Beware of these 12 holiday scams
Don’t give the hackers a gift! Our expert outlines the top dodges to look out for during the season.
The holiday season is scammers’ favorite time of year. All those busy, distracted people buying gifts, booking trips and texting like crazy are ripe for digital robbery.
Steve Beaty, Ph.D., professor and chair of Computer Sciences at Metropolitan State University of Denver, says scammers have grown incredibly skilled at exploiting the six principles of social engineering. “Basically,” he said, “they know how to push our buttons and use social triggers, such as authority, intimidation or even affection, to get the response they want.”
But don’t worry: Beaty has a rundown of some of the most prevalent holiday scams so you’ll know how to avoid them.
When your boss isn’t really your boss
This is the busiest time of year for fake-boss emails. When Beaty’s mom got an email from her “boss” asking for 20 $30 gift vouchers so he could forward them to his team, the message seemed credible and all the team-member names in the correspondence were correct. But she thought something seemed a bit off.
Sure enough, it was a hacker who had used the company website and LinkedIn to get everyone’s details and establish the workplace dynamics. The only clue was a subtly different email address. How do you avoid such scams? If something seems even slightly fishy, first call or send a secure message to the person to make sure everything is legit.
RELATED: How to win against the hackers
The fake-familiarity trap
During the holidays, our inboxes and social accounts fill up with hellos from old friends and relatives and updates from former schools, clubs and colleges. Scammers know such messages bring out our warm-and-fuzzy side and make us more susceptible to phishing emails or phony cries for help.
These matters are all about dealing with the reptile brain. When we get an email from an old friend asking for financial assistance, even if the message itself is unconvincing, our natural gut response is to help. That’s just how we’re programmed. And every scammer knows it’s easier to hack a person than a machine.
‘Family members’ in trouble
Scammers follow thousands of people on Tik Tok and other social platforms. And whenever someone documents their vacation or travel plans, posting location details and tagging friends, that information can be leveraged.
In a common scenario, Mom and Dad — or more commonly, grandparents — get a genuine-sounding email: “Hi. I’m still in Mexico with Brad, but I’ve been robbed. Can you please send me $500?” Or they might say they missed a flight and need money for a fresh plane ticket. In each case, the “family member” will suggest an app such as Zelle or Venmo to quickly transfer money with zero complications.
The sting is that if you willingly send money to someone, even if you’re being duped, you are personally culpable and won’t get a cent back. In such situations, always insist on speaking to your relative. (They can reverse charges if necessary.) Never send anything until you’re sure the situation is genuine.
RELATED: Should you be worried about TikTok?
The notorious gift-card scam
Gift-card scams have become such a huge problem that some companies, such as Apple, Target and Walmart, publish specific guidance on how to avoid them. The thieves’ basic premise is persuading you to buy a gift card and then send the card (or its access code) to them.
Tactics vary. Sometimes, phishing emails instill a sense of panic and compel people to send gift cards to pay for fictitious costs. At other times, phone callers will invent emergency scenarios to bamboozle victims into buying and sending cards.
Hidden dangers on social media
People tend to feel safe and have their guard down while browsing through social-media platforms, which is precisely why so many scammers roam there. That free app? Potentially primed to download malware onto your device. The fun quiz that reveals your “personality type”? Could also be selling all your personal information to a third party.
And that’s without mentioning the numerous shortened URLs (an X favorite) that lead to websites filled with spyware and viruses. Too many social-media users fondly imagine themselves in a fun virtual café with friends, when a more apt metaphor might be a carnivore-filled jungle at nightfall.
Public Wi-Fi infiltrators
These days, you can generally trust public Wi-Fi in larger locations such as shopping malls, airports and stores. But in smaller, more confined venues, you should still exercise caution. And if you’re traveling over the holidays, be aware that Airbnb locations are a prime trouble spot.
Unscrupulous hosts or even past guests can easily hotwire a venue’s router and steal your details. And if you’re ever asked to “accept a certificate” to connect to Wi-Fi, that is 100% a scam and means someone is digging around for your information. Beaty advises using a trustworthy VPN such as Private Internet Access which costs $40 a year and gives you peace of mind, whatever the location.
Bogus online stores
As millions of Americans start buying gifts and treats for the holidays, thousands of bogus online stores are waiting to steal your money, personal information, credit-card details and, given half a chance, your identity. But these stores aren’t too hard to spot if you look closely.
The URL will be not quite right. The grammar and spelling will probably be wonky, and the images (copied from a genuine store website) may look a bit pixelated. And here’s the clincher: If the prices seem too good to be true, then they’re probably not true. If you’re unsure about any online store, run its URL through a website such as Trustpilot to get an accurate picture of its trustworthiness.
Fake charity and crisis appeals
For scammers, every tragedy is an opportunity. Digital thieves have created countless fake Ukraine donation websites over the past two years, and now the same thing is happening with the Israel-Hamas conflict. Thousands of fraudulent emails are hitting inboxes with emotional calls to urgently support Israel and the Palestinians. (Scammers are aggressively neutral and happy to take money from all sides.)
These ads are carefully crafted to exploit our heightened emotions and sense of urgency during an active crisis — that’s why they heap on the pressure to donate now. But if you want to donate safely, simply use the actual websites of trusted organizations to make your gift. Never, ever click on a link in an unsolicited email or download an attachment from a social-media post.
False delivery-notification texts
This simple ruse is especially effective during the holidays, when many of us are getting numerous text messages about incoming packages. In a typical scenario, you’ll be asked to click on a link prompting you to enter personal information to verify your delivery. The trick here is that, believing you are already in a safe space, your guard will be totally down.
Sometimes, the link will install malware on your phone or computer to secretly steal your information. And occasionally, you’ll even be asked to call an “operator,” who of course will need your account information to verify your purchase. Don’t fall for it.
One unwelcome side effect of the home-delivery boom has been the rise of the porch pirate. Shiftily creeping up front paths across the country, these thieves steal thousands of gifts and packages every week.
But there are a few ways to help secure your deliveries. First, you could join the third of Americans who opt into delivery-tracking alerts so they know when stuff is coming. Installing a home security camera can also have a deterrent effect since thieves don’t enjoy the publicity. (A doorbell camera does the same.) And if you’re really worried, simply have packages delivered to your workplace or a nearby UPS store or post office. The porch pirates can’t steal packages that never arrive at your home in the first place.
Trusted-brand phishing attempts
Just received a really good offer from Nordstrom, Target or Amazon? Look closely again at the email or social post. Does that store logo look totally on point? Are there any giveaway spelling mistakes or grammatical errors in the copy?
Most important, hover over the link to view the URL: Does that look like a legitimate website address? Probably not. If you’re interested in the offer but suspicious, simply access the retailer’s website yourself via your browser and you’ll soon see whether it was genuine.
Holiday travel ploys
Many of us are not only traveling for the holidays but also posting about it, which creates numerous opportunities for mischief. Remember that when you post your holiday plans, you’re letting people know when you’ll be away from home and where you’re going, which potentially leaves you vulnerable on two fronts.
At this time of year, scammers energetically target travelers with bogus free holiday offers, insurance cards, visa demands, extra booking charges, etc. One popular ploy is to send out flight-cancellation emails that offer a full refund once you (naturally) provide your bank details. And beware using social media to complain about a flight or holiday, because thieves monitor travel sites and may be the first to offer their own brand of “help.”