6 Steps to Avoiding Black Friday Scams

November 21, 2011

The onslaught of holiday advertisements is in full swing, flooding mailboxes, inboxes, TV, websites, and mobile phones, and these ads will continue increasing until all last minute shopping has been done as retailers try to squeeze out every possible dollar in holiday revenue. And then there will be the after-holiday sales…

Chances are you will be among the 90% of consumers who say they expect to shop for gifts online this year, a 1% increase over last year. You might even be among the 15% who are expected to purchase gifts through a mobile device [i].  In fact, 60% of smartphone or tablet owners plan to use their device for a range of holiday shopping purposes this year, according to a new report by Prosper Mobile Insights.

This report indicates that among respondents saying they will use their mobile device for shopping this season, 60% expect to use their device as a “mobile mall,” with 56.7% primarily using their device to plan and research purchases, and one-third will use them to make at least 50% of their holiday purchases.

Whether you are shopping for others or for yourself, knowing how to get a great deal takes a lot more than just looking at the price tag.

Fortunately, learning 6 basic precautions will turn you into a savvy and much safer online shopper.

  1. Start with a secure internet environment. If your computer, tablet or cell phone isn’t protected from viruses and other malware your financial information and passwords will be stolen as you make purchases (as will everything else you store on your computer or do online). This concept is so basic, yet far less than half of the US population adequately protects their computers – and only 4% have security protection on their tablets or smartphones[ii].
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. If the cost of security software is prohibitive, at least use one of the free services available – just search on ‘best free antivirus’, and ‘best free mobile antivirus’ to see your options. If you don’t think you need mobile security software consider this; BullGuard security identified 2,500 different types of mobile malware in 2010[iii].
    2. Secure your internet connection. Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, search for ‘best free firewall’. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
  2. Identify trustworthy companies. You need to either know the company – or know their reputation.
    1. If you already know the store, shopping their online store is very safe. If there’s a problem you can always walk into the local store for help. If you already know the online store’s reputation you will also be very safe.
    2. If you don’t know the store, it may still be the best option; you just need to take a few more steps. Search online for reviews from other users to see what their experiences were with the company, and conduct a background check by looking at sites that review e-stores (for example, Epinions, BizRate, Better Business Bureau). If the store isn’t listed as a legitimate site by one of these sources, or the store has a lot of negative reviews, DON’T SHOP THERE. It’s that easy.
  3. Know how to avoid scams. The holiday season is primetime for email and web scammers because they know millions of people will be spending billions of dollars online. To give you a sense of just how much money changes hands, last December (2010), $32.6 Billion dollars were spent on internet shopping sites[iv].  The best way to avoid scams is simple. NEVER, ever, click on a link in an email or on website advertisement no matter how reputable the host website or email sender may be. The website ad or email may be a really good fake, or the website or email account may have been hijacked by spammers. Instead, use a search engine and find the deal or store yourself – if you can’t find the deal on the legitimate store’s site you know that ‘offer’ was a scam. Click here to learn more about identifying scams.
  4. Protect personal information. Many ecommerce and mobile commerce sites encourage you to create a user account, but unless you truly plan to shop there often you’ll be better off not doing so. If you do choose to create a profile, do not let the store keep your financial information on file. All you really need to purchase something should be your name, mailing address, and your payment information.
    1. If the merchant asks for more information – like your bank account, social security, or driver’s license numbers, NEVER provide these. Some reputable companies will ask additional questions about your interests, but these should always be optional and you should be cautious about providing responses.
    2. Keep in mind that the company may not have strong security measures in place. The lack of strong security precautions in many companies is a real concern. Huge companies like Sony have been hacked multiple times and consumer’s passwords, names and financial information has been stolen. And unfortunately, many smaller businesses have even fewer safeguards in place to protect your data – so give them as little as possible! To learn more about these risks, see Small Business Owners Suffer from False Sense of Cyber Security.
  5. Make payments safely using a credit card or well respected payment service. Credit card purchases limit your liability to no more than $50 of unauthorized charges if your financial information is stolen, and the money in your bank account is untouched. Most debit cards do not offer this protection – and even when they do, you’re the one out of funds in the meantime. However, you probably don’t have a credit card, so striking a deal with a parent or guardian to put the charges on their card – with you handing them the cash – may be a good option.  Or, you can use a payment service like PayPal that hides your financial information from the online store and can be set up to take money out of your bank account. Do not use checks, cashier’s checks, wire transfers, or money orders as these carry high risks for fraud.
  6. Do your research. Just because a store claims to have the lowest price, doesn’t mean they actually have the best deal.
    1. Comparing the advertised price of an item doesn’t give you the full picture. You have to look at the final price – that includes any shipping, handling or taxes to see which deal may be really be the better bargain.  Some companies show lower prices, but make up the discount by charging high shipping fees.
    2. Check the company’s return policy. Some companies charge fairly steep return fees for shipping and restocking, so if you think the item may be returned factor this into the price as well.
    3. Look for online coupons or discounts. Lots of stores offer special deals if you just take the time to look for them. Typing the store’s name and ‘coupon’ is usually all it takes to discover whether extra discounts may apply.  
    4. No matter how great the ‘deal’ if you can’t afford it or it’s over your budget, it isn’t a deal. Learning financial responsibility now will set you up for financial security for the rest of your lives. And in spite of all the glittery ads, many of the best gifts don’t cost money.


