Tips: Avoid Holiday-Related Scams

• Dec 01, 2009

As the holidays bring an increase in online shopping, charitable giving and social interaction, consumers and businesses should be on guard against some common scams that occur frequently at this time of year, according to security experts from Unisys Corp.

“The consumerization of IT and widespread use of mobile technology and social networking, both at work and at home, have increased the risk of financial fraud and identity theft -- especially during the holidays,” said Mark Cohn, vice president, enterprise security, Unisys. “While scammers are seemingly everywhere this time of the year, consumers and businesses can do a lot to protect themselves from fraudulent activities. By taking some relatively simple precautions, everyone can maximize the chances that they will beat the cheats.”

The dangers of online fraud continue to grow. The number of Americans falling victim to identity theft increased 22 percent to a record 9.9 million in 2008, losing $48 billion in the process, according to Javelin Strategy & Research.

Meanwhile, online shopping on the job will continue to be popular. This year, 53.5 percent of workers with Internet access, or 68.8 million people, will shop for holiday gifts from work, according to Shop.org.

The bi-annual Unisys Security Index reported this month that, in the nine countries covered in the survey, the top security concerns of consumers are bank card fraud and identity theft. The percentage of Americans who are seriously concerned about the security of their online transactions rose to 42 percent, the highest level since the Unisys Security Index began two years ago.

Unisys identified 10 of the most prevalent scams that can lead to financial fraud or identity theft during the holidays. They are listed below, in no particular order, along with tips on how to avoid them.

1. Online shopping threats: In the United States, the FBI reported that more than $264 million was lost in 2008 due to online fraud. To avoid being yet another victim, Unisys security experts recommend that online shoppers always shop on safe sites that have SSL (a protocol for secure communications) certification, indicated by a locked padlock at the bottom of the screen. If you have second thoughts about using a site or retailer, follow your instincts and avoid it. Where possible, use a credit card rather than a debit card as banks can often offer consumers a higher level of protection when a credit card is used. If buying through sites such as Amazon or eBay, take the time to read the seller feedback. Finally, be sure to check your bank statements regularly for any unexpected ‘purchases.’

2. Seasonal spyware: The number of malicious e-cards circulating to personal and business computers is expected to rise this year. Unisys experts suggest that even in a workplace setting, individuals never open an e-mail or attachment from an unknown sender and do not download ‘exe’ files as these often contain adware, unwanted downloads and spyware.

If you can’t resist opening a file, drag it into your ‘junk’ e-mail folder first as this allows you to check all the links to see if they are legitimate. If a site looks suspicious, follow your instincts and don’t click on it. Finally, be sure to install personal firewall, anti-malware and protection agent software on your computer. So if you make a mistake and click on a malicious e-card, you will have some protection.

3. Not-so-social networking: Enterprises and individuals are making increasing use of social networking sites such as Facebook and Twitter to keep in touch with clients, partners, friends and family over the holiday season. Unisys security experts warn that these sites can be a goldmine for identity thieves. According to GetSafeOnline, one in four people using social networking sites have posted confidential or personal information such as phone number, address or e-mail on their online profile. To avoid identity theft, never offer personal information to anyone over a social networking site, even if the request is from a friend or relative. Do not offer your birth date, birth town and home address on your user profile, and always make sure you apply the right privacy settings to protect yourself. Avoid posting photos of expensive belongings or dates when you are away from home over the holidays.

4. Beware of ATM skimmers: Whether at your neighborhood bank or at your office lobby or credit union, Unisys experts stress the importance of being aware of your environment when using an ATM to obtain holiday shopping cash. If you think someone is too close behind you or looking over your shoulder, find a different ATM machine.

Thieves are becoming more and more sophisticated, so also check the actual machine to make sure that it is solid and sturdy. Some skimming scams have involved fitting the front of an ATM with a false panel containing a small webcam or digital camera that can capture your card details. If the ATM machine appears to be behaving oddly or does not work the first time, go to a different machine -- don’t try it again.

5. Fake Online Payment Sites: Escrow services such as PayPal allow businesses and consumers to securely and conveniently send and receive payments online. However, escrow scams are increasing as fraudsters set up fake payment sites to con both buyers and sellers out of money.

To ensure payment sites are legitimate and secure, Unisys security experts suggest checking to ensure the sites have SSL certification. Also check that the web address starts as https:// rather than just http:// as the absence of that “s” is often an indicator of rogue traders. A real escrow company will also only ask you to transfer money to them directly from your bank, i.e. a traceable transfer. If they ask for another method, refuse. Before you send anything, verify with your bank where the receiving bank is located. If this looks like it is outside the seller's own country, stop the transaction.

6. ‘Spirit of giving’ scams: Christmas is the season for sharing and, as a result, thieves will often make the most of people’s generosity over the festive season. Unisys suggests that individuals watch out for e-mails or tweets from charities that ask for donations, particularly if you have never signed up to receive correspondence from them. Be sure to check that charity collectors in your neighborhood or near your office have some form of identification.

7. Gift grabbers: After opening all the presents, Unisys recommends breaking down the boxes completely so that what was in the box is not obvious to passers by on the street. Thieves are more likely to target homes with home theatre or PC boxes in the trash. The same is true of business-related or personal bills, receipts and financial statements -- all of which could contribute to identity theft. And as always, employees must protect their company’s intellectual property by safely disposing of materials that are proprietary to their companies.

8. Protect your new laptop: If you received a new PC or laptop running on MS Vista or Windows 7 as a holiday gift, Unisys suggests making sure you are using anti-malware software and have enabled the firewall before connecting to the Internet. Whether you are connected to a wireless network or via a cable, on average, it can take just nine seconds for your new laptop to receive its first ‘ping’ attack and less than a minute to receive its first virus.

9. ‘Free’ Wi-Fi and wireless network hacking: If you are using that new laptop on a wireless network at home or workplace, Unisys recommends making sure that network is secure. This is because the Wi-Fi network range will radiate beyond the confines of your building, leaving it vulnerable to “wardriving” (the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer so they can use your unsecured network for free).

Hackers could use an unprotected wireless network to anonymously download illegal material or perpetrate attacks that would appear as if they were coming from you. Wardrivers are also known to hack into computers to steal personal details. In one highly publicized case, a retailer reportedly lost more than  45.7 million personal credit and debit card details to hackers. The crime went on for four years before it was detected.

10. Account check and phishing cons: Unisys security experts recommend that individuals at home or work be wary of account checking scams in which a phony representative of a bank or supplier who contacts you by phone or e-mail to ask for account details to update their records.

Callers will often claim that they need certain data in order to check the security of your account while actually obtaining very valuable information to carry out fraud. In the lead-up to Christmas, remind your family, friends and colleagues to err on the side of caution and refuse to give out any personal details either on the phone or online. If you think the call is genuine, ask to call them back and check the number by visiting their website before you call back.

Likewise, don’t assume that an e-mail that looks like it comes from your bank or a company you’ve done business with is legitimate. In common phishing attacks, e-mail messages from impostors contain links to phony lookalike sites where your logon ID and password can be captured. Always suspect that web links in unsolicited e-mails may be fraudulent, and don’t provide any personal information to such sites.