By: Gene Fredriksen, Security Strategy Consultant
The holiday season is here again and most people are full of goodwill and the giving spirit. Unfortunately, charity scams are all too common this time of year and cyber-criminals frequently try to prey on holiday spending. Let’s take a look at some of the common scams and ways you and your credit union members can protect themselves against the holiday “Grinches” looking to take advantage of this time of gift sharing.
Holiday Shopping Scams
It’s no secret that shopping ramps up during the holidays, and so do scams. Communicate to your members that they should be careful about how and where they share information, and beware of fraudulent retailers and organizations.
- Protect personal info. Thanks to online shopping, anyone can search for deals and hit the “buy” button from virtually anywhere. It is a good security practice to wait until you’re connected to a known Wi-Fi network, not a public access site in a coffee shop. You never know who may be eavesdropping on the traffic and looking to steal your personal information. If you can, wait until you’re on a secure network (such as your home network) to make a purchase.
- Gift cards are a great gift, but they also open the door to scams. According to the FBI, one common trick is for thieves to go into stores and collect the PINs from gift cards on the rack. The card numbers and PINs are entered into a computer program that repeatedly checks the retailer’s website. When someone buys a compromised card, the scammer can spend or transfer the money on the card before the buyer has a chance to use it. To make sure your gift card hasn’t been compromised, avoid the rack and ask for one directly from the counter.
- There may appear to be amazing deals online, and many of them are. However, remember the advice from your parents…if it’s too good to be true, it probably is. Read product reviews and research the sellers before you take advantage of a discount.
- Always keep receipts so you can try to get refunds if there’s an issue.
Charity and Investment Scams
As you make charitable giving and investment decisions over the holidays, there are a host of resources to help you avoid the many scammers and less-than-reputable charities and organizations asking for your money.
- SMART DONORS DON’T:
- Give credit card information over the phone or email
- Give bank account information over the phone or email
- Agree to pay in or mail cash
- Send a donation without checking the facts
- Give to charities you are familiar with personally. Don’t fall for cold call requests for donations. Lists of potential victims are easily obtained by scammers.
- Many phony charities will pick names that sound familiar and very close to the names of reputable charities. Make sure you know the exact name of the charity and look them up beforehand. Read reviews and ratings from some of the sites listed below.
For more information on current scams, the following sites are good resources:
- AARP Fraud Watch Network
- Better Business Bureau’s (BBB) Wise Giving Alliance
- Charity Navigator
- Charity Watch
Don’t let a bad experience put a damper on your holiday season. When it comes to dealing with scammers, knowledge is power. Do your homework and use good security practices when shopping or giving. This will help ensure that charity giving goes to the people who need it, and the gifts we order actually arrive and bring the holiday cheer we hope for.
Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO, the principal cybersecurity consultant with PureIT CUSO, and has also held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.
He served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.