Services

Security Center

Holiday Scams 

When shopping online during the holiday season—or any time of year—always be wary of deals that seem too good to be true. Do your part to avoid becoming a scammer’s next victim.

Every year, thousands of people become victims of holiday scams. Scammers can rob you of hard-earned money, personal information, and, at the very least, a festive mood.

The two most prevalent of these holiday scams are non-delivery and non-payment crimes. In a non-delivery scam, a buyer pays for goods or services they find online, but those items are never received. Conversely, a non-payment scam involves goods or services being shipped, but the seller is never paid.

According to the Internet Crime Complaint Center’s (IC3) 2020 report, non-payment or non-delivery scams cost people more than $265 million. Credit card fraud accounted for another $129 million in losses.

Similar scams to beware of this time of year are auction fraud, where a product is misrepresented on an auction site, and gift card fraud, when a seller asks you to pay with a pre-paid card.

The IC3 receives a large volume of complaints in the early months of each year, suggesting a correlation with the previous holiday season’s shopping scams.

If You’ve Been Scammed 

Call your credit card company or you bank. Dispute any suspicious charges.

Contact local law enforcement.

Report the scam to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.

Tips to Avoid Holiday Scams 

Whether you’re the buyer or the seller, there are a number of ways you can protect yourself—and your wallet.

Practice good cybersecurity hygiene. 

Don’t click any suspicious links or attachments in emails, on websites, or on social media. Phishing scams and similar crimes get you to click on links and give up personal information like your name, password, and bank account number. In some cases, you may unknowingly download malware to your device. 

Be especially wary if a company asks you to update your password or account information. Look up the company’s phone number on your own and call the company.

Know who you’re buying from or selling to.

Check each website’s URL to make sure it’s legitimate and secure. A site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information on that site.  

If you’re purchasing from a company for the first time, do your research and check reviews.

Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you’re using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.

Avoid sellers who act as authorized dealers or factory representatives of popular items in countries where there would be no such deals.

Be wary of sellers who post an auction or advertisement as if they reside in the U.S., then respond to questions by stating they are out of the country on business, family emergency, or similar reasons.

Avoid buyers who request their purchase be shipped using a certain method to avoid customs or taxes inside another country.

Be careful how you pay.

Never wire money directly to a seller. 

Avoid paying for items with pre-paid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you’ll never receive your item. 

Use a credit card when shopping online and check your statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.

Monitor the shipping process.

Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.

Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products.

And remember: If it seems too good to be true, it probably is.

https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/holiday-scams

Scammers are sending fake IRS emails about Economic Impact Payments

October 27, 2021

by Cristina Miranda

Division of Consumer and Business Education, FTC

There’s a fake IRS email that keeps popping into people’s inboxes. It says that you can get a third Economic Impact Payment (EIP) if you click a link that lets you “access the form for your additional information” and “get help” with the application. But the link is a trick. If you click it, a scammer might steal your money and your personal information to commit identity theft. It’s yet another version of the classic government impersonator scam.

Here are ways to avoid this scam:

Know that the government will never call, text, email, or contact you on social media saying you owe money, or to offer help getting a third Economic Impact Payment (EIP). If you get a message with a link from someone claiming to be from the IRS or another government agency, don’t click on it. It’s a scam. Scammers will often send fake links to websites or use bogus email addresses and phone numbers that seem to be from the government. Your best bet is to visit the IRS’s website directly for trustworthy information on EIP payments.

Say no to anyone who contacts you, claiming to be from a government agency and asking for personal or financial information, or for payment in cash, gift cards, wire transfers, or cryptocurrency. Whether they contact you by phone, text, email, on social media, or show up in person, don’t share your Social Security, Medicare ID, driver’s license, bank account, or credit card numbers. And know that the government would never ask you to pay to get financial help.

Report government impersonators to ReportFraud.ftc.gov. Your report makes a difference. Reports like yours help us investigate, bring law enforcement cases, and alert people about what frauds to be on the lookout for so they can protect themselves, their friends, and family.

Visit ftc.gov/imposters to find out more about government impersonators. And to learn more about the signs of a scam, what to do, and how to report it, check out ftc.gov/scams.

Blog Topics: Money & Credit

Scam Tags:  Scammers Impersonating the Government

Avoiding Scams and Scammers

Cybersecurity is key
When cybersecurity is inadequate, it can lead to stolen identity and financial loss. Most scams and scammers have two main goals--to steal your money and your identity. You should know what to look for, how they work, and what to do, so you can protect yourself and your finances.

