How to Avoid Holiday Scams

In my last article, I shared my list of the Best & Worst Gifts for 2022. I even included some helpful coupons you can download to give the gift of security and privacy. (I’ll be adding more coupons soon, by the way – keep an eye on this article for updates.) Sadly, this time of year is also a prime time for scams. Let’s do a quick review of some top tips to avoid becoming a victim. (This is a great article to share with friends and family.)

Avoid Phishing Scams

Phishing is still one of the more prevalent and lucrative scams today. Phishing is an attempt to trick you into giving up account credentials, credit card and social security numbers, or other information that might lead to account takeover or identity theft. Here are some tips for avoiding these scams:

  • If it’s too good or bad to be true, it probably is. Anything that gets you really worked up should trigger alarm bells.
  • Be very suspicious of any email or text that uses bad grammar or contains misspelled words. Also, real messages from real companies who know you should address you by your full name.
  • Beware of fake emails and texts with package tracking links. Sometimes they will also say things like “here’s the $5000 thing you ordered” (which you didn’t order) followed by “click here to cancel” or “see attached invoice”.
  • Don’t click links or open attachments that you didn’t ask for or expect to receive – even if it’s from someone you know.
  • Beware any message or phone call claiming that you owe money, broke the law, have an account problem or a computer problem.
  • Note that password managers will not be fooled by look-alike, fake websites. If for some reason it’s not offering to fill in your credentials, then you’re probably not on the site you think you’re on.

Other Tips for Avoiding Holiday Scams

  • Whenever possible, shop with credit cards, not debit cards.
  • Only buy gift cards from reputable stores. Before you leave the checkout counter, consider opening the card to make sure the secret code hasn’t already been exposed.
  • Keep a close eye on your bank and credit card transactions. Report anything fishy immediately.
  • If you haven’t done so already, you should consider setting up account notifications for large transactions, foreign transactions, and other unusual account activity.
  • Don’t broadcast your travel plans on social media (that is, don’t tell the bad guys that your house will be unguarded.)
  • Beware anyone telling you that you need to install an app on your phone or computer or a plugin for your browser.
  • Avoid any purchase that requires online or phone payment with gift cards, cryptocurrency or wire transfers.
  • No reputable service or company will ask you for your password via text or phone call.
  • Beware of phony charities, especially really pushy ones.
  • If you haven’t done so, I would freeze your credit at the big three bureaus (TransUnion, Equifax, Experian) – and maybe Innovis, too.
  • Turn on two-factor authentication for all your important accounts, including financial, medical, government, email and social media.

If you are a victim of a scam (or even if you think you might be), you can file a complaint with the Federal Trade Commission (online or at 877-382-4357). You can also report it to your state’s attorney general.

Need practical security tips?

Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.

Don't get caught with your drawbridge down!