Tag Archives: email scams

Online Holiday Shopping 2015 – Fake Charities

canstockphoto31830688Now that the holiday season is in full swing you maybe feeling the Christmas spirit. And part of the holiday season is giving to charities. And the crooks know it!

Holiday charity giving can be as much as 75% of the yearly donations most legitimate charities receive. But be on the look out for phony online charities, those collecting door-to-door and on street corners. Tis the season for the rip-off.

One of the hottest and most profitable holiday scams involves soliciting for homeless veterans. Many of these scams originate on your telephone so be aware when someone calls.

To avoid this phone charity scam check with the local Veterans Administration office. Ask if they have a list of legitimate charities for veterans. Give directly to the causes you know and choose to support. The words that should alert you are “I’m collecting on behalf of…” Don’t give money based on a heart breaking story someone on the phone tells you. Research and investigate charities and use Charity Navigator or other organizations that monitor the legitimacy of individual charities.

ScamBusters.org has a list of common veterans scams you should be aware of. The FBI also offers a list of tips to avoid charity fraud.  Another service you should know is the Wise Giving Alliance.

But holiday scammers come at you from every angle and the Internet is no exception. Cyber criminals are masters of the online holiday scams.

Twitter , Facebook and other social media websites provide tools for donating to nonprofits, and crowd funding sites like GoFundMe and Indiegogo Life provide a way to donate directly to individuals and families, as well as organizations. But keep in mind that crowd funding fraud is a real problem. The crowd funding industry is under regulated and scammers are exploiting every possible loophole.

Another holiday scam is the race based holiday scam. African-American, Latinos and other minorities are routinely targeted for holiday scams that claim to help people of color. These scams include phony coupons, job offers and package forwarding as an easy way to make money.  Some scammers play on religious beliefs and sympathies and still others prey on recent immigrants.

The elderly are also prime targets for holiday scam artists. Make sure the senior citizens in your family understand the dangers of telephone based holiday scams. Many elderly fall prey to heartbreaking stories or high pressure tactics. Another prime holiday scam preys on elderly people who may be lonely. Lonely hearts are especially vulnerable during the holidays and scam artists will use this against the elderly.  Make sure your parents or grandparents do not give their personal or financial information out to strangers.

Some of the top holiday email scams include the ‘new chip card scam.’ Scam artist will email victims with notices that look like they are from their credit card company and request the victim to click on the link to provide information to get the new chip card. Credit card companies and banks never send emails that ask you to click on a link and fill out personal information.

Another scam involves package delivery. This scam works because many people are expecting packages from online retailers or distant friends or family members. An email will arrive in your inbox regarding an important notice about your package. Don’t click on links or attachments in that email.  You will probably download malware or ransomware. Go to the delivery service webpage instead. If the package is a surprise or you don’t know who it is from ignore it. The worse that could happen is that it is returned to sender.

Social media is a hot bed for holiday scams. ‘ Secret Sister’ is a gift exchange scam making the rounds on social media.  This scam works by promising victims as many as 36 gifts in return for sending out just one gift.  Be aware and don’t fall for scams on social media.

Now you know.

ALERT! Order Confirmation Scam ALERT!

ID-100297156

Courtesy of Stuart Miles

Order confirmations scams are exploding all over the Internet this holiday season. Ask anybody that works for UPS, FedEx or the USPS and they will tell you this time of year is the busiest there is for them. And for many people this time of year is when you send or receive the most packages. And that is the sweet spot for this holiday scam.

Scammers are sending out phony order and delivery confirmation emails by the millions to people everyday. Many people, knowing they have sent or are expecting a package, do something they would not normally do. They let their guard down and click on that link or the attachment. They may never discover, or find out too late, that they have given up control of their computer or their identities. The links or attachments install malware on the victim’s computer capable of stealing passwords for email or banking websites. Or the malware turns their computer into a zombie on somebody’s bot net. If you are really unlucky you could end up with a CryptoLocker malware.

Seasonal scams like this one return year after year because the method of tricking you is so successful. Crooks are catching people off-guard during the holidays because so many packages are being sent and received. And they use exact email replicas of delivery services and reliable shopping websites like Amazon.com, Wal-Mart.com and Target.com. People are so intensely focused on making sure their orders arrive before Christmas that they forget the Cardinal rule of the Internet; trust no one. Most confirmation emails do not require you to click on anything to get the tracking number. It is right there in the email where you can see it.

Malcovery, a company that tracks email-based malware attacks, reported these phony “order confirmation” scams began around Thanksgiving. The emails use booby-trapped links and attached files to infect Windows PCs with the malware that powers the Asprox spam botnet. Apple computers seem unaffected.

The Asprox malware is a Trojan that steals email user names and other passwords from infected machines.  This type of malware runs in the background and you may not be aware of what your computer is doing. It also can infect your friends computer and perpetuate even more Asprox malware attacks. If you are infected Asprox can also use your computer to attack other websites.

Malcovery.com points out that the Asprox spam uses some tricky subject lines such as “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”

Be alert to these tricks. Should you receive an email from an online or brick and mortar store you do business with and it has a legitimate looking logo and it references an order, DO NOT CLICK ON THE LINK OR ATTACHMENT! Instead, open up another web browser window and visit the merchant site using the web address you are familar with.  Sign in with your own user name and password and check the status of your order. All that information should be there including order issues, your order number, tracking number and expected date of delivery date and who is delivering the package and other information specific to your transaction.  Remember trust no one! Use your own information to research your order. If there is a problem you will discover it.  And remind all your friends and relatives of this scam. Remember; friends don’t let friends play the fool online!

Here are few more tips to spot and fight order confirmation scams;

  • Print a copy of your order confirmation. Highlight all the relevant information and compare it to any email you get.
  • The scam email may be fairly generic not using your name or any information that is familiar to you.  Examine it carefully.
  • Hover you cursor over any links and examine the web address that appears. Make sure it is taking you where you want to go. BE CAREFUL NOT TO CLICK ON THE LINK!
  • Examine any attachment and look for “.exe”, or a double extension like “exe.pdf.” That could be a dangerous crypto malware.
  • Don’t trust any email just because it has a familiar logo or trademark.
  • Keep good records! What to did you buy and from whom? Who did you send it to? Call the person and let them know its coming, the tracking number and who is delivering it. And ask them to let you know what to expect with the same details.
  • Never click on links or attachments. Use your own information to research a problem with your order.
  • Never pay for delivery of something you did not order or were not expecting.
  • Never give personal information over the phone to someone who calls claming to have some thing to deliver to you.
  • Its the Internet; trust no one.

Now you know

See FedEx Fraudulent Email Alert

See UPS Fraudulent Email Alert