Maintaining cybersecurity is very important, even for consumers. It is not simply something that concerns large corporations and other businesses. Here are some steps you can take:

Do not open email from people you don’t know. If you are unsure whether an email you received is legitimate, try contacting the sender directly via other means. Do not click on any links in an email unless you are sure it is safe.

Be careful with links and new website addresses. Malicious website addresses may appear almost identical to legitimate sites. Scammers often use a slight variation in spelling or logo to lure you. Malicious links can also come from friends whose email has unknowingly been compromised, so be careful.

Secure your personal information. Before providing any personal information, such as your date of birth, Social Security number, account numbers, and passwords, be sure the website is secure.

Stay informed on the latest cyber threats. Keep yourself up to date on current scams. The Cybersecurity and Infrastructure Security Agency (CISA) can provide you with Alerts.

Use Strong Passwords. Strong passwords are critical to online security. Review CISA guidance on Choosing and Protecting Passwords.

Keep your software up to date and maintain preventative software programs. Keep all of your software applications up to date on your computers and mobile devices. Install software that provides antivirus, firewall, and email filter services.

Update the operating systems on your electronic devices. Make sure your operating systems (OSs) and applications are up to date on all of your electronic devices. Older and unpatched versions of OSs and software are the target of many hacks. Read the CISA security tip on Understanding Patches and Software Updates for more information.

Here are some trending scams to look out for:

Money Mules
Scammers use people as “money mules” to receive or move money obtained from victims of fraudulent activities. Scammers proactively recruit people to be part of fraudulent activity without their knowing it. If a stranger asks you to open a bank account, or asks for access to your bank account or debit card, be extremely guarded. A scammer may ask you to move money and direct you to deposit funds into your bank account, or ask you to purchase virtual currency or gift cards for someone else’s benefit. In these scenarios, you may be unknowingly hiding someone else’s money for them. Be very cautious if a stranger asks you to receive or forward packages containing money or goods, which may also be part of a similar fraudulent scheme.

If you believe you have engaged in, or contributed to, money mule activities, stop transferring money or merchandise, and stop communicating with the person giving you direction. Then, immediately report your concern to your bank. Your banker can assist you with the appropriate steps toward protecting your bank account and money. You should also report the suspected activity to law enforcement. Visit the U.S. Department of Justice webpage on money mules for more information.

Online Dating
Romance scammers, as they are often called, create fake profiles and try to develop relationships with their targeted victims through online dating apps or social networking websites. Once the relationship develops and they have earned your trust, the scammer makes up a story and asks for your money. Be aware that scammers are lurking in these areas, so you can keep yourself and your money safe. The Federal Trade Commission (FTC) has additional information on romance scams.

Impostors
Impostor scams are when a scammer pretends to be someone you know or trust to convince you to send them money. They may even claim they are with the FDIC or another government agency. These scams are communicated through emails, phone calls, letters, text messages, faxes, and social media. The messages might ask you to “confirm” or “update” confidential personal financial information, such as bank account numbers. In other cases, the communication might be an offer to help victims of current or previous frauds with an investigation or to recover losses. Some scams request that you file official looking forms, such as insurance claims, or pay taxes on prize winnings. They might claim that you have an unpaid debt and threaten you with a lawsuit or arrest if you don’t pay. Other recent examples include check endorsements, bankruptcy claimant verification forms, stock confirmations, and investment purchases.

The FDIC or other government agencies do not send unsolicited correspondence asking for money or sensitive personal information, and we will never threaten you, or demand that you pay by gift card, wiring money, or digital currency. FDIC Consumer News: Scammers Pretending to be the FDIC has more information on impostor scams.

Mortgage and Foreclosure Scams
Watch out for scammers who falsely claim to be lenders, loan servicers, financial counselors, or representatives of government agencies who can help with your mortgage. These criminals prey on vulnerable, desperate homeowners. For more on mortgage scams and how to protect yourself, visit the FTC Mortgage Relief Scams.

Foreclosure scams usually come from multiple advertisements stating that a company wants to save you from foreclosure. This scam allows fraudsters to take the equity out of your home. They may even try to evict you from your home and sell it. Learn more at Common Foreclosure Rescue and Loan Modification Scams under the FDIC Consumer Assistance Topics.

Ransomware
One cyber threat often discussed in the news is ransomware. Typically, this scam targets businesses, not individuals. Ransomware is a type of malware created to lock or encrypt files on an electronic device like a smart phone or computer. The sender of the ransomware then demands a ransom in exchange for unlocking or decrypting the information on your electronic device. The scammer typically threatens to publically disclose or sell the compromised information, if the ransom is not paid.

If you believe your business is a victim of a ransomware attack, contact law enforcement immediately. You can also contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service to report a ransomware attack and ask for assistance.

