6 Costly Holiday Scams and How to Avoid Them

6 Costly Holiday Scams and How to Avoid Them 6 Costly Holiday Scams and How to Avoid Them 6 Costly Holiday Scams and How to Avoid ThemPhishing scams, fake websites, and even fraudulent letters to Santa all have a way of turning holiday cheer into holiday blues.The holidays are supposed to be a time of cheer  and goodwill, but there are a lot of shady scammers  out there ruining  the most wonderful time of the year for the rest of us. Unfortunately, scamsâ€"especially online scamsâ€"abound during the holiday season.From phishing emails to fake charity ploys,  many scammers take advantage of  our festive feelings of  kindness and joy, hitting us when and where we least expect it. While Santa is sure to chastise these cyber-criminals with a stocking full of coal, thats little consolation when you  have to deal with identity theft, a computer full of malware, or a drained bank account  when you just want to  deck the halls.The good news is that its pretty easy to fend off holiday scams, so long as you know how to spot them. With  a little  help  from Emily Long, a security ex pert with A Secure Life, and Lou Ryan, CEO of the cybersecurity firm EdgeWave, we rounded up the  six most common holiday scams  you should  keep your eyes peeled for.1. Fake order confirmation emails.Online shopping for holiday gifts has been on the rise for the past several years, and chances are youve been doing your fair share. So it while it  might not be out of the ordinary to receive an order confirmation email from a store like Macys, Target, or Walmart, you should take a close look at every one you get.Why?  Scammers  have been known to use fake order confirmation emails to get access to passwords, bank account numbers, and other sensitive data on your computer. This is achieved through a method  of email and website spoofing called phishing: the hackers build an email that  looks like it comes from a retailer and fill it with links that, if  clicked on, will automatically download a .ZIP file containing malware that could seriously damage both your computer and your financ es.Even if you didnt order anything recently, youll be tempted to click these links just to make sure someone hasnt been using your credit cards to make online purchases, but you should never click on any links in any emails unless youre positive they come from a legit retailer.Phishing scams attempt to trick you into clicking a link or open a message or attachment that either infects your device with malware or takes you to a site designed to steal personal information, said Long. This is related to holiday scams in that more people are looking for the best deals online during the holiday seasonâ€"consumers spent $3.45 billion on Cyber  Monday  alone in 2016â€"and may be easily fooled by fake sites or false messages.Here are some steps for determining whether an  order confirmation email is real or a cunning fake:Real order confirmation emails will arrive seconds to minutes after you make a purchase. If this email arrived a day or week  after you bought something, be cautious.Doubl e-check the senders address. An order confirmation from Target should have an @target.com email address. If its from a random address, dont open it.Hover over all links in the body of the email. If theyre not directing you to the official website of the retailer theyre claiming to be, do not click on them.Ryan warns that falling for a phishing scam can have serious consequences:The effects of a successful phish include introduction of Ransomware to their system to encrypt and limit access to their files unless they pay the ransom, business email compromise (BEC), malware infections on the network, and credential-based theft so the hackers can use the stolen credentials to gain privileged access to systems, potentially leading to a data breach.2. Charity scams.We reported last week on Inside Subprimeâ€"our breaking news blog  devoted to  the subprime  financial industryâ€"that Georgia Secretary of State Brian Kemp  has been warning his citizens against falling for fake charity scams during the  holidays.“As we approach the holiday season, Georgians begin looking for ways to lend a helping hand to those in need,” said Kemp. “Unfortunately, bad actors view this time of year as the perfect opportunity to scam well-meaning donors. Before you open your checkbook, do your homework to make sure your donation will reach the intended recipients.”Charity scams are an issue year-round, but can really ramp up during the holiday season.By phone, the  goal [of a charity scam] is to get the victim to agree to donate and give up their credit card information, said Ryan. This can be achieved through a technique called spoofing.  Even with Caller ID, it can be made to appear that the call is coming from a legitimate charity, although the call is actually being made by a scammer. By email, the goal is to get the consumer to visit a website and make a donation which never goes to the actual charity. If successful, the scammer has gotten a non-refundable and hard-to-trace f inancial donation or worse yet, access to your credit card information to use for other future purchases.If youre approached via email, phone, or on the street by  someone asking you to donate to a charity, make sure you double check that  they will actually be donating your money, and not keeping it to fund their dream of becoming a cat fashion photographer. If youre confused, check out Give.org, which compiles detailed reports on all legitimate charities, grading them on governance, effectiveness, finances, and solicitation efforts.3. Letter from Santa scams.Scammers have been pulling this  scheme  on unsuspecting parents for a few years. According to the Better Business Bureau, this is how it works:You get an email selling a Handwritten letter from Santa to Your Child. It encourages you to make your childs holiday by purchasing Santas special package for $19.99.You click on the link, and it takes you to a website. The site promises the special package contains an official nice-li st certification and customized letter from Santa. Theres even a free shipping special that ends (not coincidentally) in just few hours. You decide to purchase and enter your credit card information.Dont do it! In the best case, you are simply out the $19.99. In the worst case scenario, you just shared your credit card information with scammers, who can now use it for identity theft.In