Cyber scammers are always on the prowl, but it pays to be especially vigilant this time of year. According to Experian, one in four Americans—or 24%—reported that they fell victim to fraud during the holidays.¹ And a surge in online shopping throughout the pandemic helped open the door to the rising wave of cyber fraud. Also, people are often distracted during the holidays as they seek the next great bargain, which can make them more vulnerable. According to the World Economic Forum, 95% of cybersecurity incidents can be traced back to human error.² Practicing good cybersecurity hygiene, exercising caution, and being aware of common schemes can help keep cyber scammers and fraudsters at bay.

Types of cyber scams

While fraudsters will try almost anything—from impersonating a bank representative to making threatening calls about past-due taxes to the IRS—the holiday shopping season is a peak period for various cyber scams:

• The holiday e-card scam. Leave it to the scammers to try to ruin the festive mood of the holidays by sending you a phony greeting card. The subject line might say, “Happy Holidays from…” but if you follow the link in the email, the gift they’re really giving you is probably malware or a computer virus to steal your personal information.
• Pre-paid gift card scam. Several different types of scams involve gift cards because they have less protection than credit cards, and scammers are less likely to get caught. The thing to know is, if anyone asks for payment with a pre-paid gift card, then it’s probably a scam. Gift cards are for giving, not for transactions.
• Fake charities. A phony charity generally pretends to do real work through their social media presence, but the money goes into the pockets of the charity’s creator. Always check to see if the charity is registered, and you should also review for any misspellings in the URL in case the scammer is trying to mimic a legitimate charity organization. Fake charity scams are more prevalent after disasters and during the holidays when people are in a giving mood.
• Phony delivery notifications. A text message or email saying it’s from the postal service, a retailer like Amazon, or a delivery company could very well be a scammer. When you follow the link and reschedule the delivery for a $1 fee, the scammer steals credit card information.
• Fake account expiration email. If you receive an email notice that says a password or account has expired, it’s probably a scammer trying to get your personal or financial information once you log in.
• Identity theft.³ An identity thief takes financial information from wherever they can attain it and commits fraud by taking out a loan, getting a tax refund, or even paying medical bills.

Avoiding cyber scams

Be sure you know who you’re buying from or selling to when shopping online. Ensure a website isn’t fraudulent by checking each website’s URL to make sure it’s legitimate and secure; a site you’re buying from should have https in the web address. If it doesn’t, don’t enter your information. Protecting your identity means using secure passwords and setting alerts on your credit reports. Lastly, to avoid the perils of fake holiday e-cards and other email scams, never click on links unless you’re 100% sure the sender is legitimate.

If you do fall victim to a cyber scam, take decisive steps, like contacting your financial institution and disputing the charges.

Never take things at face value, especially when receiving communications from people you don’t know. Scammers want to trick and deceive you out of information and money. Email addresses, phone numbers, videos, and even your voice can be spoofed. Moreover, Trust But Verify is no longer sufficient in today’s world of rising cybercrime. The better motto is Never Trust, Always Verify.