Every year, the holiday season creates optimism, goodwill, and shopping mania. It also creates countless opportunities for scammers, spammers, and other schemers to separate unsuspecting shoppers from their hard-earned money.
BBB Scam Tracking
The Better Business Bureau keeps track of these schemes through its BBB Scam Tracker website, a proprietary platform where businesses and consumers can report scams and suspicious activities. Scam Tracker features a searchable heat map for viewing the numbers, types, details, and locations of scams. Report data is shared with the general public to help shoppers avoid being taken in by scammers.
While many of the schemes are consumer-focused during the holidays, some also target small businesses and company employees using phishing emails and social media.
There is also an important role for merchants to play in making sure (1) their e-commerce sites and websites are secure, (2) their email campaigns to customers comply with the CAN-SPAM Act, and (3) their privacy policies are transparent and adhere to best practices for data privacy.
Holiday Scams in 2021
According to the BBB’s 2021 list, many of this year’s holiday scams use emails and social media platforms to dupe their targets. The BBB advises shoppers to “exercise caution when coming across social media ads about discounted items, event promotions, job opportunities, and donation requests, as well as direct messages from strangers.”
The BBB also advises against making payments or donations by wire or e-transfer, through third parties, or by prepaid debit or gift cards. The National Cybersecurity Alliance offers additional tips for safe shopping over the holidays, which we’ll review in a few minutes.
Following are a few of the most common schemes to be aware of at all times, but especially during the holidays.
Ads on Social Media
Individuals who are active on social media platforms often find goods for sale from small businesses. High-value items that are priced ridiculously low, such as luxury goods, jewelry, designer bags and clothing, and electronics, are almost always cheap counterfeits. In addition to rock-bottom pricing, popular come-ons include the offer of free trials or donations made to charity for every purchase.
The BBB receives many complaints from individuals who have (1) paid online for goods they never receive, (2) been charged monthly for a free trial they never signed up for, or (3) received an item that is counterfeit or much different from the one advertised. Last year online purchase scams were the most common fraud with the most victims, according to BBB Scam Tracker.
Advice: Do your homework and research the company before ordering, including reading online reviews and checking their business profile at BBB.org.
Social Media Gift Exchanges
This scam is a perennial favorite among fraudsters and is a type of pyramid scheme, which is illegal any time of the year. The latest versions involve exchanging bottles of wine or buying $10 gifts online. Dog lovers beware of schemes that invite you to buy a $10 gift for your Secret Santa Dog.
Another scam may ask you to add your email address to a list of online participants, then pick a name and send money to that person in the spirit of paying it forward. Charitable chain letter campaigns are popular during the holidays when many people feel unusually generous and want an easy way to give.
In all cases, individuals unwittingly share their personal information, along with that of their family and friends. Adding insult to injury, you are then tricked into buying and shipping gifts or money to people you don’t know.
Advice: While it all sounds like nice social fun for a good cause, keep your eyes wide open for the online fraud factor.
Compromised Account Alerts
Popular in email as well as by telephone and text message, these alerts advise you that your Amazon, PayPal, Netflix, credit card, or bank account has been compromised. Victims are informed of suspicious activity on one of their accounts and instructed to take immediate action to prevent the account from being closed or frozen. No one needs that during the holidays, right?
Advice: Always be extremely suspicious of unsolicited calls, emails, and texts that try to scare you into doing something against your better judgment. If you think it could be real, hang up and call the company’s Fraud Department directly to verify. And look up the phone number—don’t use one provided by the possible scammer.
Fake Shipping Notices
As more consumers make purchases online, there is also an increase in notifications about shipping details from retailers and carriers. Scammers create realistic-looking shipping updates with links to more details, but they are really links that will download malware to your device or allow unauthorized access to your private information. Some phishing emails also trick buyers into paying additional shipping fees.
Advice: Read the source of the email carefully. Hover over the email address to see where it really comes from. Try searching for the domain or website in your browser to see if it’s real. Misspellings or typos in the email or text are another red flags.
The holidays bring a flood of emails offering deals, sales, and bargains, with links for your convenience and speed in response. Links may lead to look-alike websites created by scammers to trick you into downloading malware, making dead-end purchases, and sharing private information.
Advice: If uncertain about the email content or source, do not click any of the links or images. See advice for fake Shipping Notifications above.
Free Gift Cards
Another popular scam is the bulk phishing email campaign, where personal information must be provided in order to receive a free gift card. Some of these emails may impersonate legitimate companies, such as Starbucks, and promise gift cards to loyal customers.
They may also use pop-up ads or send text messages announcing that you have been selected as a prize winner. In all cases, they are looking for personal information they can sell on the dark web.
Advice: The old adage, if it sounds too good to be true it probably isn’t, certainly applies here. Try to avoid opening these come-on emails, but if you do open one do not click on any links.
Additional Online Advice
There are many actions you can take before making a purchase online, especially if you are not comfortable that the offer is legitimate. Following are safe shopping tips from the National Cybersecurity Alliance.
- Research the Vendor Before You Buy. Read online reviews to learn what other shoppers have experienced with a merchant or small business. Check for the business on the BBB.org website. Always look for a physical address at the bottom of the email, and on the website, as a clue to legitimacy. Find a phone number and call it; scams usually provide disconnected numbers or no numbers at all.
- Consider Your Payment Options. Use a credit card online rather than a debit card because the security protections for credit cards are more robust. In addition, there are a number of well-regarded online payment service options, such as PayPal and Google Pay, which do not transmit your credit card information to the merchant.
- Be Careful What Information You Share. Only certain information is needed to complete an online purchase, and if you are being asked to enter more information than seems necessary, cancel the transaction. Also, do not authorize your payment information to be saved. If it has been auto-saved after the purchase is complete go back in and delete any stored payment details.
- Monitor Your Bank and Credit Card Statements. Check your accounts regularly for unauthorized activity. Set up alerts so that you receive an email or text message with transaction details whenever your credit card is used. Do not rely solely on your bank or credit card company to monitor your account activity. Manage your money, and your cybersecurity, actively!
The holidays are the most popular time of the year for online shoppers—and also for scammers, spammers, and schemers. Individual consumers are at greater risk as their online buying activity increases and personal information flies around the Internet.
It’s the perfect opportunity for legitimate merchants and businesses to ramp up their security and privacy safeguards, and let their customers know it’s safe to shop with them.
For consumers, the Better Business Bureau and the National Cybersecurity Alliance offer excellent guidance for shopping safely online during the holidays, with tips that apply all year long.
Most merchants are governed by the Payment Card Industry’s Data Security Standard (PCI-DSS). If you haven’t had a compliance assessment in the past year or two, we recommend scheduling a security assessment in the new year to be sure you are continuing to operate in compliance with those requirements.