another version of this scam, the site promises a free letter from Santa. It doesnt request any credit card information, but it does require plenty of personal information, such as your full name, address, and phone number. Theses sites can then turn around and sell your personal information to spammers.A much better option? Write your kid a letter yourself! It costs nothing, and you wont be putting yourself at risk of identity theft in the process.4. Holiday job scams.If you  need to make a little extra cash this holiday season, you may be on the lookout for a seasonal job. Many retailers hire tempor ary workers to handle the influx of shoppers stocking up on Christmas presents for friends, family, and the one coworker that they got in Secret Santa.But dont apply to every job you see without a second glance. Fake job scams can be used to steal your personal information, or even steal your hard-earned cash with the promise of future payback. Whether youre  job-hunting for a seasonal job or for something more permanent, it always pays to remember these tips from ZipRecruiter:No legitimate job will  ever make you pay money upfront. If a company is asking you to buy something or pay them for the cost of a background check or training, run!Check online for information about the company. They should have a website and maybe some reviews on Glassdoor,  LinkedIn, Google, or the BBB. If theyre not giving you their company name, theyre not legit.Check the job description for typos and grammatical errors. If the job is real,  they will have taken care to edit the job listing.Dont get sucke red into high-pressure, snap-second investments. If something seems too good to be true, it probably is.5. Secret Sister social media gift exchange scams.Have you seen any posts like this one on your social media feed?These gift exchanges sound like a lot of fun. Buy  one $10 gift and get back six to 36 of your own gifts? What a steal! Well, steal is right, because thats exactly whats happening here: youre getting robbed. This is a modern-day example of the age-old practice of chain letters, which are actually illegal here in the U.S.Heed this advice from the U.S. Postal Service:Chain letters don’t work. What’s more, if you mail chain letters, you could be committing a federal crime. The same law that prohibits lotteries applies to chain letters as well.3. Lookalike website scams.Equifax, the scandal-ridden credit bureau  whose lax online security compromised the personal information of millions of Americans, was recently in the news (again) for accidentally linking to a spoof w ebsite, designed to look exactly like the real thing.Luckily for Equifax customers, the spoof website was made by someone who wanted to educate them on what Equifax was doing, but most lookalike sites have much more sinister intentions.Scammers can create entire websites that look exactly like a legitimate retailer, in the hopes that youll mistake it for the real thing and provide them with your credit card number, address, and other personal info.If a fake website is designed well, then to the naked eye, most consumers may not be able to easily spot a fake from a real website, said Ryan. A fake website is successful if it has the attention to detail to look like the real   website that it’s designed to impersonate.However,  Ryan says there are clues to  be on the lookout for:The site uses an incorrect URL: The link in the email doesn’t match the real URL that you would otherwise directly type into your browserThe site asks  for your banking information: Real institutions don’ t ask for that as part of a web page loginThe site displays  low-resolution imagesThe site is rife with  misspelled wordsThe site is  not a secure site, meaning it’s “HTTP:” and not “HTTPS:”Consumers should take the extra minute or two to think critically before they enter their personal information or make a purchase, and there are a couple of easy-to-spot clues, said Long. I would always err on the side of caution and skepticism before clicking a link, opening an attachment, or entering information on a site, no matter how innocuous it may seem, as its a lot harder and more costly to undo the damage of phishing scams and identity theft once they occur than it is to do your due diligence or to find a product or deal on a legit site.What can you do if youre a victim of a holiday scam?Despite our best efforts, sometimes the scammers come out victorious. But  getting caught in a holiday scam doesnt have to dampen your spirit. Long says anyone who thinks theyve been the victi m of a scam should reach out to the FTC and record a complaint.Although in many cases money lost cant be recovered, victims can and should take steps to protect their identities and personal information going forward, Long said. Identity theft monitoring services  are a good place to startâ€"at the very least, keep an eye on credit reports and bank statements for signs of fraudulent activity. Update passwords and remove cached credit card info from any online shopping sites.Ryan listed a few more options for consumers who think theyve been hit by a holiday scam:National Cyber Security Alliance (NCSA)STOP. THINK. CONNECT.Department of Homeland Security Cybersecurity ToolkitsBut at  the end of the day, Long says the best offense against holiday scams is a good defense:When it comes to scams and identity theft, prevention and precautions are the best protection!Have you been victimized by a holiday scammer? We want to hear from you!  You can  email us  or you can find us on  Facebook   and  Twitter.ContributorsEmily Long is a security expert with  A Secure Life  (@ASecureLife). She loves to geek out on new tech gadgets. When she isn’t writing about security and smart tech, she can be found teaching yoga, road  tripping, or hiking in the mountainsLou Ryan brings over 20 years of executive leadership to his position as Executive Chairman of the Board at  EdgeWave  (@edgewave). Mr. Ryan became a member of the company’s Board of Directors upon completion of the merger of St. Bernard Software, Inc. with Sand Hill IT Security Acquisition Corp. in July 2006, and has served as Chairman of the Board of Directors since June 2008. Mr. Ryan’s extensive background in the technology industry includes roles as a co-founder and/or executive in several technology startups including Delrina and Living VideoText, which were both sold to Symantec Corp., and Entercept Security Technology, which was sold to McAfee Inc.