Expect more online scams during the holidays: Here's how to spot them before it's too late

·9 min read

Cyber scammers have gotten so good at ripping us off in recent months, I no longer trust any text, call, or email message from a company – even when it’s legit. That might sound extreme, but I get at least one scam text, a handful of calls, and nearly a dozen fraudulent emails every day.

I’m far from alone in battling this constant barrage.

A new AARP cybercrime study estimates that 229 million adults in the U.S. – roughly 9 out of every 10 people – experienced an attempted fraud in 2020. Of those, nearly 1 in 7 (33 million) lost money. (My mom was among them earlier this year too.) The Federal Trade Commission and Better Business Bureau report similar statistics.

And it's not just seniors and young adults falling victim to these scams. Recently, I've come closer than ever before to falling for a cyberscam in recent weeks. Me! A person who warns other people about cyberscams regularly!

Just the other day, I nearly let a cyber scoundrel get to the bad-guy equivalent of “second base,” by almost clicking on an embedded phishing link in an email. That’s just one of many ways crooks steal our private information and try to rob us blind.

This email scammer claimed to have compromising video of the recipient and demanded a bitcoin payment, warning the recipient not to call the police or ask others if it might be fraud.
This email scammer claimed to have compromising video of the recipient and demanded a bitcoin payment, warning the recipient not to call the police or ask others if it might be fraud.

Oh, and there’s more to this perfect storm of digital deception too. These skyrocketing rates of cybercrime come on the eve of what’s predicted to be the biggest online shopping season in history. So now we have to be even better at spotting the scams. No pressure.

It's a tough task so we turned to the best in the scam-busting industry for help. Here are the simplest ways to spot the scams – before it’s too late.

You're asked to pay in gift cards

If anyone asks you to pay for a service or solve a problem with a gift card. It’s a scam.

Just ask the 80-year old woman who lost $13,000 a few weeks ago, when hit by the exact same tech-support scam that duped my own mom out of $2,000.

“Scams using gift cards as the mode of payment are dramatically on the rise,” Stacey Wright, vice president of cyber resiliency services at the Cybercrime Support Network and former cyber intelligence analyst with the FBI, says over the phone. “One in every 4 scams use them now since they’re an entirely untraceable payment method. No reputable person or agency will ever demand payment on the spot, especially not in the form of a gift card.”

Another scam making the rounds is the "your relative is in jail" play. You get a call saying your son or daughter has been arrested overseas, designated you to pay the bail but it can only be paid in gift cards. And while things may work differently abroad, no legitimate law enforcement agency demands to be paid in gift cards.

Wright says gift cards help scammers succeed because as soon as they have the card information, they have access to the money loaded on the card, and then it’s theirs – no paper trail – and no way to recoup any money.

Urgent messages demanding you act now

Whether you get hit with a fake pop-up ad blaring an alarm, like my mom and the woman who lost $13,000 did, or a Facebook scam pretending someone stole your account, if there’s a sense of urgency to “do something right now or else,” it’s likely a scam.

Mark Labriola II lost $700 to a gift card scam that targeted him through his Facebook business account.
Mark Labriola II lost $700 to a gift card scam that targeted him through his Facebook business account.

“If I had just taken the time to slow down and be more present, I wouldn’t have looked past all of the red flags,” 40-year Mark Labriola II told me over the phone from his home in Centennial, Colorado. He lost $700 to a gift card scam that targeted him through his Facebook business account. “I was so frustrated because I wanted to post some ads, but it told me I was logged out, and couldn’t log back in, and I thought I had to solve this problem right away.”

Labriola, the founder of digital marketing and content creation company Brand Viva Media, created a YouTube video about the scam, even though he says he was “super embarrassed and kind of ashamed.”

The"American Idol" alum is the last person you would expect to fall for a scam. After all, he’s totally tech-savvy, and he’s not a senior citizen, a more typical target, though younger adults – age 18-24 – now lose the most money to cyberscams, according to the BBB and FTC.

Still, when he thought someone had taken over his business account, it created a sense of urgency and frustration. He used Facebook’s own Search tool to look up “Facebook Support.” That landed him on a public Groups page that scammers used to lure him into calling a phone number he thought was a real customer support line.

FYI, there is no Facebook Customer Service phone number that connects you to a real person. There used to be one that at least gave automated responses, but it doesn’t work at all anymore.

“A lot of major companies have numbers that are dead now, and that’s intentional,” Wright explained. “Imposters and spoofing are so common, they want you to go to their website and use the little chat box or fill out that contact form on their page.”

Once Labriola was on the phone with the scammer, they made just enough sense to send him off to the store for gift cards to “verify his identity.” That’s the crook's whole goal, according to that AARP report, to “knock us off that solid cognitive foundation and into the murky and unpredictable world of passion and emotional reactivity.”

When Labriola realized he was being scammed, he connected with Facebook’s actual Help Center via chat, and was told, “Sorry, there’s nothing we can do, sorry you got scammed,” he recalls. “Now I try to tell everyone I can that there are people trolling community support sites, just sitting there with their phishing poles out waiting for someone to bite.”