Maintaining your cybersecurity will help prevent you from being a victim of identity theft and potential financial loss. Staying current on the latest types of scams can help you to identify the risks and learn how avoid them, so you can protect yourself and your finances.

Additional Resources

FDIC Podcast: Banking on Innovation: Building a More Resilient Banking System

FDIC Consumer News: Beware It’s a Scam

FDIC Video: #FDICExplains Phishing

CISA: Ransomware 101

FDIC Press Release: Online Dating Scams

FCC: Auto Warranty Scams

For more help or information, go to FDIC.gov or call the FDIC toll-free at 1-877-ASK-FDIC (1-877-275-3342). Please send your story ideas or comments to consumeraffairs3@fdic.gov.

Protect Yourself from Identity Theft

Think of how many times a day you share your personal information. You may write a check at the local grocery store, apply for a credit card, make a call on your cell phone, charge tickets to a Milwaukee Bucks game, mail your tax return or buy tickets over the Internet.

With each transaction, you share your personal information: your bank and credit card account numbers, your income, your Social Security number, your name, address and phone number.

In 1998, Congress passed a law, making identity theft a federal crime. The U.S. Secret Service, FBI and U.S. Postal Inspection Service investigate violations of the Act. Persons accused of identity theft are prosecuted by the Department of Justice.

Wisconsin also has passed legislation, making identity theft a felony, and criminals here have been convicted of the crime.

Consumer complaints about identity theft continue to grow. More than 40 percent of all complaints filed with the U.S. Federal Trade Commission last year were for identity theft.

Unless you live your life in a bubble, you can’t prevent the stealing of your personal information, but you can minimize the risks of this crime happening to you by following these suggestions:

Never divulge information about your Social Security number, credit card number, account passwords and other personal information unless you initiate contact with a person or company you know and trust.

Don’t carry around more checks, credit cards and other bank items than you really need. Don’t carry your Social Security number in your wallet, and be sure to pick passwords and PINs (personal identification numbers) that will be tough for someone to figure out. Don’t write your Social Security number on your check.

Protect your incoming and outgoing mail, especially envelopes that may contain checks, credit card applications or other information valuable to a fraud artist. Deposit outgoing mail, especially something containing personal financial information in the official Post Office collection boxes, hand it to the mail carrier or take it to the local post office instead of leaving it in your home mailbox.

Before discarding credit card applications, cancelled checks, bank statements or other information useful to an identity thief, tear them up as best you can, preferably by using a paper shredder.

Safely store extra checks, credit cards and documents that list your Social Security number.

Contact your financial institution immediately if you lose your checkbook or bank credit card, if there is a discrepancy in your records, or if you notice something suspicious such as a missing payment or unauthorized withdrawals.

If your credit card bill doesn’t arrive on time, contact your credit card company. This could be a sign that someone has stolen your account information, changed your address and is making large charges in your name from another location.

Once a year, check your credit record with the three major credit bureaus. To order your report, call the following toll-free numbers: Equifax at 1-800-685-1111, Experian at 1-888-397-3742 and Trans Union at 1-800-888-4213

If you are a victim of identity theft, take the following steps:

Contact the fraud departments of each of the three major credit bureaus and request a “fraud alert” be placed on your file and that no new credit be granted without your approval.

Close any accounts that have been fraudulently accessed or opened.

File a local police report and get a copy of the report to your bank, credit card company or others that may need proof of the crime.

The Federal Trade Commission (FTC) is the federal clearinghouse for complaints by victims of identity theft. Although the FTC does not have the authority to bring criminal cases, it can assist victims by providing information to help resolve problems that can result from identity theft. Should you find yourself a victim of identity theft, you can file a complaint with the FTC by calling toll-free 1-877-ID-THEFT (1-877-438-4338).

Most of us assume that thieves are only interested in the cash in our wallet or purse, when in many cases, they are more interested in access to sensitive information that can be used to steal our identity. Use caution and don’t be the next victim of identity theft or other financial fraud.

Phishing

FTC Consumer Alert - How Not to Get Hooked by a Phishing Scam

Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: they go “phishing.”

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with — for example, your Internet Service Provider (ISP), bank, online payment service or even a government agency. The message usually says that you need to update or validate your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a website that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct web address. In any case, don’t cut and paste the link in the message.

Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins "https:" (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Antivirus software and a firewall can protect you from inadvertently accepting such unwanted files. Antivirus software scans incoming communications for troublesome files. Look for antivirus software that recognizes current viruses as well as older ones, effectively reverse the damage and update automatically. A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.

Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.

Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s identity theft website at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft.

Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam. The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

 


 

Some content requires Adobe Acrobat Reader to view.