Happy shopping!



$100 Billion-A-Year Medical Care Fraud

January 17, 2010

Healthcare fraud is big business. Last year scammers and organized crime groups bilked an estimated $100 billion last year according to a new article Health care: A ‘goldmine’ for fraudsters from CNNMoney.com.

Medical Identity theft is the most lucrative aspect of the medical fraud business, and the most common method of gaining access to personal medical records is when someone with legitimate access to the data sells the information to criminals. But that’s changing.

According to the CNN article “Increasingly, criminal groups are hacking into digital medical records so that they can steal money from the $450 billion, 44-million-beneficiary Medicare system — making the government, by far, the “single biggest victim” of health care fraud, according to Rob Montemorra, chief of the FBI’s Health Care Fraud Unit.”

To learn more about the risks you face when your medical records go online, see my blogs:

While the government is the “single biggest victim”, every individual whose records are stolen will feel the pain.

The most common way scammers and criminals make their money is by sending in false bills to insurance companies and Medicare for medicines, equipment, in-home health care, or treatments that were not prescribed or requested.  Criminals also ‘resell’ an individual’s medical records to an uninsured person in need of medical care.

While the aim of the criminals behind medical ID theft and fraud is to steal money, the tampering with your medical information can place you at serious risk if doctors base medical decisions about your care on the falsified information in your file.

The government isn’t the only one footing the bill. In addition to the indirect costs to the government and insurance companies that every consumer pays for medical fraud, the average cost to an individual victim of medical ID theft was close to $1,200 according to Javelin Strategy & Research, a research firm specializing in trends in security and fraud initiatives. Javelin’s research also found that in 2008 the average incident of health care identity fraud netted the criminal $19,000, which is four times the earnings of overall ID theft.

In addition to the risk to your medical records, these thieves also gain access to the information that accompanies your records – including your name, address, phone number, social security number, insurance company, and more – placing you at high risk for traditional ID theft as well.

Stay vigilant

Always check your insurance benefits statements to see if there are charges or claims that are not yours. Notify your insurance company if your financial ID has been stolen, and notify your financial institutions if your medical ID has been stolen.


Techniques Used By Fraudsters On Social Networking Sites

October 20, 2009

Repost: Originally posted and prepared by the Internet Crime Complaint Center (IC3)

Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques.

  • One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue, which needs to be resolved.
  • Other spam entices users to download an application or view a video.
  • Some spam appears to be sent from users’ “friends”, giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.
  • Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software.
  • Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your “friends” list, instructing them to download the new application too.

Infected users are often unknowingly spreading additional malware by having infected Web sites posted on their Webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.

