‘Tis the Season for Scamming: Protect Yourself and Your Customers

It should be the season of good cheer, but the rise in shopping this time of year brings with it a rise in scams. It’s harder to be cheerful when you realize that great deal you thought you were so lucky to find was actually just a ploy to get your credit card information. Continue reading for best practices on avoiding holiday scams and how to protect yourself and your customers.

Why the Holidays are a Gift to Scammers

Cybercriminals know that the easiest time to convince shoppers to hand their money over is when their wallets are already out. And from November to late December, a lot of people are in spending mode. In 2020, consumers spent $186 billion online during the holiday season. And this time of year typically accounts for nearly 20% of all annual retail shopping.

This is also a time of year when emotions are high. People feel a complicated mix of stress about meeting all their obligations in time, happy about seeing family and celebrating together, and worried about unforeseen problems that may impact their plans. Scammers know that playing on emotions can be a powerful way to get consumers to forget their caution.

A third big reason that scammers step up their efforts during the holiday season is that it works. According to the Internet Crime Complaint Center (IC3), consumers in the U.S. filed nearly 800,000 complaints about cybercrime in 2020, reporting over $4.1 billion in losses. As long as phishing, email scams, and social engineering remain profitable, cybercriminals will continue to commit cybercrimes.

Holiday Scams to Keep on Your Radar

While cybercrime grows and evolves in some ways from year to year, it takes some common forms you can be alert to.

Phony sales

During the holiday season, a lot of retail brands offer attractive deals. With so many legitimate sales and offers out there, scammers know consumers will be more susceptible to fake ones. They can send people emails that look like the brands they know, offering in-demand products at a price that seems too good to be true…because it is.

Consumers that follow the links in these emails risk handing over their credit card information to a site made to look like a legitimate brand. Then scammers can take their payment without ever sending the products, and hang onto the sensitive data they gained in the process.

Fake delivery emails

An increase in online shopping brings with it an uptick in deliveries—another opportunity scammers take advantage of. Since people expect to see emails from USPS, UPS, and FedEx with delivery information, they may not be immediately suspicious if an email appearing to be from one of those sources shows up claiming that they can’t deliver a package due to inaccurate information.

A concerned consumer that definitely needs that package to show up in time is likely to do what they’re told in order to get current information to the supposed carrier—only to hand over personal information to a cybercriminal in the process.

Personalized phishing

A lot of these tactics are old and look essentially the same each year, but here’s where they’ve gotten more sophisticated with time. As more and more data breaches occur, scammers gain access to consumer data they can put to use. They can purchase consumer profiles from the dark web that provide information about who people are and what brands they have relationships with. Based on that data, they can tailor their phishing emails to make them look that much more real.

If you get an email from a brand you’ve never bought from before in your life, you won’t be fooled. But if you make a lot of purchases from Target every year and the scammer has evidence of that, they can make sure their emails look like they’re from Target specifically. Suddenly, those scam emails look convincing.


How to Keep Yourself Safe

Scammers are smart, and at least some of them are skilled at making their offers look legitimate. That means even savvy consumers risk being taken in if they don’t practice the utmost caution. To protect yourself this holiday season:

  • Be skeptical of promotions you receive from brands unfamiliar to you.
  • If a deal looks too good to be true, assume it is.
  • Avoid clicking on links in emails you receive. Instead, go directly to the retailers’ websites to look for the same deal.
  • Avoid clicking links in emails about deliveries, and don’t reply or call numbers provided. Go to the company or carrier’s website to find the information you need there.
  • Before every purchase, check that the website has an https in front of the URL and a padlock icon in the browser.
  • When creating an account on a retailer’s website, use a strong password. And when accessing accounts you created a long time ago, update the passwords to ensure they don’t use one that may have been revealed in an old data breach.
  • Keep an eye on your bank statements to look for suspicious charges. Be particularly vigilant in looking for small charges—scammers often test out information they have by making a couple of small purchases before they go for a big one.

In general, make it your motto to trust, but verify. Anytime something seems even a little suspicious, assume it is.

How to Keep Your Business Reputation Safe

Consumers aren’t the only ones with something at stake here. Businesses can take a big hit to their reputation if consumers associate your brand with actions criminals take while masquerading as you. To help keep your customers safe and your brand’s reputation intact:

  • Make sure your systems are as secure as possible—you do not want to be the brand behind a data breach that puts your customers at greater risk.
  • Provide education.
  • Let your customers know what kind of emails and delivery updates to expect from you, and how to recognize communications that are fraudulent. Provide them with general tips for avoiding scams this season.

Increase your fraud detection efforts this time of year, so you’re better able to spot fraudulent charges before they go through.

Make it the Season of Caution

Caution is smart to practice year-round, but it’s more important than ever during the holiday season. Be vigilant in evaluating the offers you encounter and emails you get. And be protective of your personal information. Don’t give away your address, password, or credit card to any source you’re not absolutely sure of. Some added caution can ensure you can enjoy your holidays without the added stress of a scam.

Blog Footer Cybersecurity