Photo credit: iStock/weerapatkiatdumrong
Year-round, all kinds of phishing attempts lurk in your inbox – from promises of massive wealth from self-described Nigerian princes (or their representatives) to threats of arrest or loss of benefits from supposed employees of government agencies that, in reality, never correspond via email.
But with the upcoming holiday shopping season – predicted to generate up to $682 billion in sales, including a record $107 billion in online purchases (14 percent higher than last year) – prepare for some of the most convincing cons angling for personal and financial information that could lead to identity theft.
That’s because they supposedly come from companies you know, trust, and likely rely on – especially this season: Online retailers, credit card companies, PayPal, banks, even airlines and delivery services like FedEx and UPS. Some bogus emails allege an “order confirmation.” Others claim a problem – say, your account was frozen, requires an update or verification, or there’s a shipping or delivery snafu. Others tout coupons, unbelievable discounts or freebies ranging from expensive iPhones to gift cards (often promised for completing a customer survey that could provide identity thieves and sleazy marketers with sensitive information best not shared).
All seek the same goal: To get you to reveal sensitive information – personal details, log-in credentials, account and credit card numbers – and/or click on an imbedded link or attachment that harbors computer-infecting malware. Here’s how to distinguish the bona fide from the bogus (even after the holiday shopping season):
- A legit company knows its customers. True, so-called “spearphishing” emails and “artisanal” spam include your name, but those more personalized phishing attempts typically target workplace or social media accounts. Phishing emails related to holiday shopping and other seasonal activities are more likely to have generic greetings such as “Dear Customer” because they are blasted en masse. Legitimate messages from companies always include the customer’s name, account number (or at least a portion of it) and other specific-to-you information – and they won’t ask you to provide it.
- Real messages focus on guidance, not getting. When legit companies email about issues or problems that need to be addressed, they instruct you to log-in into your online account or call their customer service phone number, and rarely (and shouldn’t) include a link promising “more details.” Only phishing scammers ask that sensitive information by provided via reply email, and tease to get must-know news in links rather than prominently display it in no-click-needed text.
- Genuine messages don’t threaten. Scammers know that fear is a powerful motivator; above-board companies know it’s bad business. Threats, intimidation and warnings of dire consequences are the foundation of success for many fraudsters – such as claims your account will immediately be frozen or closed unless you immediately respond with money or sensitive information that real companies already have.
- Actual companies don’t give away the store. Sure, they want your business, but legit vendors aren’t in business to lose money. Be suspicious of non-personalized messages promising freebies of high-priced items or travel excursions “just because” or sales of hot-selling merchandise for a fraction of the cost offered by competitors. If there truly is a giveaway or blowout sale, retailers will have full details on the website.
- Authentic businesses are professional. They send emails from their own domain – companyname.com – not a free service like Gmail or Yahoo. (When in doubt of the sender, hover your mouse over the “from” address.) And they ensure their messages are grammatically correct, free of misspellings and “readable” to their customers. Because emailing phishers often operate overseas, their messages tend to be linguistically challenged, littered with Scammer Grammar, typos and note currency descriptions not commonly used in the U.S. companies – such as listing prices at $19.95 USD (for U.S. dollars).
For information about other scams, sign up for the Fraud Watch Network. You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and keep tabs of scams and law enforcement alerts in your area at our Scam-Tracking Map.
Also of Interest
- How to avoid ‘Resort Fee’ rip off
- Expect more scams this Medicare open enrollment
- Get help: Find out if you’re eligible for public benefits with Benefits QuickLINK
- Join AARP: Savings, resources and news for your well-being
See the AARP home page for deals, savings tips, trivia