Tips on avoiding these tactics:

  • Adjust Web site privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.
  • Be selective of your friends. Once selected, your “friends” can access any information marked as “viewable by all friends.”
  • You can select those who have “limited” access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.
  • Disable options and then open them one by one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site.
  • If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.
  • Be careful what you click on. Just because someone posts a link or video to their “wall” does not mean it is safe.

Those interested in becoming a user of a social networking site and/or current users are recommended to familiarize themselves with the site’s policies and procedures before encountering such a problem.

Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.

Individuals who experienced such incidents are encouraged to file a complaint at http://www.IC3.gov reporting the incident.


What the Fraud!

September 2, 2009

The following article is the first interview in a series between Jessica Walker who rites Safer in the City for SaferDates.com and Linda Criddle. SaferDates will be running interview segments twice a week on their site or the next few weeks.

What the Fraud!

“Safer in the City” by Jessica Walker

Segment One

Jessica: What should our members do to prevent their identity and or financial information (i.e. credit cards, account numbers) from being stolen on or offline?

Linda: A few key steps can make a real difference in protecting your identity and financial information.

Consider what information about you is online – Search to find the total set of information that you – and others – have shared about you online. What have you posted, friends posted, family members, employers, schools, groups, associations, clubs, teams, and church groups, posted?  If you donate to charities, do their sites place your name and amount of donation on their sites? Have you ever posted a resume? (There is nothing wrong in posting resumes, but restrict contact and address information until you’re actually interviewing, and TAKE IT DOWN when you’ve landed the job!). Check online county records; if you own property find out how much information is available on you and your property – I’ve seen cases where in addition to the basic information, the registrar’s office also displays information about floor plans, and loan papers – which include the name of the lending institution, the loan number, and people’s SSN’s and signatures.  Look to see if they show power of attorney documents, what information is available on your birth certificate, and of any children’s birth certificates. If previously married and divorced what information can be gleaned from these records? Once you have a firm understanding of your footprint of possible exposure, work to remove, or have removed, any information that you don’t feel is appropriate. Discuss with others where your privacy boundaries are so that they do not over-share about you, and ask others for their boundaries so you can be respectful of their safety and privacy needs as well.

Secure your computer. If your computer isn’t protected from viruses and other malware your financial information, your passwords, and everything else you store on your computer or do online will be abused. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use one of the excellent free services.

Use strong passwords. Passwords do not have to be hard to remember, just hard to guess. Never use information about yourself as a password. They need to be long (8 or more characters) and use uppercase, lowercase, numbers and symbols. This isn’t hard to do. For example text messaging short-codes can really help make this easy – 2BorNot2B? (To be or not to be, that is the question) or MaybeL8r (maybe later).

Check your credit history and freeze your credit. I’d guess that less than 10% of people consistently check their credit histories to ensure nothing is damaging their credit scores. By law, you have the right to three FREE reports each year. You may choose to pay to have a company monitor your credit for you, but unless you’ve had real trouble with ID theft in the past this is probably not a necessary expense. If you are not actively seeking a line of credit now or in the next month, freeze your credit. This is one of the simplest things you can do, but a step that few actually take. This blocks anyone from taking out a loan or opening a new credit card in your name. It’s easy to do – contact one of the credit bureaus – and is either free or low cost depending on their criteria.

Only purchase from reputable online stores. The price may be cheaper at a store with no reputation, but you don’t want to gamble with your financial information. To find out if a store has a good reputation, the Better Business Bureau has an online site where you should be able to look up this information. Keep all purchase confirmation emails in case you need to dispute something.

Beware of scams. Far too many people ‘give’ away their information to criminals by falling for scams in email and on the web. NEVER use a link provided to you to get to a site, find the URL yourself. You want to be in the drivers seat when going to sites online – that way you end up where you intended to, not on a clever fake site.

Physical world requirements. In addition to the safety steps above, physical items need additional protections. Shred financial documents; far too many people are careless with financial materials yet more ID theft is still carried out the good old dumpster diving way. Protect your possessions like your wallet and purse because a significant amount of ID theft is done by someone the victim knows, including parents, siblings, children and close friends.