Editor’s Note: This story is excerpted from CSO Online.
The holiday scam season is upon us.
For Beth Jones, a senior threat researcher with Sophos, this time of year means an upswing in fraudulent activity online. Between malware authors looking to infect machines, and identity thieves hoping to con consumers out of credit card information, this is the prime month for behavior that qualifies for the naughty list.
“The two-week mark before Christmas is when things start to ramp up out of control,” says Jones. “Spammers and malware authors focus on when the attention is going to be there. That’s generally two weeks before a holiday.”
You don’t need to be shopping online to get caught in one of their traps. Even checking out e-mail or spending time on Facebook and Twitter has its risks for the unaware. Here are six holiday humbugs to avoid.
Holiday scam #1: Free iPads
Apple’s recently-released iPad is a popular item this holiday season, so naturally criminals are using that to hook people. “I have seen so many ‘Get a free iPad by filling out a survey’ ads already,” says Jones. “Kinect (for the gaming system Xbox 360) is the other one.”
But usually these offers are just a ploy to get you to a site where you are typically asked for credit card numbers (to cover shipping, for example) or other sensitive information in order to receive the prize. Your credit information is used by the con artist for nefarious purposes, and you get nothing. Stay away from these kinds of offers, Jones says.
“Apple is not going to give out a free iPad. They are not going to authorize anyone to give out a free iPad.”
This ruse is also running rampant on Facebook and Twitter. In the social media version of the scam, users take a quiz to win a free iPad and must supply their cell phone number to receive the results. In actuality, they are signed up for a scam that puts fake charges on their cell phone bill.
Holiday scam #2: Fake gift cards
“There seems to be a big-affiliate scam going around of free gift cards,” says Jones. But these gift card offers are really just an identity theft gimmick in disguise, with the goal of stealing your information to sell if off for profit. Retailers are not giving out free gift cards just because you fill out a survey.
Researchers at McAfee Labs say one recent Facebook scam offered a free $1,000 Best Buy gift card to the first 20,000 people who signed up for a Best Buy fan page. To apply for the gift card, they had to provide personal information and take a series of quizzes.That page was, of course, a fake.
Holiday scam #3: Stripped gift cards
Gift cards have become a common go-to present for many folks. But now criminals have figured out a way to render them worthless, according to Tom Browning, vice president of corporate compliance and Chief Security Officer with AlliedBarton.
“With the gift cards, the mission is to sell, sell, sell,” says Browning. “So they are displayed in places that are easily accessible to people. You’ll often see these things right on a front counter or in a display rack in a grocery store.”
But criminals can take advantage of that accessibility. According to Browning, many use a scanner that can be purchased cheaply to read the code behind the magnetic or scratch-off strip on the back of the card. With that, and the card number on the front, they can steal the value of the card. This leaves the buyer who purchased the card legally with a worthless piece of plastic.
Even if a card isn’t preloaded, a thief can steal the card number and security code and call the 800 number shown on the card every few days to check the balance. Once a shopper purchases the card and loads it with a dollar amount, the thief can spend it before the purchaser does, Browning says.
Browning advises trying to safeguard any gift cards you purchase by buying them from stores which keep them behind a register. He also recommends checking with the cashier when purchasing the card to ensure there is a valid balance before you leave the store. And look over the card yourself, he says. Does it have creases or markings? Is the strip on the back in perfect condition? If the card looks at all suspicious, pass it up.
“I wouldn’t say don’t purchase any gift card,” says Browning. “They make a great gift alternative. But the chance that they have been tampered with when they are out in a place accessible to everyone is high. Hold yourself accountable by taking the proper precautions before you buy.”
Holiday scam #4: Preapproved credit cards
In tough times, folks without a job or with bad credit may be particularly vulnerable to this one. But these credit offers are often advance credit schemes, according to McAfee Labs. Such offers arrive in the form of spam e-mails advertising prequalified, low-interest loans and credit cards if the recipient pays a processing fee—which then goes directly into the scammer’s pocket.
Holiday scam #5: Bad links
Links to job offers abound on Twitter. Cash-strapped users looking for some help with income this holiday season may find those offers too good to ignore. But McAfee researchers say most are scams that serve up dangerous links that ask for your personal information, such as your e-mail address, home address and Social Security number to apply for the fake job.
And holiday sales, while common and often legitimate, are also easy ways to send bad links, says Jones. “Make sure you check shortened links before you click on them,” she advises. “Bitly, for example, offers a service to preview where the link is going if you add a plus sign to the end of the link you’re questioning.”
Holiday scam #6: Fake charities
Some estimates put the number of fake profiles on Facebook at as high as 40 percent. And it isn’t just individual profiles that are created fraudulently. Fake business pages are also a problem on the network. And fake charity pages are a holiday-season hazard as generous givers look for a place to put their donation.
If you want to ensure you are donating to the legitimate charity, seek out the organization’s site directly, says Jones. And ignore all e-mail solicitations for donations, as well as the links the messages may contain.
“Charities typically do not randomly sell e-mails looking for donations,” Jones says. “Most still prefer snail mail.”