It’s the most wonderful time of the year… for scammers to take advantage of your goodwill, distraction and online shopping/deliveries. According to the AARP, nearly 75% of Americans experienced a holiday scam in 2021, which has agencies like the FBI consistently monitoring this season’s biggest frauds and alerting consumers on how to protect themselves.
One of the big scams this year involve text alerts, especially those that ping on your phone to inform you that your package has shipped or there was an issue with the delivery. However, unbeknownst to you, the tracking link provided is actually malware. According to the FBI, it’s non-payment or non-delivery scams like these that end up costing Americans a total of more than $337 million during the holidays.
But there are ways to protect yourself, says cybersecurity expert Adam Levin, whose over 30 years of experience on cyber crime and fraud has lead to Wired, The Hollywood Reporter and “Good Morning America” calling on for his expertise. Levin is also co-founder of Credit.com, former Director of Consumer Affairs for the State of New Jersey and host of the chart-topping podcast What the Hack with Adam Levin that has featured a range of guests including Al Franken.
In general, Levin works with a framework he calls the “three M’s” that he advises all people follow when it comes to protecting their personal details and not succumbing to a scam, especially during the holiday season when fraud runs rampant. Those being:
- Minimize your risk of exposure
- Monitor to you know if you have a problem
- Manage the damage
But if you hone in on that first “M,” you can sometimes mitigate the other two steps. To do so, Levin has some tips when it comes to holiday texting scams:
- If it seems illegitimate, it probably is. Trust your instincts and know that it’s highly unlikely businesses like UPS, USPS and FedEx will text you, as emails are usually a preferred method for customer communication.
- Don’t impulse respond. “Whenever you get an email, text or phone call, stop for a moment and think and try not to respond by impulse,” says Levin. “This is not like the old days, you can just never trust sources, so always question and always verify.”
- Go direct to the source. Rather than responding to a text message, find the number of your local post office or UPS branch and call them and inquire if there is an issue with your package. Or, go to the official website and enter the tracking number you received via an official email or receipt when you bought or shipped a package to see if anything appears amiss.
- Never click on a link in a text message. It’s almost always malware or phishing software meant to grab your personal information and use it fraudulently or sell it to a third party to do the same.
“Everyone says your Social Security number is the skeleton key to your life — I was among that group — but if you think about it, there’s something more ubiquitous than your SSN that you’ll probably never change, and that’s your cell phone number,” Levin pointed out. “People leave their number everywhere, and it opens up a huge potential for scam artists […] Our information is out there, it’s not a matter of if a breach will happen, but when because no one is too small, too irrelevant or too unimportant to be a target to a hacker.”
This is especially the case during the holiday season when scammers know you have a lot on your mind, and are waiting for packages and looking for deals. They’ll try to find any way to catch you off-guard in the moment.
“Fake delivery scams and texts proliferate during holidays because everyone is waiting on deliveries of their holiday gifts,” Levin noted, explaining how hackers operate. “Sometimes they will send out a mass message and hope they’re going to catch somebody. It costs the scammer very little to do so, so what do they care if they even get a small percentage of people responding? They still win.”
Levin said the wording scammers use that almost always catches people is, “There’s a problem with your order.” If the scammer does their guesswork right to know you bought from the company they are impersonating (or has breached your email to verify you made a purchase), this is an especially effective tactic. “Most people use Amazon or Shopify or a number of sites, so when you get anything that looks like it’s coming from that business, it might seem authentic. [The scammer captures] your attention with the idea that ‘there’s a problem’ — they know if they do, they have a good chance of getting you to try to click on a link or open an attachment,” Levin warned.
One way to attack the problem when it happens is to change your number. But if you understandably don’t want to change your number (and most of us never will, to Levin’s point), he said you can establish a Google number and start giving that out to anyone but personal contacts to help protect yourself. As well, if you think your information may have been compromised, you can visit the website Have I Been Pwned to see if your contact (also including e-mail) has been part of a breach and find details for how to circumvent it.
More From GOBankingRates