Black Friday has kicked off the official holiday shopping season, so here’s a rundown of the most common scams aimed at shoppers — and how you can avoid them:
The name game
Scammer-run websites use the names of popular items and retailers to steal credit card and password information or deliver malware. You’re led to them when you do online keyword searches, including terms like “discount toys.”
Search away to compare prices, but before you click on links, carefully read the URL. Last season, scores of scammer-run websites spoofed online retailer Overstock — usually with extra words, letters or numbers between “overstock” and the dot-com. Characters may follow the .com to take you to a product page, but legitimate websites should be like amazon.com, not amazonBUY0567.com. You’re safest when you type website addresses yourself, rather than clicking on links found through search engine keyword results.
Beware of cybersquatters — websites that tinker with well-known brand names to sell cheap knockoffs, or just steal payments and deliver nothing. Some of these are based overseas, so in addition to misspelled names — say, Tifany instead of Tiffany — avoid American brands being sold at an Internet address that ends with the ID letters of a foreign country or co.mn, indicating a company in Mongolia. You can also check website ownership at WhoIs.net. Also, never give payment card or other information unless the page’s address begins with “https://”
Gift card grift
Thieves copy codes with portable scanners or pen and paper, and play the waiting game. By dialing toll-free numbers listed on gift cards, they find out when those cards were activated and their value to spend online, or they generate cloned copies for in-store use. When your intended recipient tries to redeem the card, it’s worthless.
The safer move: Purchase gift cards from a store cashier, customer service counter or website, rather than from unattended display racks. Make sure the cashier scans and activates the card in your presence and that you get a receipt in case there’s a problem.
Bogus shipping emails claiming to be retailers or services like FedEx, UPS or the U.S. Postal Service explode during the holiday season, and no matter the claim — an alleged tracking update, problem with delivery, whatever — the result is usually the same: a link promising details that instead delivers malware or solicits personal or financial information.
Unless you have already provided your email address, assume unexpected emails are scams. If you did sign up for tracking updates, expect them (post-shipping) to be in text form, not links offering promising details. Or just check delivery status by entering the received tracking number on the courier’s website, such as fedex.com/us/track.
Also beware of mailed postcards about “undeliverable” packages. Although less used because of required postage, they’re sometimes an attempt to get you to make an expensive overseas phone call or to reveal personal and financial information. Most commonly used area codes include 809, 876 and 284.
In coming weeks, expect more spam email promising free stuff. The cost could be identity theft if you provide sensitive information to claim alleged merchandise in unsolicited offers. Malware results that way, as well as in free downloads of games, screen savers, movies or music. (In fact, searches with keywords “free downloads” are most likely to lead computer and smartphone users to malware-laden links.) Mobile apps are an easy way for scammers to gather personal information via malware. The word “free” incentivizes, so download wisely — and only from reputable vendors.
The quandary: Paying with cash avoids being a victim of data breaches in which payment card information from retailers is hacked, but ‘tis also the season when pickpockets work like Type A elves. If you opt to buy with cash, men should reduce pickpocket risk by carrying wallets in their front pockets; women should wear purses across their body rather than hanging from a shoulder.
Plastic is more convenient, and credit cards are a better choice than debit cards. If a credit card is used fraudulently, your liability is only $50 — period — and most card issuers will eat those losses. With debit cards, your liability depends on when you report the fraud; if especially tardy, you could responsible for the entire amount. Plus, your checking account may be temporarily frozen if your debit card is lost or stolen.
Whichever plastic you use, keep close tabs on payment account activity — ideally checking every day and not waiting for reports of data breaches. If a breach occurs where you shop, contact all card issuers to close those accounts and provide new numbers and plastic.
For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.
Also of Interest
- 1 in 4 Didn’t Notice ID Theft for at Least 2 Years. Would You?
- 6 Places Never to Use a Debit Card
- Get Involved: Learn How You Can Give Back
- Join AARP: savings, resources and news for your well-being
See the AARP home page for deals, savings tips, trivia and more.