Tag Archives: holiday scams

Online Holiday Shopping 2016 – Security Basics

canstockphoto31830688Twice a year scammers crawl from underneath rocks and other nasty places to celebrate special holidays. First, tax season, then the holiday season. African-Americans using the Internet for holiday shopping need to be on guard against cyber crime.  Being aware of the scams and hazards can make a big difference in your holiday celebrations. 

The African-American Cyber Report is offering black people another season of valuable safety information to protect your holiday season so lets get started.

 

Card Skimming

Card skimmer courtesy of BBB.org

Card skimmer courtesy of BBB.org

Card skimming is actually pretty simple. Your credit or debit card information is copied when you swipe your card at a retailer or ATM. Cyber thieves install almost invisible devices or special software on retail card readers. This allows them to duplicate your card and steal your PIN. Its as simple as that. So how do you protect yourself?

First of all if something does not look or feel right stay way. For example is the face of the card reader loose or does it look kind of sloppy? Exposed glue or loose fitting parts? Do the buttons require more effort than normal to press? Does your card have to be swiped several times to work properly. Here’s a trick; pull or tug at the face of the reader. It may come off in your hand. Do the same at ATM’s. Check those buttons. Try to move them or lift the key pad. Check the card insert. Pull on that. Check to see if there is something in the slot or protruding from it. You have got to be alert! If you find any of these things notify the retailer and your bank if you have used it.

If possible use your credit card and not your debit card. It is extremely hard to get your money back from a bank debit card. But a credit card transaction can be cancelled and you will normally not be charged. Skimmers can be found anywhere even at Walmart.

RFID Card Protection

paypassThis is less likely but does happen. Your credit and debit card are sometimes equipped with a feature allowing you to charge things with a quick tap of the card on the pay terminal. You may have one of the cards with brands like PayPassExpressPay, or PayWave.

These cards have RFID (radio frequency identification) chips. With the right equipment criminals can scan your card and steal your card’s data. Protect your card by using a RFID blocking sleeve, or an RFID wallet available online at retailers like Amazon.

But as we said before this is not likely. An RFID reader has poor range so the scammer would have to be standing awfully close to read your card. Keep that in mind when you are fighting that crowd on Black Friday. 

 

EMV or Chip Cards Safety

chipcardYou should by now have the credit card with the EMV chip embedded in it. If not contact your bank or card provider and ask for it. That chip is used to encrypt the transaction data when you charge something. 

The objective of card chip was to reduce card fraud. This technology is not perfect. Some retailers have failed to switch to EMV even though the deadline passed in 2015.  Why? Retailers and customers complain that the process is too slow. Chip cards have reduced point-of-sale fraud. But the crooks have worked around it. The latest hazard is fraudulent “card-not-present” transactions online. Criminals can obtain the credit card number, security code, expiration date from criminal websites that sell this information. Personal information like your dog’s name or your mother’s birthday can be found on Facebook. They use this information to hijack your online accounts. That’s what happens when you put too much of your business online.

 

Tech Support Scams


tech-support-scam-popupNew tablets, laptops, smartphones and big screen televisions are big sellers on Black Friday. Tech support scams are common all year round but the efforts by scammers increases during the holidays. 

These scammers are intent on getting you to pay for support or software you don’t need or simply doesn’t exist. This includes extended warranties. They email you with a sales pitch or issue warnings from what appears to be a Microsoft representative. Be aware! Anti-virus companies do not call you to let you know you have a computer virus. Don’t ever agree to let anyone access your computer from a remote location. Don’t download any software online that you are not sure of. If you don’t have the expertise to know then consult a professional.

Computers often come with a ton of useless software or games. This is known as bloatware or crapware. Be careful! These programs can cost you money. They often entice children and adults to buy things without them even realizing it.

 

Phony Bank Calls

During the holiday season you are using your bank and debit cards more often. Beware if someone claiming to be your bank or credit card company calls you. Remember when it comes to your money you should be asking the questions.

