The Christmas rush may be over, but don’t expect crooks to slow down. What to know about post-holiday hoaxes and ways to protect yourself well into 2018 and beyond:
- Don’t let your curbside trash advertise expensive holiday presents. To prevent tipping off would-be burglars that your home has heist-worthy items, cut and place in a covered trash bin those boxes for big-screen televisions, video games and the like, or haul them yourself to a community dumpster or recycling station.
- Secure new smartphones with encryption, a screen-locking PIN and other tips found here; also be prudent and read reviews before installing unnecessary apps. Change factory-set default passwords and, if possible, use a guest network option on home routers for “smart home” devices.
- Considering that Dec. 30 and 31 are the busiest days for charity online donations, be especially suspicious of unsolicited requests these next few days. Ignore email requests unless you previously gave to that group and calls that ask you to send cash, pay with a gift card or wire money.
- Don’t click on links advertising after-holiday sales found on social media, email spam or in search engine results until you carefully read the website address. Fraudsters create copycat websites with lookalike names of trusted retailers – maybe there’s an extra or missing letter or it includes words like “deals” or “discounts” in the actual name – to sell counterfeit goods, collect credit card details and deliver malware. To find legitimate post-holiday sales, type the address yourself for vendors you know you can trust, and ensure that payment pages begin with “https” and not “http.”
- If you need to contact a company’s customer service department, call, email or use the chat function from its website. Although many firms provide customer care on Twitter, cybercrooks also mimic those accounts with lookalike addresses to intercept customer messages and collect sensitive information. Whenever using social media customer care, be sure there’s a “verified” logo in all communications.
- If buying on Craigslist or Facebook swap shop pages, be suspicious of prices too good to be true, with phrases like “Got two so selling this” or “wife didn’t like.” Don’t rely on email communication; get the seller’s phone number and if all seems legit, meet in a familiar, well-lit populated area with security cameras. A police station is ideal; the seller’s home is not.
- If selling merchandise, don’t accept and deposit any check whose amount is larger than the purchase price, with instructions to forward back the excess portion. That’s a setup for the Overpayment Scam: The check you receive is fake (but can take banks up to two weeks to authenticate), but your forwarded amount is real.
- Don’t click on links in emails supposedly from delivery services including FedEx, UPS, DHL or the U.S. Postal Service claiming there’s a late delivery for you. Unless you provided your email address to the courier – unlikely since many shipping forms don’t ask – assume the email is scammer-sent and harboring malware. Also beware of mailed postcards about “undeliverable” packages that provide a callback number for details. They could be a trick to get you to make an expensive overseas phone call or reveal personal and financial information. (Area codes 809, 876 and 284 take you to the Caribbean, a hotbed for phone scams, where the idea is to make you pay phony fees or simply run up a high long-distance charge that will partially go to the scammers.)
- Another don’t-click: Belated holiday e-cards, especially with headings such as “Sorry I’m late” or “Oooops!” These are another tease to click a malware-laden link. Even e-cards bearing the names of people you know should be suspect (their names could have been harvested with a botnet virus). Legitimate e-card notifications will include a confirmation code that you can copy to safely open the card at the issuing website.
For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud. Keep tabs on scams and law enforcement alerts in your area at our Scam-Tracking Map.