​​​​​

Smart Shopping During the Holidays

Keep your finances safe while you shop during this holiday season.

The NCUA Fraud Prevention Center educates consumers on how to recognize common scams and take action if you think you are a victim of fraud. It also provides useful tips for protecting your finances.

Criminals and scammers use many techniques to fool potential victims. NCUA has put together a list of tips you can use to avoid becoming a victim of a holiday scam.

Take a look at a few of the newest and most common scams you should watch for during the holiday season.

Remember! If it is​ too good to be true, it probably is.

Criminals create new ways every year to steal your money and personal information, especially during the holidays. Do your homework before making a purchase or donation.

TOP HOLIDAY SHOPPING SCAMS

If you receive an email with the subject line reading “USPS Failed Delivery Notification,“ or something similar, do not open it. The emails claim to be from the U.S. Postal Service and contain fraudulent information about an attempted or intercepted package delivery. The emails instruct customers to click on a link to find out when they can expect delivery.

Clicking on the link activates a virus, which can steal personal information such as user names, passwords or financial account information. These emails look almost identical to official notifications from the real shippers by using legitimate-looking email addresses and even the official logos. However, this scam is not limited to the USPS.

Similar email and text scams are also circulating that appear to be from other shipping companies such as UPS and FedEx.


 

Using your laptop, tablet or smartphone at Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places is convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else. The bad guys are there too, shopping for your information.

One way scammers obtain your information is by putting out a Wi-Fi signal that looks just like a complimentary one, also known as the evil twin. The evil twin is similar to a phishing scam. Choose the wrong Wi-Fi and the hacker now sits in the middle and steals your personal or financial information. When you use a Wi-Fi connection in a public place, it is better not to use your credit card.

To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information.


 

Gift cards purchased through online auction sites are often fraudulent or stolen. To ensure that you are not scammed out of your holiday money, it is safest to purchase gift cards directly from the merchant or retail store.


 

Be careful when purchasing gift cards at retail stores. If you choose a gift card that is not located behind a counter, thieves can write down the gift card code or use a device to scan the magnetic strip on the back of the card. Every few days, the thief will check the balance and redeem the card's value online without you or your gift recipient’s knowledge. When buying a preloaded card, always have the cashier scan the card to verify that the full amount is available. Also, check to make sure the packaging has not been tampered with or damaged. This may be sign that the gift card has been compromised or replaced with a stripped gift card. If possible, register your gift card with the retailer.


 

In phishing schemes, a fraudster poses as a legitimate entity and uses e-mail and scam websites to obtain victims’ personal information, such as account numbers, user names, passwords, etc. SMiShing is the act of sending fraudulent text messages to bait a victim into revealing personal information.

Be leery of e-mails or text messages that indicate a problem or question regarding your financial accounts. In this scam, fraudsters direct victims to follow a link or call a number to update an account or correct a purported problem. The link directs the victim to a fraudulent website or message that appears legitimate. Instead, the site allows the fraudster to steal any personal information the victim provides.

Current SMiShing schemes involve fraudsters calling victims’ cell phones offering to lower the interest rates for credit cards the victims do not even possess. If a victim asserts that they do not own the credit card, the caller hangs up. These fraudsters call from TRAC cell phones that do not have voicemail, or the phone provides a constant busy signal when called, rendering these calls virtually untraceable.

Another scam involves fraudsters directing victims, via e-mail, to a spoofed website. A spoofed website is a fake site that misleads the victim into providing personal information, which is routed to the scammer’s computer.

Phishing schemes related to deliveries are also rampant. Legitimate delivery service providers neither e-mail shippers regarding scheduled deliveries nor state when a package is intercepted or being temporarily held. Consequently, e-mails informing of such delivery issues are phishing scams that can lead to personal information breaches and financial losses.


 

It is important to recognize the warning signs of charity scams in order for you not to be robbed of your good intentions. The Federal Trade Commission (FTC) has two websites for consumers on charity fraud and scams. It is important to recognize the warning signs of charity scams in order for you not to be robbed of your good intentions.

In addition, the Internal Revenue Service (IRS) has a search feature on its website that allows consumers to find legitimate, qualified charities to which donations may be tax-deductible. For more information, please visit the IRS’s Exempt Organizations Select Check.


 

Internet criminals post classified ads and auctions for products they do not have and make the scam work by using stolen credit cards. Fraudsters receive an order from a victim, charge the victim’s credit card for the amount of the order, then use a separate, stolen credit card for the actual purchase. They pocket the purchase price obtained from the victim’s credit card and have the merchant ship the item directly to the victim. Consequently, an item purchased from an online auction but received directly from the merchant is a strong indication of fraud. Victims of such a scam not only lose the money paid to the fraudster, but may be liable for receiving stolen goods.

Shoppers may help avoid these scams by using caution and not providing financial information directly to the seller, as fraudulent sellers will use this information to purchase items for their schemes. Always use a legitimate payment service to ensure a safe, legitimate purchase.

As for product delivery, fraudsters posing as legitimate delivery services offer reduced or free shipping to customers through auction sites. They perpetuate this scam by providing fake shipping labels to the victim. The fraudsters do not pay for delivery of the packages; therefore, delivery service providers intercept the packages for nonpayment and the victim loses the money paid for the purchase of the product.

Diligently check each seller’s rating and feedback along with their number of sales and the dates on which feedback was posted. Be wary of a seller with 100 percent positive feedback, with a low total number of feedback postings, or with all feedback posted around the same date and time.

Here are some additional tips you can use to avoid becoming a victim of cyber fraud:

  • Do not respond to unsolicited (spam) email.
  • Do not click on links contained within an unsolicited email.
  • Be cautious of email claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Scan the attachments for viruses if possible.
  • Always compare the link in the e-mail with the link to which you are directed and determine if they match and will lead you to a legitimate site.
  • Log directly onto the official website for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
  • Contact the actual business that supposedly sent the email to verify if the email is genuine.
  • If you are asked to act quickly, or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act quickly.
  • Verify any requests for personal information from any business or financial institution by contacting them using the main contact information.

 

 

​ ​​​​​

​​​