Scammers will call victims claiming to be investigating card fraud or suspicious activity. They will ask questions that reveal your personal information like your credit card number or PIN. Don’t answer these questions. Hang up and call your bank from a number you know. Or stop by in person. These scammers are professionals at alarming you and getting you to reveal information used to rip you off.  When it comes to your money only deal with people you know and trust. Never, ever reveal any personal information to a voice over the phone.

 

Email and Phishing Scams

Image courtesy of David Castillo Dominici, freedigitalphotos.net

Image courtesy of David Castillo Dominici, freedigitalphotos.net

Be careful where you click! Be extremely cautious about clicking on or downloading coupons in your email. It may be ransomware. This is a malicious software program that locks up your computer until you pay to get it released. It happens a lot and is one of the hottest computer scams going on right now.

Clicking on the wrong email may release malware on to your computer that steals information, monitors your activity and changes your settings. It may even secretly take control of your computer and email itself to all your contacts. Understand that scammers can duplicate an email from Macy’s, Walmart and any other major retailer. Check the return email address to make sure you know who its from. Check the retailers website for information regarding sales, coupons and possible scams. 

Be careful about holiday contests. When you fill out a contest form you maybe giving out personal information. Same for holiday coupons that ask for your name, email address and other personal information.

This holiday season; Be Alert! Be Aware!

 

 

 

Online Holiday Shopping 2015 – Fake Charities

canstockphoto31830688Now that the holiday season is in full swing you maybe feeling the Christmas spirit. And part of the holiday season is giving to charities. And the crooks know it!

Holiday charity giving can be as much as 75% of the yearly donations most legitimate charities receive. But be on the look out for phony online charities, those collecting door-to-door and on street corners. Tis the season for the rip-off.

One of the hottest and most profitable holiday scams involves soliciting for homeless veterans. Many of these scams originate on your telephone so be aware when someone calls.

To avoid this phone charity scam check with the local Veterans Administration office. Ask if they have a list of legitimate charities for veterans. Give directly to the causes you know and choose to support. The words that should alert you are “I’m collecting on behalf of…” Don’t give money based on a heart breaking story someone on the phone tells you. Research and investigate charities and use Charity Navigator or other organizations that monitor the legitimacy of individual charities.

ScamBusters.org has a list of common veterans scams you should be aware of. The FBI also offers a list of tips to avoid charity fraud.  Another service you should know is the Wise Giving Alliance.

But holiday scammers come at you from every angle and the Internet is no exception. Cyber criminals are masters of the online holiday scams.

Twitter , Facebook and other social media websites provide tools for donating to nonprofits, and crowd funding sites like GoFundMe and Indiegogo Life provide a way to donate directly to individuals and families, as well as organizations. But keep in mind that crowd funding fraud is a real problem. The crowd funding industry is under regulated and scammers are exploiting every possible loophole.

Another holiday scam is the race based holiday scam. African-American, Latinos and other minorities are routinely targeted for holiday scams that claim to help people of color. These scams include phony coupons, job offers and package forwarding as an easy way to make money.  Some scammers play on religious beliefs and sympathies and still others prey on recent immigrants.

The elderly are also prime targets for holiday scam artists. Make sure the senior citizens in your family understand the dangers of telephone based holiday scams. Many elderly fall prey to heartbreaking stories or high pressure tactics. Another prime holiday scam preys on elderly people who may be lonely. Lonely hearts are especially vulnerable during the holidays and scam artists will use this against the elderly.  Make sure your parents or grandparents do not give their personal or financial information out to strangers.

Some of the top holiday email scams include the ‘new chip card scam.’ Scam artist will email victims with notices that look like they are from their credit card company and request the victim to click on the link to provide information to get the new chip card. Credit card companies and banks never send emails that ask you to click on a link and fill out personal information.

Another scam involves package delivery. This scam works because many people are expecting packages from online retailers or distant friends or family members. An email will arrive in your inbox regarding an important notice about your package. Don’t click on links or attachments in that email.  You will probably download malware or ransomware. Go to the delivery service webpage instead. If the package is a surprise or you don’t know who it is from ignore it. The worse that could happen is that it is returned to sender.

