With the surge in consumer spending that comes during the holiday season, plus the hectic pace that it entails, it’s no surprise that the last weeks of the year are prime time for fraudsters. The threat doesn’t go away, though, even once the presents are open and holidays are finally done.
Fraudsters are clever; they’re constantly looking for new ways to cheat the system. As a result, more and more scammers are looking to the post-holiday period as an opportunity to take advantage of consumers like you.
Gift Card Theft
Perhaps the most common post-holiday scam focuses on gift cards. These items are hot commodities for shoppers during the holidays, but there are plenty of qualities that attract fraudsters, too.
Gift cards are easy to purchase, they’re equivalent to cash, and they’re both anonymous and transferrable. Fraudsters can use stolen gift cards to make purchases, or they can resell them on the secondary market to turn them into liquid cash. Gift cards from popular brands like Amazon, Target, and Walmart are among the most common objectives for criminals.
Fraudsters often try to steal these gift cards from retailers. However, they have methods of stealing them directly from customers, too. For example, one scam takes advantage of customers who want to check their gift card balance.
Fraudsters create a spoof site, advertising that you can check your gift card balance for free. The site then asks users to enter their card number and PIN/security code (usually found on the back of the card). By submitting their information, consumers essentially hand their remaining gift card balance over to the criminals.
Typosquatting on eCommerce Sites
Another common tactic, called “typosquatting,” also involves fraudsters creating spoof sites. Here, though the criminal impersonates a legitimate, well-trafficked website, and relies on customers making small mistakes that ultimately translate to big losses.
First, the fraudsters clone a popular retail site, like Amazon, Target or Walmart. The key difference is in the URL, which will be almost correct, but not quite. For example, they might replicate Amazon.com, but use a common misspelling of the URL like “mazon.com” or “amazon.co.”
These bad actors rely on customers making small typos when shopping online. The goal is to trick consumers into putting items in their cart and entering their billing information as they try to check out. Once the buyer goes this far, the fraudster now has their credit card billing information.
You can protect yourself by always shopping at trusted sites. You use official apps for major retailers like Amazon when shopping on a mobile device. For desktop, we recommend you be cognizant of the correct URL, and only shop at that site. Avoid clicking links embedded in emails; instead, copy the link destination, then paste it into your browser, to avoid being redirected to a scam site.
Hacking Smart/Connected Devices
Lots of consumers will be getting brand new electronic devices this holiday. New phones, tablets, TVs, and a whole host of smart devices that are now on the market. You might even be among them. But, before you really break in your new toy, remember to conduct any factory-recommended updates. Performing updates at startup will not only provide you with a better customer experience; it may protect you against security vulnerabilities.
The widespread use of IoT-enabled smart home devices is attracting cybercriminals. That’s because, to use most of these devices, you need to connect them to your home network. Hackers would love to access your network, along with all the personal data floating around your home. Any new device added to the network could be a way in if that hacker identifies an opportunity.
Device manufacturers are constantly developing updates to their devices’ software in response to this problem. Keeping up with manufacturer-recommended updates ensures you have the most recent—and most secure—version of your device’s software.