It’s perhaps a sad fact but one dictated by physics that evil spreads to where it is invited—the corrupt to the corruptible, perps to victims, scammers to where the pickings are easiest. This is no truer than with cyberthugs, who, in times of stress, turn their attention to the vulnerable. For them the holiday season is one where the gullible are shopping for gifts, the weary are planning vacations, and the needy are seeking some solace—all potential victims.

Think of grandma hoping to please her grandchildren: she’s trying to make what little she has spread out; she’s not as mobile as she once was, and online shopping is a blessing of convenience. Se’s completely unaware of online dangers; and she probably won’t admit to her children that she got scammed for fear of seeming … well … old!

Phish-infested waters

The term “holiday scams” produces 24 million hits on google—each summarizing the scams to look out for and what to do. We’ll take a look at some of these but remember: phishing for suckers is as old as human greed. We’re all going to fall for it at some point, and the best we can do is minimize the damage. And, of course, to remember that the enemy here is the thief—not the victim.

Generally, holiday scams can be divided into:

  • Shopping-related – You may be looking for a great deal. Remember, if it’s too good to be true, it probably is. Digital Information World estimates that 80% of online retail sites are fake. Some of them imitate the sites of well-known brands, some of them sell through legitimate sites. So long as it only means not getting what you paid for, you’re getting off relatively cheap. Unfortunately, many of them simply steal your credit card information and empty out your account.
    Scammers have been known to offer an item at an inflated price on eBay. You click for more information only to receive ads from other sources for the same product at a lower price. These are phishing sites harvesting your credit card data.

  • Payment related – You receive notification of a purchase you don’t remember asking for payment verification. Scared that you’re about to be billed for something you didn’t buy, you click the link, enter your data, and your bank account’s gone. Contact the purported retailer independently using any number but the one on the notice (unless you know that the number is kosher).
    Another payment-related scam to look out for is
    gift cards—especially the online type. Before adding cash to these, before trying to make payment with them, make sure someone you know actually sent you a gift card. Often, interacting with these online is an invitation to data scraping. Other times, they are simply scammy ways for someone to steal money from you by requiring you to pay using a gift voucher.
    Finally, on this topic, some retailer websites have been infected with fake payment pages. Even your multi-factor authentication won’t help here. If you’re redirected to PayPal (the most popular payment processor on the web), check to see that the URL is legit. If you have doubts, contact the store.

  • Delivery notices – During the holiday season, you will be receiving gifts from people living far away. Before providing any details online, check with the purported sender, cross-check with the post office or call the delivery service using a phone number you obtain independently. The American Association of Retired Persons estimates that a third of all delivery notices are fake!

  • Holiday scams – Just because it’s a family event doesn’t mean you can’t take that well-deserved winter vacation to warmer climates. There’s no such thing as a free flight! Scammers are imitating hotels, airlines, and vacation organizers. Others simply offer too-good-to-be-true prices through non-existent operators. You really don’t want to be stuck in Rome without a valid hotel reservation, or at the airport holding up a line of angry travellers because the flight reservation you made doesn’t exist.
    Another inauspicious scam to look out for is those cheap game apps you may want to download ahead of that lengthy wait at the gate or boring flight. Remember that hundreds of fake apps continue to be discovered regularly.

  • Fake charities – Relying on the characteristic goodwill and warmth of the holiday season, scammers are creating  fake charities. Usually, these appear following a tragedy or war, but they are often confidence games—pure and simple. Donate to charities with whom you have initiated contact and/or researched independently (yes, the materials they send you can be easily manufactured) never to those who contact you.

Use Phish Repellent

Words of advice from Forbes include checking before you send money anywhere with the Better Business Bureau database, the Federal Trade Commission’s scam alert page, and Charity Navigator. With printed ads or other materials, check for the regular phishing identifiers, such as bad grammar or spelling, offers or threats appealing to those oh-so-human traits of greed, fear, or urgency.

And—most important—always keep your eyes focused on the URL. If it doesn’t make sense, don’t open it. To help determine whether a URL is legit or phish, cross reference with the huge data banks of reported sites or let novoShield do the work for you. It’ll stop the pish cold before the hook hits the water.