Each year, the Better Business Bureau (BBB) ranks the 12 most common scams designed to trick shoppers into giving criminals their money.
While many scams make the list each year, the BBB and scam experts warn that three old ploys are getting a new boost of creativity.
Fake shipping error texts:
These texts come around the holidays when you’re likely waiting on packages in the mail, warning that your package isn’t deliverable or has been lost.
Often, the texts prompt you to click a link.
“This kind of text lures people into clicking on a link which may take them to a site that looks like it's the U.S. Postal Service, it looks like it's Federal Express, looks like it's UPS,” said Steve Weisman, editor of Scamicide. “They may ask for some personal information, supposedly to verify. Some may even get a little blatant and even ask for a credit card or a fee.”
Weisman, who is also a Bentley University law professor, said clicking the link could also trigger a download of malware on your device.
“You can have the best security software, [but] the best security software is always going to be at least a month behind what we call zero-day defects," Weisman said. “This is malware that is using vulnerabilities that have not yet been discovered.”
Weisman said a scam text likely won’t be specific about what’s in the package that’s been delayed, which is a hint that it could be fake. However, he said artificial intelligence is making it easier for scammers to eliminate grammatical errors and misspellings in texts or phony mail portals that may have tipped off savvy shoppers just a few years ago.
“Even unsophisticated cyber criminals can set up incredibly accurate and good-looking websites,” Weisman said.
The safest way to track an expected package, according to the BBB, is to use the tracking number listed on the original receipt or confirmation email.
Fake websites:
AI has also become a tool for cyber criminals to create enticing “spoof” retail websites, mirroring the language and layout of sites like Amazon and Walmart.
“You put in your credit card and they say, ‘It's rejected. You need to use another credit card,’ which means they're going to get you to put in two credit cards,” Weisman said.
Scammers are even able to manipulate the URLs of popular websites using Cyrillic letters and launch them to the top of a search engine’s results.
“There'll be a slightly different ‘a,’ so it may be Wayfair and it says Wayfair, but it's a different kind of ‘a,’ which is how they get that URL,” Weisman said. “Even if it comes up at the top of a Google search, sometimes what the criminals do is they'll actually buy advertising at the top of the search.”
To avoid fake websites, Weisman recommends using the Google Transparency Report to see if fraudulent activity has been reported in connection to a particular URL. You can also use a website domain tracker to search a URL’s creation date and owner location.
“If you're [on] a Walmart website,” Weisman said. “And it's only been up for a month, chances are it's a scam.”
Buggy Christmas apps
Christmas games and puzzle apps are also a target for scammers to take advantage of information on your devices.
“You give them permission to gain access to your phone and personal information, that can lead to identity theft, that can lead to scams,” Weisman said. “In other instances, you think it's free and then you find out that you're actually paying a pretty good penny for what you're getting.”
He recommends reading reviews and privacy agreements thoroughly before downloading games, especially if the app requires use of your phone’s microphone. He also cautions users against clicking on pop-up ads that appear in the app, which could lead to additional charges.
“Only get your apps from Google Play or the Apple App Store,” Weisman said. “Check the reviews and make sure you're not giving any additional permissions or paying for additional hidden fees.”
To combat excessive losses in any of these holiday scams, Weisman has one piece of advice that applies across the board:
“Use your credit card, not your debit card,” Weisman said. “Your bank account isn't going to get reached if even if there's a problem. And if there's a problem with a credit card, you're only liable for $50.00 worth of fraudulent purchases.”