When Alex B. opened an email from Craigslist requesting his username and password, he thought nothing of it and entered the information. It wasn’t until hours later, when he noticed several items posted as “holiday sale specials” from his Craigslist account, that he realized something was wrong. Sure enough, he had provided his email to an identity thief who had used his Craigslist account to advertise holiday deals in an attempt to con users out of their cash.
“Craigslist prides itself on being a low-maintenance platform, so the fact that the email was plain text and simply formatted didn’t set off any alarm bells,” Alex says.
Scammers often take advantage of the holiday season to trick shoppers who may be looking for deals or special items. You may be able to steer clear of holiday scams and identity thieves if you ask yourself the following four questions.
1. Am I being asked for personal information in an email, text message, or social media communication?
If the answer is “yes,” you may be the target of a phishing attack, where fraudsters pose as well-known organizations in order to lure you into disclosing your username, password, or other personal information. Phishing attackers may attempt to use your information to scam shoppers, as in Alex’s case, or obtain other information, including your debit card number and Social Security number.
Phishing scams are not exclusive to the holidays. There were more than 120,000 unique phishing attacks worldwide in the first half of 2014, an increase of 70 percent vs. 2013, according to an Anti-Phishing World Group (APWG) report.
Tip: Treat all requests for your information with caution, even if you know the sender. Hackers might compromise the email address of one of your contacts and use it to lure you into disclosing personal information. Never enter your username or password when prompted by someone else, whether it’s solicited in an email, a link on a social media network, or a text. You should always initiate contact if you need to provide sensitive information.
If you receive any emails or messages regarding your holiday purchases, look for phishing red flags, such as poor spelling, grammar mistakes, threatening phrases, or a URL that differs, even slightly, from the company’s website.
2. Does this “holiday deal” sound too good to be true?
According to the Better Business Bureau (BBB), scammers often use online deals and fake coupons to trick holiday shoppers. Be careful where you’re shopping online during the holidays. If possible, stick to mainstream manufacturers’ websites.
In addition, be cautious if you find a product online at a significantly cheaper price than you’ve seen elsewhere. That deal may be too good to be true, especially if you come across it on a website where anyone can post merchandise, such as Craigslist or eBay.
Tip: Take a few minutes to browse the seller’s website before you buy anything. Scroll over the URL to make sure it doesn’t have any added characters—additional characters could take you to a fake site. For example, the URL www.tiffanyco.mn indicates a Mongolia-based website. The legitimate website for Tiffany & Co. can be found at www.tiffany.com.
Before you make a purchase, check the “Contact Us” page for a phone number and physical address. Then, look for the “Terms and Conditions” page, where return policies are usually posted. Scam websites are less likely to have return policies—or they’ll provide them in a suspicious manner, such as only via faxed request.
If you’re shopping on an auction site, look through the seller’s customer reviews before completing your purchase. If you’re dealing with a business that is unfamiliar to you, you can double-check that the seller is legitimate by researching the BBB’s database. And finally, never wire money as payment for an online purchase.
3. Do I need to click on this advertisement?
In the past few years, scammers have begun to use advertisements as means of transmitting malware to your computer. This is known as “malvertising.” According to a recent report by the security firm Invincea, clicking on a banner ad or video could inadvertently download a virus that infects your computer or transmits your personal information back to a hacker. Victims are targeted based on their interests and web history, the report states.
Tip: If possible, avoid clicking on advertisements while you are shopping online for holiday gifts. Instead, consider going directly to the manufacturer’s website vs. clicking on the ad. The report recommends that users opt out of targeted advertising that is based on web history, when possible. Because many Web services rely on targeted advertising for funding, you may have to look up specific instructions for opting out on the shopping websites and social networks that you use frequently.
4. Is this a real charity?
In this scenario, fraudsters set up fake charities to steal your money and information. Charity scams occur all year, but they are very popular during the holiday season.
Many legitimate charities make a push for year-end giving and holiday pledge drives, counting on the spirit of the season to help people open their wallets for a good cause. Consumers also expect to be bombarded by holiday campaigns, so scammers take advantage of the good timing.
People collecting money may approach you on the street or at your home. Scammers may also set up false websites that look similar to those operated by real charities. Some fraudsters may call you or email you with spam emails requesting donations.
Tip: Triple-check the foundation’s name and contact information with the BBB or CharityGivingnavigator.com to make sure you are dealing with a legitimate organization. If you know the organization is legitimate but can’t find the correct website, use cash to support the foundation instead.
Be aware of phishing attacks or scams that are common in your area or with your services. Consider subscribing to these alerts to help you protect your identity and information:
- Scam alerts from the Better Business Bureau
- Fraud Watch Network alerts from AARP
- Phishing alerts from FraudWatch International
One thing you certainly don’t want for the holidays is a stolen identity. Unfortunately, as shoppers get in the spirit, thieves do too, so remember these tips to help you spot scams.
The information contained in this blog post is designed to generally educate and inform visitors to the Equifax Finance Blog. The blog posts do not give, and should not be assumed to provide, personalized tax, investment, real estate, legal, retirement, credit, personal financial, or other professional advice. Before making any financial decision, you should always consult with the appropriate professionals who can explain your options, rights, and legal responsibilities, and advise you on any tax, legal, credit, or business implications that may result from those decisions. The views and opinions expressed by the authors of blog posts are their own views and may not be the views or opinions of Equifax, Inc. and/or its affiliates.