As they attempt to spoil your holidays, crooks are turning to technology, using email, apps and phony online surveys in service of their cons
As society goes more high tech, so do holiday scams. From fake Facebook surveys featuring the season’s hottest gifts to not-so-merry mobile phone apps, crooks are finding new ways to steal your personal and financial information so they can profit.
“Cybercriminals are business people,” says Christopher Budd, global threat communications manager at the Internet security software company Trend Micro. Like good business people, they tap into “all the trends that small businesses recognize and utilize for the betterment of their enterprise.”
So just like your favorite merchants are using social media to attract customers, bad guys are using it to attract your information, Budd says.
As you prepare for the holiday season, you should be aware of these seven high-tech threats that can steal your holiday cheer.
1. Fake Facebook surveys
Everyone has an eye out for hot holiday gifts, including the bad guys. That means favorite toys and brands “will be used as lures for scams,” Budd says.
One of the most popular tactics is to create fake Facebook surveys that offer the unsuspecting the chance to win a hot prize, such as an iPhone 6.
But taking that survey won’t put you in the running for a new phone. Instead, you’ll be sharing your personal information with fraudsters. “It’s easier to get your personal information than your credit card information,” Budd says.
When you’re filling out a survey, you would probably hesitate if you were asked for your bank account or credit card information. But you may not give a second thought to disclosing your name, address and phone number.
Once they get their hands on your personal information, the crooks will typically sell it on the black market, where the purchasers will use it to send spam or commit fraud, Budd says.
The fraudsters also are banking on you sharing the survey with your friends, spreading the scam. “Not only are you a victim, you become an accomplice in proliferating the scam on others,” Budd says.
2. Shifty shipping emails
Consumers aren’t the only ones relying on online holiday shopping. It’s another favorite of the fraudsters.
Shop.org predicts online holiday sales will reach as much as $105 billion — which means plenty of gifts will be delivered to doorsteps.
The crooks are chiming in by sending out fake shipping notifications purporting to come from the U.S. Postal Service, UPS, FedEx or Amazon.com. Clicking on the attachment could download malware to your computer. “This is the kiss of death these days,” says Robert Siciliano, McAfee’s online security expert, as the crooks try to steal your personal and financial information.
3. Fraudulent websites
Think you’ve found a website offering steals on favorite holiday gifts? There’s a good chance it’s just a cover to steal your financial information.
“The market is flooded with fakes and knockoffs, so limit your purchases to reputable websites,” says Becky Frost, senior manager of consumer education for ProtectMyID.com, part of the credit reporting agency Experian.
If you’re really intrigued by an eye-catching deal, check the Internet, Frost says. By Googling the name of the company and the word “scam,” you can see if multiple complaints have been filed against the company or if issues have taken weeks or months to resolve. If that’s the case, Frost advises that you to do your shopping elsewhere.
4. Risky holiday apps
You may want to brighten your holidays with a festive mobile phone app, but downloading an app could unleash malware on your phone. The problems typically come if you download an app from an unapproved store, and Androids are particularly vulnerable to viruses, Siciliano says.
These malicious apps are designed to steal your identity by watching what you do and recording your password. With that information the bad guys can access your accounts or open new ones in your name, he says.
5. Gift card grab
Gift cards top Santa’s list as the most requested holiday gift, and 2014 holiday consumers are expected to spend almost $32 billion on the cards, according to the National Retail Federation.
Bad guys are hoping to load up on the cards as well. They’ll go to a store and copy the information off the back of the cards. Then they’ll monitor the cards online to see if they’ve been activated. That usually occurs when the cashier rings up the card as a purchase.
Once a card is activated, the crooks will do some holiday shopping of their own with the card and use up the money before the recipient can, says Terry Maher, corporate counsel to the Network Branded Prepaid Card Association.
6. Credit card application snoops
When you go to pay for your holiday goodies at a department store or big box retailer, there’s a good chance the cashier will offer you a discount on your purchase if you apply for a store credit card. But that discount could end up costing you big bucks, cautions Ken Chaplin, senior vice president at the credit reporting agency TransUnion.
If you fill out the application in the store, you never know who might be lurking over your shoulder and snapping a shot of your personal information with a cellphone. Even handing a completed application back to the cashier opens you up to risks if your private information is swiped.
Chaplin recommends going somewhere private to fill out the application, or applying at a secure online site.
7. Questionable charities
As you’re digging in your wallet to purchase gifts, you may want to share the holiday spirit with charities that need a helping hand.
You may even receive an email that appears to be from a charity you normally support, asking you for a holiday donation. Proceed with caution, Siciliano warns: The links in the email could take you to a fake website, so if you make a donation, the only one getting the season’s bounty are the bad guys.
Rather than clicking on an email link, delete the email and search for charity’s website online. Go there directly and make the donation using its secure server.
“The more there’s interaction with incoming stuff, the more there’s opportunity for fraud,” Siciliano says.
How your information is used
If the fraudsters get their hands on your personal information, they’ll typically sell it on the black market, where the purchasers will use it to send spam or commit fraud, Budd says.
Scammers like social media, he says, because of its widespread reach. “Phishing itself is a dead end,” Budd says. “If you fall for it, they (the crooks) just get you.” Share the information and it can be spread far and wide.
Mobile devices are a favorite target because they’re being used for more purposes and typically have less protection than computers, Budd says. “PCs are battle hardened. They’ve been under assault for 15 or 20 years.”
How to protect yourself
If you’re using social media: Consider the typical behavior of your friends. If someone is usually fairly reserved on social media and suddenly posts 15 times suggesting you click on a link to get an iPhone 6 “odds are something bad happened to their account,” Budd says.
At the end of the holiday season: Frost recommends reviewing your financial statements and credit report. That will help you spot signs of fraud or identity theft.
If you do fall prey to fraud or identity theft: File a police report and notify your credit card companies, financial institutions and your health insurance provider (medical fraud is burgeoning). Contact the three main credit bureaus (TransUnion, Experian and Equifax), and ask for a credit freeze and a copy of your credit report, which is free to ID theft victims.
See related: Holiday buying 2014: more savings and gift cards, less credit, ‘Spam Nation’ author Brian Krebs sheds light on card data black market, Study: Online accounts often go unchecked for fraud