Social media is a hot bed for holiday scams. ‘ Secret Sister’ is a gift exchange scam making the rounds on social media.  This scam works by promising victims as many as 36 gifts in return for sending out just one gift.  Be aware and don’t fall for scams on social media.

Now you know.

ALERT! Order Confirmation Scam ALERT!

ID-100297156

Courtesy of Stuart Miles

Order confirmations scams are exploding all over the Internet this holiday season. Ask anybody that works for UPS, FedEx or the USPS and they will tell you this time of year is the busiest there is for them. And for many people this time of year is when you send or receive the most packages. And that is the sweet spot for this holiday scam.

Scammers are sending out phony order and delivery confirmation emails by the millions to people everyday. Many people, knowing they have sent or are expecting a package, do something they would not normally do. They let their guard down and click on that link or the attachment. They may never discover, or find out too late, that they have given up control of their computer or their identities. The links or attachments install malware on the victim’s computer capable of stealing passwords for email or banking websites. Or the malware turns their computer into a zombie on somebody’s bot net. If you are really unlucky you could end up with a CryptoLocker malware.

Seasonal scams like this one return year after year because the method of tricking you is so successful. Crooks are catching people off-guard during the holidays because so many packages are being sent and received. And they use exact email replicas of delivery services and reliable shopping websites like Amazon.com, Wal-Mart.com and Target.com. People are so intensely focused on making sure their orders arrive before Christmas that they forget the Cardinal rule of the Internet; trust no one. Most confirmation emails do not require you to click on anything to get the tracking number. It is right there in the email where you can see it.

Malcovery, a company that tracks email-based malware attacks, reported these phony “order confirmation” scams began around Thanksgiving. The emails use booby-trapped links and attached files to infect Windows PCs with the malware that powers the Asprox spam botnet. Apple computers seem unaffected.

The Asprox malware is a Trojan that steals email user names and other passwords from infected machines.  This type of malware runs in the background and you may not be aware of what your computer is doing. It also can infect your friends computer and perpetuate even more Asprox malware attacks. If you are infected Asprox can also use your computer to attack other websites.

Malcovery.com points out that the Asprox spam uses some tricky subject lines such as “Acknowledgment of Order,” “Order Confirmation,” “Order Status,” “Thank you for buying from [insert merchant name here]”, and a “Thank you for your order.”

Be alert to these tricks. Should you receive an email from an online or brick and mortar store you do business with and it has a legitimate looking logo and it references an order, DO NOT CLICK ON THE LINK OR ATTACHMENT! Instead, open up another web browser window and visit the merchant site using the web address you are familar with.  Sign in with your own user name and password and check the status of your order. All that information should be there including order issues, your order number, tracking number and expected date of delivery date and who is delivering the package and other information specific to your transaction.  Remember trust no one! Use your own information to research your order. If there is a problem you will discover it.  And remind all your friends and relatives of this scam. Remember; friends don’t let friends play the fool online!

Here are few more tips to spot and fight order confirmation scams;

  • Print a copy of your order confirmation. Highlight all the relevant information and compare it to any email you get.
  • The scam email may be fairly generic not using your name or any information that is familiar to you.  Examine it carefully.
  • Hover you cursor over any links and examine the web address that appears. Make sure it is taking you where you want to go. BE CAREFUL NOT TO CLICK ON THE LINK!
  • Examine any attachment and look for “.exe”, or a double extension like “exe.pdf.” That could be a dangerous crypto malware.
  • Don’t trust any email just because it has a familiar logo or trademark.
  • Keep good records! What to did you buy and from whom? Who did you send it to? Call the person and let them know its coming, the tracking number and who is delivering it. And ask them to let you know what to expect with the same details.
  • Never click on links or attachments. Use your own information to research a problem with your order.
  • Never pay for delivery of something you did not order or were not expecting.
  • Never give personal information over the phone to someone who calls claming to have some thing to deliver to you.
  • Its the Internet; trust no one.

Now you know

See FedEx Fraudulent Email Alert

See UPS Fraudulent Email Alert