Guess Who Prepares for the Holidays All Year Long?

If you guessed Santa – you are right! And if you guessed SCAMMERS – you are also right!

On 15 November 2023, in a Public Service Announcement, “The FBI warns of criminals targeting online shoppers and sellers during the upcoming holiday season. During the 2022 holiday shopping season, the FBI Internet Crime Complaint Center (IC3) received reports from almost 12,000 victims reporting non-payment/non-delivery scams, resulting in losses over $73 million. Criminals use a multitude of methods to entice and target victims intending to purchase or sell an item online.”

In addition to the usual “too good to be true” spam and scams from suspicious sites, phishing emails, or ads offering items at inconceivable discounts, an increase in holiday bonus gift card impersonation scams should be anticipated. Whatever the financial or information-stealing theme, employees should be repeatedly reminded to never act on such requests. But since it may be excruciatingly difficult to tell “the boss” no, it is up to bosses and leaders to empower employees and volunteers to not act and to report said activity. Likewise, it is up to bosses and leaders to make any such special, secret, or surprise requests in-person, and not through an email or text.

While faith-based and charitable organizations are prime targets for holiday gift card impersonation scams of good cheer, there are other tactics to be wary, especially with the increased use of Artificial Intelligence (AI) in scams. For more information members can refer to the FB-ISAO Weekly Report titled, “AI Impact on Phishing” dated 21 September 2023. And for additional guidance, The Cybersecurity and Infrastructure Security Agency (CISA) makes a Shopping Safely Online resource available.

All that glitters is not gold, according to FBI Springfield Illinois Office, “As scammers continue to perfect their skills, take time to conduct due diligence to thwart their efforts,” said FBI Springfield Field Office Special Agent in Charge David Nanz. “Slow down, look for red flags, and always protect your personal information. Going directly to a reputable source is the safest way to verify the legitimacy of a transaction.”

Common Scams

Online Shopping Scams

• Scammers often offer too-good-to-be-true deals via phishing emails, texts, or advertisements. Such schemes may offer brand-name merchandise at extremely low prices or offer gift cards as an incentive.
• Consumers should steer clear of untrustworthy sites or ads offering items at unrealistic discounts or with special coupons.

Social Media Shopping Scams (the most frequently reported)

• Consumers should beware of posts on social media sites that appear to offer vouchers or gift cards.
• If you click an ad through a social media platform, perform due diligence to check the legitimacy of the website before providing credit card or personal information.

Charity Scams

• Fraudulent charity scams, in which perpetrators set up fake charities and profit from individuals who believe they are making donations to legitimate charitable organizations. Charity fraud rises during the holiday season, when individuals seek to make end-of-year tax deductible gifts or are reminded of those less fortunate and wish to contribute to a good cause.
• Charity scam solicitations may come through cold calls, email campaigns, crowdfunding platforms, or fake social media accounts and websites. Steps to avoid holiday fraud schemes:
• Before shopping online, secure all financial accounts with strong passphrases. Make sure to use different passphrases for each financial account.
• Never give personal information— such as date of birth, home address, Social Security number, or bank account and credit card numbers— to anyone you do not know.
• Be wary of online transactions that solely require wire transfers, virtual currency, or gift cards.
• Pay for items using a credit card dedicated for online purchases, check the card statement regularly, and never save payment information in online accounts.
• Do not use public Wi-Fi, especially when submitting credit card, payment, or other sensitive information online.

Malicious QR Codes

• QR code phishing has re-emerged on the threat landscape as threat actors continue to evolve, reuse, and try new ways to exploit human behavior. For more information members can refer to 16 November 2023 FB-ISAO Weekly Report titled, “QR Code Phishing.”

Report fraud: Shoppers who suspect they’ve been victimized should immediately contact their financial institution, then call their local law enforcement agency. Victims of online holiday scams are also encouraged to file a complaint with the FBI at www.ic3.gov.