While Baltimore-area residents are drinking eggnog, sharing gifts, and generally making merry, a devoted number of cybercriminals are hard at work trying to make them miserable.
But the city’s local FBI office is sharing ways consumers can protect themselves from scams this holiday season.
“Fraud and scams are a year-around operation,” said Supervisory Special Agent Keith Custer. “These guys don’t stop or slow down really.”
Special Agent in Charge Thomas J. Sobocinski advised checking card statements routinely during and after the holidays, as many fraudulent charges don’t show up for weeks.
Consumers should secure credit card accounts, even rewards accounts, with strong passwords and change those passwords routinely. They should also only donate to known and trusted charities.
Online shopping scams
When shopping online, make sure the website you are purchasing from belongs to a reputable seller.
“The Internet Crime Complaint Center categorizes these types of frauds as either nonpayment or nondelivery,” Custer said. “When a consumer goes to a website to order a product, it’s either a fake website or it’s a disreputable merchant and the product never arrives. By loss amount, that is where consumers are hit the hardest.”
To protect yourself:
- Stick with trusted retailers: “I’m not telling anyone not to shop small business, but if it’s someone who doesn’t have a brick-and-mortar presence that you’ve never heard of, that doesn’t appear to have a big footprint online, you want to be careful about trying those out,” Custer said.
- Use a credit card: “As opposed to a debit card, with a credit card, you have the ability to contest or dispute charges if a product never arrives, or if it arrives and it’s clearly a cheap knock-off. Frequently a website will purport to be a U.S.-based company, or at least imitating a U.S.-based company. And then it will take two weeks to ship, and it’s packaged like it’s arriving from [a country outside of the U.S.]”
Online charity-oriented scams
Similar to shopping online, verify that the charity you plan on donating to is a credible organization.
“There’s usually a little bit of a pickup in those where people are solicited around the holidays to what sound like legitimate charities, but turn out to be either nonexistent, or mimicking the names of legitimate charities,” Custer said. “We always encourage (consumers) to vet any unknown charities that they are approached with.”
To protect yourself:
- Check charities via online sources: “There’s a couple of tools for them to do that,” he said. “One of them is a website called Give.org and another is Charity Navigator. Both of these sites can help educate consumers on where they donate their funds. Charities have to go through a vetting process with these organizations. They’ll do the leg work and due diligence to make sure these are legitimate charities.”
Email and texting scams:
Phishing is one of the usual suspects.
“Certainly email phishing has been around for a long time,” Custer said. “There are all kinds of offers that will make it through a spam filter for free or greatly-reduced products that might be great gifts during the holidays. The age-old axiom that ‘If it’s too good to be true it probably is,’ always holds true with those.”
“Smishing” is a newer tool in scammers’ toolboxes. It’s a portmanteau of “phishing” and “SMS,” or short messaging services like text messages.
“This really became prevalent last year,” Custer said. “What we saw was unsolicited text messages saying that you’ve got a package from FedEx or a package from Amazon. If you’ve got a phone number and a mobile phone, odds are you’re going to receive multiple messages. The phone carriers and the email providers are doing their best to filter out spam.”
Custer explained what can happen if you receive one of these spam texts.
“If you click on the link a couple things could happen,” he said. “One, it could take you to a website that downloads some malware onto your phone and device, and allows the scammer access to your phone or device. Or two, probably more common, they will take you to a website and try to harvest your login credential for Amazon or another retailer. Or they can divert you to a site that says you’ve won a free product. All you’ve got to do is enter credit card information for a $2.99 shipping charge.”
To protect yourself:
- Don’t click: “Avoid clicking on links from these unsolicited emails (and texts),” he said. “If it says you have something from Amazon, and you have an Amazon account, then go directly to the Amazon website and log in as you normally would, as opposed to clicking on the link.”
- Inspect carefully: “For any emails that you have questions about, don’t click on anything,” he said. “Hover over the sender and take a look that that email address has the same domain name (as the known retailer).”
- Educate yourself, carefully: “Something I occasionally do is go to my spam folder, just to kind of take a look at what’s in there,” he said. “I wouldn’t even open anything in there (individual spam emails). Usually you can catch what the offer is just by opening the folder. And it’s usually got offers of lots of free stuff, and lots of opportunities to purchase gold, and things like that. The scammers are always working to refine their attempts to get through those spam filters.”
- Report spam: “Something else consumers can do, if you spot something that makes it through the spam filter, most email providers have a ‘report spam’ button,” he said. “That helps the providers improve their filter.”
Pig Butchering: Getting financially slaughtered
“Pig butchering” is when a scammer develops a false relationship — either platonic or romantic — with a person for the purpose of persuading their victim to invest in something.
“The scammer will attempt to form either a friendly relationship, or a romantic relationship with an individual that they accidentally text, or meet through social media,” Custer said. “Once a relationship is formed, the scammer will show the victim the success they’ve been having in cryptocurrency. And then offer the victim the chance to piggy-back along, and make some money.
“The victim will then go on to an entirely spoofed fake website, and then be shown gains through investments. They may even be able to cash-out a small amount of money. Then the scammer will ultimately provide a one-in-a-lifetime opportunity that will triple their money overnight, and encourage the victim to liquidate everything that they can to take advantage of this opportunity.
“Once they liquidate their holdings it will be turned into cryptocurrency at a legitimate exchange, and then sent to the scammer’s crypto-wallet, never to be seen again.”
To protect yourself:
- Know who you are investing with: “We’ve been seeing large numbers of people lose incredible amounts of money,” Custer said. “It’s something that has been continuing to accelerate through the year. First off, never send money to someone you only know through online (activity.) With relationship-based investment fraud, be very careful with cryptocurrency, or anything involving cryptocurrency investments.”
- Don’t trust, but verify: “A great piece of advice is if you have a question about something, don’t try and handle it yourself,” he said. “Talk to a friend about it. Take some time. Don’t act on anything quickly or with a sense of urgency. Because that’s what scammers are really trying to do. They’re trying to get you to act quickly, and they’re trying to isolate you, to make the victim believe that the only person they can talk to or rely on is the scammer themselves.”
The FBI recommends reporting scam incidents to law enforcement at the Internet Crime Complaint Center.
Consumers can find resources by consulting trusted organizations such as AARP or the Better Business Bureau.