Scams for the Holidays

December 13, 2021

Ah, the winter holidays.

Traditionally a time of joy and celebration, but more often a time of stress, spending, shipping, scrambling to cover time off, and, yes, scams.

Unless you’re fascinated by them like I am, getting scammed is probably the last thing on your mind at any given time. Who has time to analyze every interaction, email, text, or credit card transaction? Add to that the chaos of running a business during the holiday season, and criminals have a buffet of vulnerabilities to help their scams blend in.

In fact, TransUnion stated in their Digital Holiday Fraud in 2021 report that “analysis of global e-commerce transactions between Thanksgiving and Cyber Monday found that 7.46% were potentially fraudulent. In the United States, that figure was found to be substantially higher, at 19.66%.” (Reported by Infosecurity Magazine)

Let’s explore some common scams you might encounter this holiday season.

The Shopping Scam

A while back, I spoke in a Byte-Size Tech video about safer online shopping techniques. Around the holidays, pop-up shopping sites, deals attached to time limits, and digital distractions increase dramatically. Even though you might normally be cautious, the pressure to find the perfect gift and have it shipped in time can lead buyers down some shady internet alleyways.

We’re all familiar with those mall vendors who disappear in January, rendering defective gifts unreturnable. What we might not be as tuned into are similarly fly-by-night and suspicious vendors online.

A short list of red flags to watch out for:

Websites that riff on a brand name without being owned by that brand
Websites that only sell one product
Dramatic, time-sensitive discounts (“Buy in the next 15 minutes!”)
Free products – just pay inflated shipping
Marketplace requests for payment via Zelle, PayPal Friends and Family, or Venmo
A brand you’ve never heard of is clearing their inventory at a steep discount

Gift Card Request

A text arrives from an unfamiliar number: “John, it’s your boss. I’m in a meeting and can’t reply. I need you to use the company card to purchase 4 $500 gift cards and text me back the codes. Need this asap!”

Could this be a real text? Depending on relationships and policies already in place, it could. Is that reason enough to make this risky purchase? Absolutely not.

Gift cards are a preferred international currency for scam payouts. For small amounts of money, they’re much easier to obtain than cryptocurrency. Once the codes are transferred to the scammer masquerading as your boss, the money can’t be recovered or traced.

A few tips:

Build a purchase approval policy into official company documentation. No one should be able to receive purchase authorization via a single point of contact. Include failsafes like purchase limits, voice or in-person confirmation, or restricted permissions that prevent a single team member acting alone from making large purchases.
If no policy exists, err on the side of caution. Would John be fired for checking with his boss via another method before making this purchase? It is unlikely – and if the purchase request is in fact a scam, John should be rewarded for saving the company $2,000.
Be the kind of employer who encourages John to double-check. Never penalize an employee for asking for confirmation, and thank him for doing his due diligence.

The Holiday Phish and BEC

While you may consider yourself protected from phishing and business email compromise (BEC) scams because of experience, education, and/or powerful email filtering software, scam attempts increase around busy times, the holidays included.

Even if you wouldn’t click, are you certain everyone in your organization would react the same? Proofpoint, an email filtering software, identified several ways to determine who are your organization’s Very Attacked Persons. These are people more likely to click, who are used to sending sensitive data, or who have network access that would be lucrative to criminals.

The extra stress and time constraints around the holidays mean that someone who might not normally be tempted or rushed into clicking could fall victim to a scam. Similar to gift card scams, failsafes can be built into company policies to prevent fraudulent network access or single-request sending of employment information, ePHI, or money. Beyond policy, bolster training prior to the holiday rush—having scams fresh in mind can prevent a wayward click—and if you don’t already, roll out email filtering to protect your Very Attacked Persons and others.

SMSishing Shipping

Systems Administrator Ben Fairbanks wrote about the rising trend in scams delivered over text message. With increased shipping activity around the holiday season, it is likely that a text message alert for a delayed, wrongly-delivered, or damaged shipment will align with a package you actually expect.

Know the methods and verbiage that accompany legitimate communication from your shipping provider.
Do not click links or reply to text messages from unknown senders.
Visit your shipping provider’s website directly and use your shipping information to find out the status of a package.
Download the official app for your shipping provider to receive notifications on deliveries and register for official tracking with your shipping provider. Services like USPS’s Informed Delivery or UPS’s My Choice are quick and easy ways to confirm actual shipments that may be delayed or arriving soon.

Here at Anderson Technologies, we wish you and yours a scam-free holiday season. Let us help make scam education, protection, and policy updates a powerful New Year’s resolution to protect your credit, your identity, and your business.