Consumer Federation of California

As technology advances and criminals get more creative with identity theft practices, new waves of holiday scams are cropping up that can compromise the good cheer of the season. In fact, a November 2012 Federal Bureau of Investigation (FBI) release revealed that shoppers were particularly vulnerable to cyber crimes over the holiday season because victims are likely to let their guard down to help others.

Whether online or in-store, you’ll need to safeguard yourself from one of these potential credit report nightmares by recognizing the warning signs of fraudulent activity.

Here are five of the most popular Christmas scams to watch out for this year.

1. Shipping Notification Scam

141 million shoppers took to the web this year to cross items off their holiday gift lists. A couple weeks later, these very same people are awaiting order confirmations and shipping notifications via email. It’s the timeliness of the shopping season that makes this one of the smartest internet scams of the year.

How It Works:

Potential targets receive an email that contains falsified shipping information, often from a popular delivery company like DHL, UPS or FedEx, or a major retailer like Amazon. There are a few variations to this holiday scam, such as a “delivery failure notification” message that suggests that a company tried to deliver a package while you were out.

Typically, there’s a file attached to the message, which is one of the biggest indicators that you’ve just received a fraudulent phishing email.

Unknowing recipients click on the file, initiating a virus download that aims to “phish” (i.e. scan) through their computer. During this phishing stage, sensitive information such as bank account numbers and passwords are collected. Some viruses even go so far as to hijack access to your computer, which can only be returned after a payment is made. The FBI reports that this type of “ransomware” has experienced a resurgence of late.

2. Mobile App Scam

This season, long road trips to get to holiday gatherings compel many smartphone users to download new apps to stay entertained during the commute. The danger, however, arises when insufficient research is done before downloading a new mobile app. After it all, smartphone users find that innocent-looking apps were the vehicle by which criminals wirelessly swiped credit card information for fraudulent use.

How It Works:

Malicious mobile apps are created with a technology known as “near field communication” (NFC) encoded into the app. This allows two NFC-capable devices to share data with one another; the problem is that some credit cards have built-in NFC technology.

The tainted app continues to scan for credit card information in the background, even when the phone isn’t in use. Then, when a compromised smartphone is put in close proximity to a wallet, it collects credit card credentials and emails it to the perpetrator.

Criminals then use this information for purchases online and even in stores that have a tap-and-go payment device. To avoid becoming a victim of this sophisticated type of online identity theft, research the developer beforehand by verifying that their website is legitimate and reading through user reviews.

3. Text Message Scams

The nicknames for the leading holiday scams of 2013 continue to sound ridiculous, but they can still compromise your bank account’s security. The latest string of identity theft fraud is conducted via Short Message Service (SMS), also known as text messaging.

Commonly referred to as “smishing,” or SMS phishing, this scam tricks cellphone users into handing out their banking information under false pretenses.

How It Works:

As with any scam, this particular ploy operates under a number of guises. Some suggest that you’ve signed up for a service that will cost some amount of dollars if you don’t cancel the subscription by clicking through to a link in the message. Others might assume the identity of your bank and ask you to “verify your PIN” to reactivate your debit card.

Ultimately, victims end up giving their information to perpetrators, or downloading a Trojan that tracks and stores all activity on the device. If you’ve received an unsolicited text message like the examples described above, forward it to 7726 (or SPAM). This will direct all suspicious messages to your cellular provider and initiate an investigation.

Immediately delete the message after you’ve reported it, but make sure not to respond to any prompts like “text message STOP” to end the messages. Doing so will alert spammers that the number is, in fact, active. For added peace of mind, call your bank to alert them of the incident.

4) Charity Scams

Bleeding hearts abound this season, especially with recent natural disasters that affected millions in the Philippines. Relentless crooks, however, are using the tragedy as a vehicle for their own gain through solicitous emails and fake charity websites.

How It Works:

An unsolicited email is sent en masse, as fraudsters wait for who’ll take the bait. The message often includes a narrative of how the alleged traveler got caught up in midst of the Typhoon and is in immediate distress without access to his funds. At the end of the email, the sender requests a temporary “loan” from the would-be victim, with the promise to repay it as soon as the sender gets home.

Recipients are encouraged to wire the funds via Western Union or MoneyGram, only to find that the individual on the other end of the computer screen just got away with their cash. This emotional appeal also takes the form of an email soliciting donations under a well-known charity organization, like the Red Cross.

“We are inspired to give following tragedies,” said Julie Wheeler, president and CEO of the Better Business Bureau Serving Western VA, “but sadly these events also inspire scammers to take advantage of our generosity. If you’re giving, do your homework first. Know who you are giving to and know where your money is going.”

5) Gift Card Scams

The NRF found that shoppers will spend an average of $163.16 on gift cards in 2013, a 4 percent increase over last year. However, this commonly gifted item has recently been used as a tool to drain the holiday spirit.

How It Works:

Rip Mason, CEO and director of LegalShield, a legal services and identity theft protection provider, explained how thieves get away with this scam.

“The way these scams work is that a lot of retailers will display their gift cards at the checkout aisle or leave them out in the open for consumers to browse through,” said Mason. “This makes them vulnerable to thieves who take the cards, obtain the pertinent numbers listed on them, and then place them back on the store rack.”

“Afterwards, the thieves electronically track the gift cards and wait for money to be activated. Once a customer adds money and activates the card, the thieves promptly drain the funds electronically, leaving the person receiving the gift card with a balance of zero and dismay at the checkout aisle.”

To avoid having you and your gift recipient become a victim of this simple, yet relatively unknown holiday scam, Mason recommends the following tips:

• Be suspicious of and avoid buying any gift cards that are in packaging which appears to be tampered with.

• If a retail outlet keeps its gift cards out in the open and not in any packaging, ask the clerk or manager if they have any gift cards behind the counter or in the back of store.

• Only purchase gift cards from trusted retailers or their websites; avoid purchasing them from a third party vendor you aren’t familiar with.

There is no surefire way to avoid becoming a victim of holiday scams, but by staying knowledgeable about this year’s most popular schemes, you can reduce the likelihood of fraud and identity theft.