Holiday scams to be aware of, and how to protect yourself

ByMichael Finney and Justin Mendoza via KGO logo
Thursday, December 5, 2019
EMBED <>More Videos

7 On Your Side's Michael Finney spoke to Adam Levin, CyberScout Founder and Chairman, about the top holiday scams and how to protect yourself on Dec. 4, 2019.

SAN FRANCISCO (KGO) -- The Department of Homeland Security encourages people to be aware of potential holiday scams especially when browsing or shopping online.

So, what are the top consumer scams this holiday season, and how do you protect yourself?

7 On Your Side's Michael Finney spoke to Adam Levin, CyberScout Founder and Chairman, about the top holiday scams and how to protect yourself.

In an email on Wednesday, Levin, former Director of the New Jersey Division of Consumer Affairs, sent 7 On Your Side additional information on scams including "ishings" and "e-skimming."


Phishing "Dear Shopper"

Spearphishing "Dear Justin"

Vishing Phone based phishing

Smishing Text based phishing

Rule: Never authenticate yourself to anyone that contacts you. Only provide personal information if you are in control of the interaction and they are trying to protect you by confirming that you are you.

Never send sensitive information in an email or text.

Enable 2 factor authentication on every account you can so that you will know if someone attempts to access your accounts as if they were you.

If you receive an email from an eCommerce retailer like Amazon or UPS or FEDEX that says there is a problem with your purchase which requires you to click a link or open an attachment, do not click! Contact the customer service department directly.

The holiday season is fraud season. Protect your personal data and finances by being on high alert for scams and following these tips:


There is a spike in e-skimming this holiday season. Unlike ATM skimming, where you may be able to see the hardware, e-skimming takes a virtual approach that is much harder to detect and is less risky for the criminal.

Hackers insert malicious code onto websites to steal personal and credit card data.

Tip: Consumers can protect their personal data and finances by going to trusted sites, enabling two-factor authentication for all connected devices, using long and strong passwords that are unique to the websites and accounts.

Use a credit card instead of debit card when online shopping. Most credit cards provide zero liability if you do become the victim of fraud-unlike debit cards. Enable transaction monitoring alerts on all your accounts that can check for fraud related activity in real time.

Fake Shopping Apps

Watch out for clone apps that may look like they are from your favorite retailer, but are really infected with malware and designed to steal your personal and financial data.

Tip: Avoid third party apps, read reviews and download apps from the official app store.

Gift Card Fraud

Gift card fraud always spikes during the holiday season. Fraudsters will copy the codes off the back of gift cards before they've purchased and then wait for them to be activated to drain the funds.

Tip: Look at the back of the card to ensure the area with the protective scratch-off has not been tampered with. Buy cards from behind the counter and don't buy gift cards from third parties.

Phishing Emails and E-Card Scams

Beware of special online promotions. You think you are getting the discount of a lifetime or an exclusive offer, but this is a phishing attack. When you click on the link, you have just downloaded malware.

Tip: Don't click on links, attachments via email or social media.

Holiday Travel Scams

Everyone makes plans to travel during the holidays to visit family and friends. Travelers need to beware of fake booking sites.

Tip: Don't book through a third party, use an official site to book your travel. Make sure the site has https with the padlock and a legitimate customer service number. Avoid using public WiFi in hotels and be on high alert for hotel scams like a late night call from the "front desk" to verify your reservation or the pizza flyer scam, where you call the number on the flyer and give out your credit card information only to realize you just gave this to a fraudster who took a big slice out of your wallet.

Bogus Holiday Hiring Scams

During the busy holiday shopping season, people are looking for temporary or seasonal work and scammers prey on this. Beware of work at home and mystery shopper ads. These are usually scams.

Tip: The key to landing a real seasonal job is to start early, research the company by going to their website or checking with the BBB and never give out your social security number to unsolicited callers.

Fake Charities

Consumers like to get into the spirit of the season and donate to their favorite charity. Consumers need to be on high alert for fake charities that may call or send letters dialing for dollars.

Tip: Research the charity before donating by going to sites like , or the Better Business Bureau. If you want to contribute, go to the official website or call the organization directly.

Social Media Gift Exchange

You may think by getting several gifts in exchange for one with "Secret Sisters," you are winning, but this is a digital pyramid scheme. Don't fall for this seasonal, illegal scam.

Tip: If you get this digital chain letter online, don't participate.

Porch Pirates

This may be a low tech scam, but it's on the rise during the holidays. Fraudsters are swiping packages right off of consumers' porches and leaving them empty handed for the holidays.

Tip: Invest in a video surveillance system where you can monitor your property. Change the shipping info and have packages delivered to the office, to a neighbor's house or have the US Post Office hold your packages for pick up.

Tips to stay cyber safe this holiday season:

Beware of Phishing Attacks - Online promotions via email, text or social media may look like a steal, but they could be a trap for fraudsters to do just that - steal your data and cash. Don't click on links or attachments.

Go to Legitimate Websites - Be on high alert for clone websites. Go to the official website of the retailer and look for the HTTPS and lock.

Avoid Third Party Apps - Use legitimate shopping apps by going to the official app stores. Look for bad reviews, spelling errors and don't download third party apps, which could be infected with malware.

Shop with Credit - When shopping online, use a credit card instead of debit card. With a credit card it's their money and 0 liability, with a debit card it's your money.

Don't Browse with Public WiFi - Avoid using public unsecured public WiFi, like at a cafe, mall or airport kiosk, especially for sensitive transactions. Use a VPN or Virtual Private Network that creates a safe and encrypted connection that guards against hackers.

Don't overshare on Social Media - Sharing holiday memories with family and friends online is great, but don't give hackers a digital key to hijack your life.

Secure Your Mobile Device - Make sure your mobile device is secured with the most up to date anti-virus software and that you are using a PIN to lock your phone. Use long and strong passwords that don't repeat across accounts and never save your user id and password. Use two factor authentication and biometrics where available.

Don't Fall for Imposter Scams - If you get an unsolicited call, email or text from a bank, credit card provider or government agency, hang up and don't respond. These organizations will NEVER ask for personal information or threaten you with jail time. Nor will they demand that you wire money, pay by payment card or Itunes card. Only authenticate yourself when you are in control of the conversation.

Check your credit - Check your accounts on a daily basis to look for any suspicious activity. Sign up for transaction monitoring alerts from your bank or credit card company to track any suspicious activity.

Manage the Damage - If you do become a victim of identity theft, manage the damage. Contact your insurance agent, financial institution or the HR department at your employer to see if they offer identity protection products and services as a perk of your relationship or as an employee benefit. You may be surprised to learn it's a perk of your relationship with the company and you are already protected, or it may be free to enroll or you can enroll at a minimal cost.

Take a look at more stories by Michael Finney and 7 On Your Side.