examples:
- Kevin, 55, loves to play strategic battle simulator games on his phone during his morning commute, but the one he most recently downloaded asked for lots of permissions, including access to read his screen—which it does when he’s doing his online banking.
- Shanice, 32, loves her video doorbell for receiving deliveries, but it’s also loaded with third-party trackers that spread all kinds of personal data to marketing and analytic companies.
Phishing
The scam: Scammers use fake websites, emails, phone calls, and texts to trick you into clicking links, opening attachments, or downloading apps and programs that place malicious software on your device. That software then collects information which the scammer will have access to and can even threaten you with blackmail for ransom.
Where it often happens: Everywhere, but this scam often starts with an unexpected phone call, email, or text message impersonating an institution you trust, such as your bank or a large retailer.
Examples:
- Joe, 28, bought several items from Walmart over the recent Black Friday/Cyber Monday season. He receives an anonymous text instructing him to click a jumbled URL to confirm shipping for his recent order. It looks like an automated text, which he’s seen companies send before, but it’s really a link to a form designed to steal his information.
- Nancy, 67, receives a call from Wells Fargo IT support asking for login information to help resolve a security issue with her account. She also grants them remote access to her computer, where the criminals install trackers, trojans, and other malicious software.
- While researching her term paper, Divya, 15, suddenly sees a popup window from what looks like an antivirus program urgently warning her about a virus, instructing her to call or click through to resolve it.
According to the Check Point Phishing Report for Q3 2023, these are the most impersonated brands:
- Walmart (39%)
- Microsoft (14%)
- Wells Fargo (8%)
- Google (4%)
- Amazon (4%)
- Apple (2%)
- Home Depot (2%)
- LinkedIn (2%)
- Mastercard (1%)
- Netflix (1%)
Learn more about tech support scams.
Charity, employment, and dating fraud
The scam: Scammers reach out to victims pretending they’re a charity or prospective employer or romantic interest who asks the victim to send money.
Where it commonly happens: Phone, email, and online ads as well as employment and dating websites.
Examples:
- Grandpa, 80, has always been supportive of police and firefighters. When he receives a phone call showing “Rochester Firefighters” on the caller ID, he is happy to oblige when they ask him to donate money to aid wounded first responders.
- Rob, 37, clicks what looks like a LinkedIn job posting advertised on his Facebook feed. He submits the application, including his social security number, and provides his credit card information for an “application fee.” Note: Legitimate staffing agencies don’t typically charge placement or application fees. Learn more about employment scams from the Federal Trade Commission.
- Kathy, 49, has been chatting with a man from a dating app who claims to be deployed overseas. He says his tour is ending soon and he’s hoping to buy a plane ticket to visit her, but he’ll be bogged down with moving expenses when he returns. After Kathy Venmo’s him a couple hundred dollars to buy a ticket, he completely disappears.
Take control over your cybersecurity using S.L.E.D.
- SLOW DOWN AND STOP. If you start to feel pressured to send or spend money, take a breather, and regain your sense of skepticism. If the person you’re engaging with becomes annoyed or conveys urgency, that’s a red flag.
- LOOK FOR SUSPICIOUS SIGNALS. Legitimate businesses don’t ask you to reveal identity, payment, or password information over the phone. If an individual asks you to buy a gift card and pay them with that, that’s another red flag. Carefully compare sender email addresses and embedded URLs to those on the actual organization’s website to ensure they match.
- ENLIST A SECOND OPINION. Ask your most skeptical or tech-savvy friend what they think of the situation you’re considering. Also, look up the name of the organization or person you’re interacting with and add the keyword “scam” or “fake” along with your search to see any active fraud reports related to them.
- DIRECTLY CONTACT THE ENTITY. Forget Caller-ID—criminals can easily fake locations and names. If you have been approached with an unsolicited offer or request from a company, politely decline and then contact the company through its official channels to find out if it was legitimate.
No matter who you are or how much time you spend online, the advice remains the same: Never reveal personal information about yourself. Never click links or open attachments from unverified sources. Because a safe holiday season is a happy one.
For more details on cybercrime and fraud protection, check out the U.S. Department of Treasury’s Securing the Season one-sheet.