Scammers love impersonating the Internal Revenue Service, the FBI and Social Security. Why not add Black Friday shoppers to the list?
Retailers are being warned that sophisticated scammers could target online Black Friday deals in highly automated schemes that use fraudulent accounts created with stolen data and fictitious identities.
The goal would be to scoop up door-buster deals or special coupons and deplete the inventories of hot merchandise for the holidays, according to Shannon Wu-Lebron, senior director of retail for TransUnion’s diversified markets group.
Once the fraudsters use fake credit cards or hijacked accounts to order the stuff at bargain prices, they’ll turn around to sell the popular toys, TVs or other deals on online marketplaces and elsewhere at inflated prices.
E-skimming:Hackers hover near online shopping carts
About 75% of shoppers plan to do half or more of their holiday shopping online, according to TransUnion’s 2019 Holiday Retail Fraud Survey, released Nov. 19. Of that group, 46% worry about becoming a victim of fraud.
The survey of 2,593 American adults took place in October.
Here are tips to stay safe:
Beware of pitches for hot toys you can’t find
The Better Business Bureau warns that scammers may send a text message out of the blue promoting very low prices on hard-to-find gifts. There can be hidden charges or monthly fees or even outright fraud if someone is phishing for your personal information or credit card number.
Cyber criminals like to use big events, such as Black Friday or Cyber Monday, to send emails containing malicious links or attachments, according to a holiday shopping alert from the Cybersecurity and Infrastructure Security Agency.
React fast if your password doesn’t work
It’s more common than you might think for fraudsters to attempt to take over your credit card account to steal loyalty points or rewards built up on the card or make unauthorized purchases.
The fraudsters use stolen information, perhaps from a data breach, that’s available on the Dark Web.
You might spot a sign of trouble if your regular password won’t work and you’ve not changed the password. Or you might spot charges on monthly statements you didn’t authorize.
Experts say you do not want to use the same password over and over again on every site.
Take the extra steps for ID verification
It’s important for retailers and e-commerce sites to identify fraud patterns as they emerge. Retailers and others need to determine if fraudsters are using a smartphone or laptop that doesn’t match the device used by a legitimate consumer, according to Geoff Miller, head of global fraud and identity solutions at TransUnion.
“Moving to a digital word has allowed fraudsters to be more advanced and technically savvy,” Miller said.
About 57% of consumers surveyed said they were likely to go through the extra steps of verification to complete a purchase even if a company suspended their order over concerns of possible fraud, according to TransUnion’s 2019 Holiday Retail Fraud Survey.
Examine that gift card before you buy it
Con artists make millions of dollars going to major retailers to engage in a variety of gift card scams.
“Look for gift cards that are either near, at or behind the register, or those that need to be loaded with funds before they’re usable,” said Brian Krebs, who writes a blog called “Krebs On Security” and wrote a bestseller called “Spam Nation.”
He noted that most retailers and restaurants that sell gift cards allow you to order those cards via their websites – which might be a smarter option to avoid some types of fraud.
Con artists have engineered a way to steal information and tamper with gift cards inside the store. As a result, you must take time to examine the decal covering a PIN to make sure the PIN isn’t visible.
Remember when it comes to decals, “thieves can easily scratch those off, and then replace the material with identical or similar decals that are sold very cheaply by the roll online,” according to KrebsOnSecurity.com.
It’s part of an elaborate scheme in which crooks can gather enough information off a gift card on the rack, go online to monitor the gift card account’s activity at the retailer’s online portal, then strike once the cards are paid for and activated at the checkout register.
“Once a card is activated, thieves can encode that card’s data onto any card with a magnetic stripe and use that counterfeit to purchase merchandise at the retailer. The stolen goods typically are then sold online or on the street,” according to KrebsOnSecurity.
Don’t fall for text from the bank – it’s a scam
The holiday rush puts everyone on edge about their money – and scammers know it.
The con artists text consumers pretending to be their bank regarding a need to reset a password because of a fraudulent charge of some sort. Don’t do it. The scammers want to download malicious software onto your device to retrieve information. Or they want you to call someone and give them bank account information.
“You may think, how do they know which bank I use?” said Melanie Duquesnel, president and CEO of the Better Business Bureau serving eastern Michigan and the Upper Peninsula. “Hackers can easily view past web traffic and easily identify which bank you use.”
It’s as simple as someone hacking into your computer and looking at browser information. Scammers hack smartphones as well and can potentially view your apps.
If you’re worried that there may be an issue with your account, call your bank directly using a number found on your statement.
Ignore any prompts to text “stop or no,” because that’s a common ploy for scammers who want to confirm that they have an active number.
Watch out for fake shipping invoices from Amazon or DHL where scammers take advantage of the rushed nature of the shopping season to get you to click on a link.
Be aware of e-skimming
Scammers are able to gain access to e-commerce sites to steal your credit card number as you make purchases online.
The FBI warns, “E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information.”
Small and medium-sized businesses, as well as government agencies, that take credit card payments online may be vulnerable.
Be wary of attachments in any email that you receive. Don’t click on pop up ads. Use a credit card, instead of a debit card online, for more consumer protection.