Human beings have been inventing ways to trick, swindle, and cheat one another since, well, always. And it just so happens that the season of giving perfectly coincides with the season of (unlawful) taking. Humbug!
This is no coincidence. As we furiously swipe, withdraw and plug our personal info into myriad web sites this holiday season, those interested in making off with such data have a distinct advantage. Thanks to a combination of general ignorance and criminal ingenuity, these (often old) scams remain as successful as ever.
"Now is definitely the time when the general public tends to get screwed," says EJ Hilbert, president of Online Intelligence. As a former special agent for the FBI, Hilbert spent the better part of eight years hunting down scammers, hackers and other cyber criminals for the government, and is well-versed in the various ways they use the holiday shopping season to their distinct advantage.
So why does the end of the year always correlate with a dramatic uptick in scams and fraud? Simple, says Hilbert. We spend more money and pay less attention to our statements.
"Everybody is buying and buying and buying and not thinking about much else," he says. That means it's easy pickins for those who traffic in stolen financial info. Not only are scams generally more effective during this time of year, it's also easier to make the actual charges (small ones, between billing cycles) once you've successfully obtained someone's personal data. Unsuspecting consumers won't see these purchases for at least 30 days. And by that time, one of two things happen: They either forget what they've purchased, or they're in such a rush to get it handled that we simply pay it and completely forget about it.
Don't assume we're getting any wiser to this unfortunate reality, either. While the rise in scams and fraud during this time of year has been consistent since the advent of e-commerce, overall we actually appear to be getting duped more. According to the Internet Crime Complaint Center's (IC3) latest report (.pdf), complaints of online fraud grew substantially in 2009. The site registered a total of 336,655 poor souls who had in some way been swindled last year. That's a 22-percent increase from 2008. And as for the total monetary loss linked to online fraud? That came in at $560 million—about double the $265 mill reaped in 2008.
Here are some of the scams that have historically been the most successful, and what you can do keep from having unhappy surprise come January.
1. The Fake Online Shop
Yup, the original Internet scam is alive and well–-or at least a variation of it is. While it's really just an extension of older scams (the mail order scam, etc.), this swindle is consistently responsible for the bulk of consumer complaints, according to IC3. Crooks create a fake online store and sell things like 25-cent iPads and other ridiculously priced (or free) gear. As Hilbert notes, cyber criminals will often spend the extra time and effort to post fake recommendations on rating sites to help move their phony shop into the top slot on search engines. Gullible and deal-hungry consumers (that'd be us) stumble upon them, and, in our infinitely unwise haste, make the purchase. What happens next? Exactly what you'd expect. The crooks charge your card and never send out any product. For the creator(s) of the site, the whole endeavor costs maybe $5-10, which of course they've paid for with another stolen credit card. The lesson? "Even when you're hypersensitive and paranoid, time and effort and speed of transaction always over takes your paranoia," says Hilbert. Damn your convenience, Internet!
What you can do: Stop being gullible! If it looks too good to be true, it is. Period. Now go back to Amazon. Or at least buy something from me. ShadyGardiner.com has the best holiday deals, I swear!
2. ATM and Other Skimming Schemes
As we reported earlier this month, the US has seen a substantial rise in ATM fraud over the past few years. But skimmer usage also sees a dramatic boost during the holidays. There's the traditional ATM machine and the gas pump skimming schemes, but this is the time of year when POS skimming comes into play as well. Here's how it works: You grab dinner at Chili's and hand the waiter (the one with the tear tattooed on his cheek) your card at the end of the meal. When he goes back to charge it, the card gets skimmed and charged—somehow. Repeat ad infinitum. This card info is then later sold online where crooks are doing a little holiday shopping of their own, paying 30-40 cents per card number.
What you can do: In addition to the standard jiggling of card slots and covering the key pads, you should never use shady looking ATMs. Pure common sense will make the biggest difference here. POS skimming is harder to deter, but using a credit card from a company with a rep for purchase protection will buy you piece of mind as long as you catch the fraud early.
3. Database Intrusion
We're all familiar with this method of obtaining credit card data, as it generally receives the most press. A hacker will simply gain unauthorized access to a system, steal all the precious database information, and call it a day. They can target systems like OnlineCasino, creditcards.com and CCBill.com, where info like credit card numbers, expiration dates, and CVV2 numbers are stored. Here's the thing: Most major intrusions are not actually realized (meaning the cards are not actually used) for between 3 and 6 months. This isn't because criminals wouldn't like to. Rather, it's simply because it's not humanly possible to make 100,000 charges a day. What criminals will do instead is use the cards sparingly over a period of time. That time is frequently now. The fraudulent charges during the holiday period are usually small (no more than $10), so when the average consumer looks at his or her card, they just let it go.
What you can do: Not much. Again, check your balances regularly and immediately report anything suspicious to your credit card company.
4. 'Smishing' and ‘Vishing'
The other scams that come into play during the holiday are so-called ‘smishing' and ‘vishing' schemes. These are both modern variations of—you guessed it—phishing. Here, criminals will set up an automated dialing system to text or call people in a particular region or area code. Frequently, they'll use stolen customer phone numbers from banks or credit unions. Victims will receive messages like: "There's a problem with your account," or "Your ATM card needs to be reactivated," and are then directed to a phone number or website asking for personal information. Armed with that information, criminals can then steal from victims' bank accounts at will, or even create phony ATM cards. If you actually log onto one of the phony websites with your smartphone, you can also end up downloading malicious software that could give criminals access to any other personal info on the phone.
What you can do: Never respond to text or automated voice messages from unknown or blocked numbers on your mobile phone. Basically, treat your mobile phone like you would your computer. Don't download anything unless you trust the source.
5. Dumpster Diving
We know: decidedly low tech. But dumpster diving is still a great way to grab oodles of personal data from lazy consumers—particularly when you consider how much valuable info the average person tosses during the holidays. Discarded credit card bills and receipts can be used for identity theft and various other forms of fraud.
What you can do: One word: Shred. Buy a decent paper shredder and feed anything with your name or other personal info directly into it.
6. Delivery Fraud
Another holiday favorite, delivery fraud is where an online criminal poses as a legitimate delivery service and sells you reduced-cost or free shipping labels—they might spam you or even hang a tag on your door directing you to a "special" website or phone number. Then, when you try to ship a package using these phony labels, the legitimate delivery service flags it and requests payment. You've been had! This scam is one of the main reasons that most major outlets tend to offer free shipping during the holiday season. Again, we're talking high tech methodology low-tech theft.
What you can do: Stick to the major shipping services and retailers. Seriously, it's not difficult to get a good deal this time of year.
7. Gift Card Scams
Gift cards are immensely popular during the holiday season. Criminals know this! They'll often set up (through auction sites or classified ads) fake shops offering heavily discounted cards. This is basically the same scam as the fake Internet shop. You purchase a fake card and the criminal gets your money. When the gift card merchant discovers that your card is fraudulent, they'll deactivate it and refuse to honor it for purchases. As if getting a lousy gift card wasn't bad enough.
What you can do: Only purchase gift cards directly from merchants or retail stores.
Here's what many of us forget during the holiday shopping season, says Hilbert. "Every scam is the same scam over and over again. It's just a matter of the sophistication or the manipulation of how [criminals] get around the protective tools that have been put into play." So be cautious, use common sense and help make this one a little less jolly for the criminals.