Phishing: Don't take the bait

You’ve likely gotten a message pretending to be from Amazon, Costco, Wells Fargo, PayPal, Home Depot, or any number of others trying to get you to click on a link.
You’ve likely gotten a message pretending to be from Amazon, Costco, Wells Fargo, PayPal, Home Depot, or any number of others trying to get you to click on a link.

You know all those text messages, direct messages, and emails you get that ask you to click a link? They are ALL scams. One quick way to see for yourself right away is to look at the URL address of the sender, which you can see in the photos I’ve screen-grabbed and shared here.

You’ve likely gotten a message pretending to be from Amazon, Costco, Wells Fargo, PayPal, Home Depot, or any number of others trying to get you to click on a link, to steal from you. Expect them to ramp up during this hot holiday shopping season too.

Or maybe you’ve clicked on a link in a Facebook ad that takes to a fake website that’s so close to the real thing, you don’t notice it’s Walmart.con, not Walmart.com. If you get any kind of message asking you to click anything, just don’t do it, Wright says.

Labriola even triple-checked that I am a real person before doing an interview for this article, explaining, “When I got the email about doing this interview, I first looked at where it came from, what’s the URL, then Googled it, and then Googled you because I’m thinking like, maybe it’s another scam."

Turns out a little paranoia is not only healthy but exactly what it might take to slow the scammers down.

Giveaways, sweepstakes and other promises of prizes

A Reddit user warned of a recent scam that appeared as a giveaway notification from Costco.
A Reddit user warned of a recent scam that appeared as a giveaway notification from Costco.

You always see advice to be wary if something sounds too good to be true, but this holiday shopping season, there are some remarkable bargains and legitimate promotions. How can you instantly tell if it’s a scam, like the “free coat giveaway” that recently made rounds on Facebook – versus a legitimate win?

One way to find out is to Google it. If it’s real, the retailer promotes it, and trusted news sources will talk about it. For instance, PayPal is giving people the chance to win $10,000 and other prizes through Dec. 19, as a way to encourage people to use PayPal at checkout.

That’s real, and it’s pretty great. But when I first heard about it, I thought it was one of those “too good to be true,” scenarios. When I reached out to PayPal, they shared this advice for spotting fakes.

Here are some of the signs to help you spot a fake PayPal email:

A generic greeting, like "Dear user" or "Hello, PayPal member." We’ll never send an email with a generic greeting. We’ll always greet customers with their first and last name or the business name on their PayPal account," the company says.

A request for financial information, or other personal information. Never share your bank account number, debit, or credit card number. PayPal says it never asks for those details via email.

A request for account details. If someone asks a customer for their full name, account password, or answer to security questions via email, it’s not a request from PayPal. "We’ll never ask for details like that via email."

A prompt to provide the tracking number of a dispatched item before receipt of payment. "We’ll never ask for this information before a customer has received payment for the dispatched item.

An invitation to update computer software. If an email includes a software update install, it’s not us. We’ll never ask you to install anything onto your computer.

Shop, scroll and defend like a pro

“I hate that there are bad guys out there who want to prey on good people,” says Stacey Wright, a former FBI analyst who is now vice president of cyber resiliency services at the Cybercrime Support Network. “It just fundamentally bothers me, and we all need to do more to stop them."
“I hate that there are bad guys out there who want to prey on good people,” says Stacey Wright, a former FBI analyst who is now vice president of cyber resiliency services at the Cybercrime Support Network. “It just fundamentally bothers me, and we all need to do more to stop them."

We’ve covered the advice that “assuming paranoia” is now a healthy way to respond to messages in all forms around “delayed shipping,” “call this number,” “click this link,” “unusual payment methods.”

Another major piece of advice? Learn to recognize phishing, spoofing, pharming, and other common tactics criminals use every minute of every day.

I turn to the FTC, BBB, ScamSpotter, Trend Micro, Norton, AARP, and others to help me sort it all out, and you can do that too. A few other fast and easy go-to bits of advice include:

  • Go straight to a retailers address versus clicking on an ad in a Search Engine

  • Look for a secure URL that includes HTTPS

  • Avoid unusual payments methods, and use a credit card that protects you against fraudulent charges

“If they want me to call a phone number or click a link, I just don’t do it anymore,” Wright reiterates. “I’ll call the phone number on the back of my credit card, or call the retailer, power company, or IRS directly.”

Wright also says this is a conversation everyone should have with family when they gather for the holidays this year. “I hate that there are bad guys out there who want to prey on good people,” she adds. “It just fundamentally bothers me, and we all need to do more to stop them.”

Jennifer Jolly is an Emmy Award-winning consumer tech columnist. Email her at jj@techish.com. Follow her on Twitter: @JenniferJolly. The views and opinions expressed in this column are the author’s and do not necessarily reflect those of USA TODAY.

This article originally appeared on USA TODAY: Online scams: 4 red flags you'll spot in emails, texts and websites