Christmas and the New Year is a mad time of the year with end of year celebrations, family gatherings and gift giving. Unfortunately it is also a time when the risk of fraud increases as people become more relaxed and the sheer volume of financial transactions increases.
Last year, between November and December 2009, the number of monthly credit card transactions in Australia jumped by almost 20 million to 151 million – proof of the high level of activity in the lead up to Christmas. (Reserve Bank of Australia credit and charge card statistics)*
The good news is that while Christmas is a time to be extra careful, there are some simple steps that people can take to give themselves added security. These include:
We’ve identified 10 of the most prevalent scams that can lead to financial fraud or identity theft during the holidays – listed below, in no particular order, with tips on how to avoid them.
1. Online shopping threats: In the US, the FBI reported that more than US$560 million was lost in 2009 due to online fraud (almost double the amount lost in 2008). To avoid being yet another victim, Unisys security experts recommend that online shoppers always shop on safe sites that have SSL (a protocol for secure communications) certification, indicated by a locked padlock at the bottom of the screen. If you have second thoughts about using a site or retailer, follow your instincts and avoid it. If buying through sites such as Amazon or eBay, take the time to read the seller feedback. Finally, be sure to check your bank statements regularly for any unexpected ‘purchases.’
2. Seasonal spyware: The number of malicious e-cards circulating to personal and business computers is expected to rise this year. Unisys experts suggest that even in a workplace setting, individuals never open an email or attachment from an unknown sender and do not download ‘exe’ files as these often contain adware, unwanted downloads and spyware.
If you can’t resist opening a file, drag it into your ‘junk’ email folder first as this allows you to check all the links to see if they are legitimate. If a site looks suspicious, follow your instincts and don’t click on it. Finally, be sure to install personal firewall, anti-malware and protection agent software on your computer. So if you make a mistake and click on a malicious e-card, you will have some protection.
3. Not-so-social networking: Enterprises and individuals are making increasing use of social networking sites such as Facebook and Twitter to keep in touch with clients, partners, friends and family over the holiday season. Unisys security experts warn that these sites can be a goldmine for identity thieves. According to GetSafeOnline, one in four people using social networking sites have posted confidential or personal information such as phone number, address or email on their online profile. To avoid identity theft, never offer personal information to anyone over a social networking site, even if the request is from a friend or relative. Do not offer your birth date, birth town and home address on your user profile, and always make sure you apply the right privacy settings to protect yourself. Avoid posting photos of expensive belongings or dates when you are away from home over the holidays.
4. Beware of ATM skimmers: Whether at your neighbourhood bank or at your office lobby or shopping centre, Unisys experts stress the importance of being aware of your environment when using an ATM to obtain holiday shopping cash. If you think someone is too close behind you or looking over your shoulder, find a different ATM.
Thieves are becoming more and more sophisticated, so also check the actual machine to make sure that it is solid and sturdy. Some skimming scams have involved fitting the front of an ATM with a false panel containing a small webcam or digital camera that can capture your card details. If the ATM appears to be behaving oddly or does not work the first time, go to a different machine – don’t try it again!
5. Fake Online Payment Sites: Escrow services such as PayPal allow businesses and consumers to securely and conveniently send and receive payments online. However, escrow scams are increasing as fraudsters set up fake payment sites to con both buyers and sellers out of money.
To ensure payment sites are legitimate and secure, Unisys security experts suggest checking to ensure the sites have SSL certification. Also check that the web address starts as https:// rather than just http:// as the absence of that “s” is often an indicator of rogue traders. A real escrow company will also only ask you to transfer money to them directly from your bank, i.e. a traceable transfer. If they ask for another method, refuse. Before you send anything, verify with your bank where the receiving bank is located. If this looks like it is outside the seller’s own country, stop the transaction.
6. ‘Spirit of giving’ scams: Christmas is the season for sharing and, as a result, thieves will often make the most of people’s generosity over the festive season. Unisys suggests that individuals watch out for emails or tweets from charities that ask for donations, particularly if you have never signed up to receive correspondence from them. Be sure to check that charity collectors in your neighbourhood or near your office have some form of identification.
7. Gift grabbers: After opening all the presents, Unisys recommends breaking down the boxes completely so that what was in the box is not obvious to passers by on the street. Thieves are more likely to target homes with home theatre or PC boxes in the rubbish. The same is true of business-related or personal bills, receipts and financial statements – all of which could contribute to identity theft. And as always, employees must protect their company’s intellectual property by safely disposing of materials that are proprietary to their companies.
8. Protect your new laptop: If you received a new PC or laptop running on MS Vista or Windows 7 as a holiday gift, Unisys suggests making sure you use anti-malware software and have enabled the firewall before connecting to the Internet. Whether you are connected to a wireless network or via a cable, on average, it can take just nine seconds for your new laptop to receive its first ‘ping’ attack and less than a minute to receive its first virus.
9. ‘Free’ Wi-Fi and wireless network hacking: If you are using that new laptop on a wireless network at home or workplace, Unisys recommends making sure that network is secure. This is because the Wi-Fi network range will radiate beyond the confines of your building, leaving it vulnerable to “wardriving” (the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer so they can use your unsecured network for free).
Hackers could use an unprotected wireless network to anonymously download illegal material or perpetrate attacks that would appear as if they were coming from you. Wardrivers are also known to hack into computers to steal personal details. In one highly publicised case, a retailer reportedly lost over 45.7 million personal credit and debit card details to hackers. The crime went on for four years before it was detected.
10. Account check and phishing cons: Unisys security experts recommend that individuals at home or work be wary of account checking scams in which a phony representative of a bank or supplier contacts you by phone or email to ask for account details to update their records.
Callers will often claim that they need certain data in order to check the security of your account while actually obtaining very valuable information to carry out fraud. In the lead-up to Christmas, remind your family, friends and colleagues to err on the side of caution and refuse to give out any personal details either on the phone or online. If you think the call is genuine, ask to call them back and check the number by visiting their website before you call back.
Likewise, don’t assume that an email that looks like it comes from your bank or a company you’ve done business with is legitimate. In common phishing attacks, email messages from impostors contain links to phony lookalike sites where your logon ID and password can be captured. Always suspect that web links in unsolicited emails may be fraudulent, and don’t provide any personal information to such sites.