Season’s Cheatings! Get Wise to Holiday Shopping Scams


Black Friday has kicked off the official holiday shopping season, so here’s a rundown of the most common scams aimed at shoppers — and how you can avoid them:

The name game

Scammer-run websites use the names of popular items and retailers to steal credit card and password information or deliver malware. You’re led to them when you do online keyword searches, including terms like “discount toys.”

>> Top Seasonal Scams to Avoid

Search away to compare prices, but before you click on links, carefully read the URL. Last season, scores of scammer-run websites spoofed online retailer Overstock — usually with extra words, letters or numbers between “overstock” and the dot-com. Characters may follow the .com to take you to a product page, but legitimate websites should be like, not You’re safest when you type website addresses yourself, rather than clicking on links found through search engine keyword results.

Beware of cybersquatters — websites that tinker with well-known brand names to sell cheap knockoffs, or just steal payments and deliver nothing. Some of these are based overseas, so in addition to misspelled names — say, Tifany instead of Tiffany — avoid American brands being sold at an Internet address that ends with the ID letters of a foreign country or, indicating a company in Mongolia. You can also check website ownership at Also, never give payment card or other information unless the page’s address begins with “https://”

Gift card grift

Thieves copy codes with portable scanners or pen and paper, and play the waiting game. By dialing toll-free numbers listed on gift cards, they find out when those cards were activated and their value to spend online, or they generate cloned copies for in-store use. When your intended recipient tries to redeem the card, it’s worthless.

The safer move: Purchase gift cards from a store cashier, customer service counter or website, rather than from unattended display racks. Make sure the cashier scans and activates the card in your presence and that you get a receipt in case there’s a problem.

Courier cons

Bogus shipping emails claiming to be retailers or services like FedEx, UPS or the U.S. Postal Service explode during the holiday season, and no matter the claim — an alleged tracking update, problem with delivery, whatever — the result is usually the same: a link promising details that instead delivers malware or solicits personal or financial information.

Unless you have already provided your email address, assume unexpected emails are scams. If you did sign up for tracking updates, expect them (post-shipping) to be in text form, not links offering promising details. Or just check delivery status by entering the received tracking number on the courier’s website, such as

Also beware of mailed postcards about “undeliverable” packages. Although less used because of required postage, they’re sometimes an attempt to get you to make an expensive overseas phone call or to reveal personal and financial information. Most commonly used area codes include 809, 876 and 284.

False freebies

In coming weeks, expect more spam email promising free stuff. The cost could be identity theft if you provide sensitive information to claim alleged merchandise in unsolicited offers. Malware results that way, as well as in free downloads of games, screen savers, movies or music. (In fact, searches with keywords “free downloads” are most likely to lead computer and smartphone users to malware-laden links.) Mobile apps are an easy way for scammers to gather personal information via malware. The word “free” incentivizes, so download wisely — and only from reputable vendors.

In-store protection

The quandary: Paying with cash avoids being a victim of data breaches in which payment card information from retailers is hacked, but ‘tis also the season when pickpockets work like Type A elves. If you opt to buy with cash, men should reduce pickpocket risk by carrying wallets in their front pockets; women should wear purses across their body rather than hanging from a shoulder.

>> Get discounts on financial services with your AARP Member Advantages.

Plastic is more convenient, and credit cards are a better choice than debit cards. If a credit card is used fraudulently, your liability is only $50 — period — and most card issuers will eat those losses. With debit cards, your liability depends on when you report the fraud; if especially tardy, you could responsible for the entire amount. Plus, your checking account may be temporarily frozen if your debit card is lost or stolen.

Whichever plastic you use, keep close tabs on payment account activity — ideally checking every day and not waiting for reports of data breaches. If a breach occurs where you shop, contact all card issuers to close those accounts and provide new numbers and plastic.

For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Photo: istock

Also of Interest

See the  AARP home page for deals, savings tips, trivia and more.

Search AARP Blogs