The holiday season is here. Black Friday and Cyber Monday are days away, and it’s time for holiday shopping to start in earnest — retailers are hiring seasonal workers, shelves are being stocked, wish lists are being made, and fraudsters are preparing their favorite tools and tactics.
Wherever money is being spent, fraudsters are sure to show up. That’s why you need to be on the lookout for shady offers, strange emails or texts, and other possible attacks. Here are five big scams we expect to see (more of) this year.
1. Phishing: What Holiday Scammers Are Using as Bait
Phishing is a year-round activity that gets a boost during the holiday season. Particularly at this time of year, fraudsters will send out surveys claiming to come from businesses with the promise of rewards for a few minutes of your time, and they also know you’ll have a lot more packages than normal on the way. Fraudsters will send out fake tracking texts or emails, alert you that there was a problem with a shipped package, and ask you to enter details or payment information to fix it.
Fraudsters excel at looking like the real deal and may even try to get you to follow a link to a phishing site or a malware link. That’s why it’s important to make sure you double check anything claiming free rewards or mistakes that involve a payment.
Remember to look for the hook when you receive something dubious. Ask yourself questions like “Would this organization really need to confirm my payment information?” or “Would this company send an email like this?”
And don't be afraid to directly contact a business about a sketchy looking message — it might take a couple of minutes, but it’s far better than a fraudster getting your personal information which they can use for all kinds of nefarious purposes.
2. P2P/Zelle Scams: No Refunds Accepted
Scams involving P2P payment apps such as Zelle run all year long, but we expect the volume to increase during the holiday season. Most P2P scams start with a phone call from a fraudster pretending to be your bank, credit card company, or other trusted organization. One of the most common schemes they use is saying there has been fraud or some other problem detected on your account and attempt to get you to transfer money to a new account that is actually owned by the fraudster.
Fraudsters will also try to get you to make payments to them directly outside a legitimate website you are shopping on. For example, many people book vacations this time of year and shop in popular marketplaces. Scam ads are abundant on these sites during the holiday season. The “seller” might request you make a payment to them via a P2P app in order to avoid fees or even offer you a tempting deal by paying up front. Always make sure to use the payment options offered on the website you are using and never make payments directly to a person outside of the website.
Use P2P apps with caution and ensure you transfer money only to people you know and trust. Your bank will never call you to make a P2P transfer or request personal information. If you are new to instant payment apps or don’t use them often, there are many great resources available online to help you avoid falling victim to scams. But most importantly, if you feel you have been a victim of a scam, be sure to contact your bank immediately. Never feel embarrassed or ashamed – everyone is a potential target.
3. Account Takeover: Shopping On You
While P2P fraud has only started to flourish in recent years, account takeover is practically as ancient as St. Nicholas himself. During an account takeover scam, the fraudster’s goal is to get your credentials, pretend to be you, and then transfer funds and buy goods or services on your dime.
During this time of year, account takeover artists take a particular shine to e-commerce and retail accounts. Whether they acquire credentials on the dark web or other illicit means, fraudsters are known to break into user accounts and then order items for themselves using the credit card saved on file.
Make sure you keep an eye on your retail account activity. Be aware of notifications for new orders, new shipping addresses, or other account updates. It’s easy to miss a notification during the holiday rush. If you see a charge that doesn’t look right or get notified about an order you don’t remember placing, it’s worth double checking to make sure your account has not been taken over by a fraudster.
4. Promotion Abuse: Too Much of a Good Thing
It never hurts to cash in on a good deal when you’re gift shopping (or self-shopping, for that matter). Many banks and retailers, facing lagging sales and slow account growth, will be offering aggressive promotions as a way to increase customer acquisition during a time when more consumers will be online. Scam artists take advantage of these promotions, and they often do it using someone else’s information.
One fintech found this out the hard way after reporting millions of illegitimate accounts had been opened on their platform. In addition to refer-a-friend and sign-up promotions, fraudsters will open up accounts to take advantage of the Buy Now, Pay Later (BNPL) services that many retailers offer during this time of the year.
Bots are often deployed by fraudsters to try and open as many accounts as possible to cash in on lucrative promotions. Watch your email closely for confirmation emails indicating you opened a new account. While you might not experience financial losses directly as a result, you don’t want fraudsters to open accounts in your name with bad intentions.
5. Fake Websites and Fake Seller Accounts: Santa’s Little Impersonators
Fake websites are similar to phishing scams in that the fraudster is trying to get a victim to perform an action by appearing to be a legitimate business.
In this scam, the fraudster puts up a webpage that looks like the one you want to be on and tricks you into either entering information or clicking a button that triggers a malware download.
These pages can be built to look extremely authentic, and enterprising fraudsters have even been known to buy Google ads to make their fake sites show up on the front page. It’s also common for phishing emails to point victims to a fake website.
Similarly, fraudsters are known to make fake social media accounts (it’s more than a trend for them) and fake seller accounts on retailer sites like Ebay. In these cases, fraudsters might fake a sweepstakes to trick consumers into sharing personal information or “buying” an item, taking their money and then never shipping anything.
Use caution while browsing and avoid clicking on promotional links in email and on social media sites. And if something seems too good to be true, it probably is.
Click with Care and Shop Safely
It can’t be stressed enough how important it is to be mindful of your interactions on the internet. I’m not trying to give holiday shopping a bad rap — banks and retailers invest heavily in security measures enabled to catch fraud before it can damage your wallet. Nevertheless, fraudsters are always trying to find workarounds.
Luckily, the best defense against most of these types of attacks is you. Knowing what to look for and reporting suspicious activity immediately is imperative. We all play a role in keeping the internet safe. Don’t let a fraudster steal your holiday cheer. May the only holiday surprises you get arrive wrapped up in shiny paper.
- social engineering scams
- Behavioral Biometrics
- Mule Accounts
- Money Mules
- Authorized Push Payment Scams
- Account Takeover
- New Account Fraud
- Social Engineering
- Fraud Prevention
- Banking / Financial Services
- BioCatch Team
- Continuous Authentication
- authorised push payment scams
- Continuous Protection
- Identity Proofing
- account opening experience