'Tis the season to be jolly — but not if fraudsters get their way. Bogus gift cards, delivery scams, calls from the "IRS," and other desperate acts of deception skyrocket during the holiday season, probably because we're busy and not as aware of scams as we usually would be. Scammers are more successful when we're not paying attention!
Last year, the FBI warned us of holiday scams as criminals geared up for a "busy season." But this year, the problem could be far, far worse. As the COVID-19 pandemic shows no signs of slowing down, more of us will be shopping online than last year. (There will be two years' worth of growth this season, according to one estimate.)
With increased online shopping comes more scams. All those times you type your email address or phone number when ordering something? This only increases the chances of your data ending up in the wrong hands. And you have no clue who's sharing that data. There'll be the usual flurry of phone, SMS, and email scams this year—the "calling from your bank" scam, the "student loan" scam, the "computer repair" scam, etc.—but there are some fresh new tricks that you might fall for.
But it's not all doom and gloom. People who are aware of scams are 80% less likely to be scammed. And that's pretty good odds. Throw in a spam call and SMS blocker like Robokiller, and you'll be well on your way to 100%. In this guide to holiday scams for 2020, we tell you the swindles to look out for and reveal how you can stop scams for good.
It's normal for shipping notifications to show up in our email inboxes, especially at this time of year. But how do we know if these notifications are legit? There have been hundreds of thousands of "delivery scams" since the summer—emails that look like they come from mail carriers and parcel delivery services like FedEx but originate from fraudsters trying to steal cash.
Here's an example of a delivery scam, seemingly from FedEx:
Your FedEx package with tracking code XX-0000-XX00 is waiting for you. Update your delivery preferences here.
Looks authentic, right? FedEx sends emails like this all the time. But if you click on the link in the email, malware downloads onto your computer or smartphone, tracking your internet browsing history and sending your details to fraudsters. The email is a scam. Here's another example. This time from "UPS."
UPS tried to deliver your parcel, but nobody was home. Click here to rearrange your delivery.
The email includes a link to malware too. Here's one last example from "Amazon:"
Because of COVID-19, your package is running late. We apologize. To make it up to you, here is $500 to spend at Amazon.
Sounds too good to be true? It is. And here's a FedEx worker warning us about delivery scams:
We know what you're thinking. How do scammers know there's a parcel on its way? They don't. But scammers predict our purchasing habits, especially in the run-up to the holiday season and in the middle of a pandemic when more of us are shopping from home. If fraudsters send 1 million spam emails tomorrow, there could be hundreds of thousands of people waiting for parcels. And thousands of these people could fall for a scam like those above. That's pretty good going for a little guesswork.
Fraudsters know that consumers like receiving delivery emails. These notifications tell us when the mail carrier has dispatched our order and how long it will take. In the run-up to the holiday season, this is of particular importance. (Grandma won't receive her Christmas gift by December 25 if the mailman doesn't deliver it on time!) So we're more likely to open delivery emails and click on the URLs inside them.
This is when scammers catch us off guard. Sometimes fraudsters take these scams offline, swapping emails for calls. (Phone calls are still the most common communication method for scams.) The premise is the same: There's been some kind of problem with your delivery and, for one reason or another, you need to provide your personal or financial details. If you have ordered nothing, fraudsters might try to convince you the package is a gift from a relative or friend, and you need to provide some details to claim it.
Other times delivery scams take place over SMS. The same thing happens: Scammers contact you about a delivery-related problem and ask you to do something like click on a URL or visit a website. The result is normally malware. Fraudsters love SMS because consumers are more likely to engage via text message than via a phone call.
There are other variations of the delivery scam. These are some examples:
Earn $300 while you drive with an Amazon Flex sticker on your vehicle. Click on the link to get started.
UPS wants to gift you a MacBook Pro. Provide your details so we can ship it to you right away.
We need you to confirm a time-slot for your delivery. Click here.
People fall for these scams all the time. Hard-working people. Intelligent people. People like you. Scammers have become far more sophisticated in recent years, and everybody's a potential victim. In 2019, consumers reportedly lost nearly $667 million to imposter scams, where fraudsters claim to be someone they're not, such as FedEx and Amazon workers. Don't think a delivery scam won't happen to you.
Lots of us enjoy a takeout over the holidays. (November through January 1 is typically a busy time for the restaurant industry.) And we rely on email and SMS notifications to tell us how long the restaurant will take to deliver our pizza or grilled cheese. But, sometimes, these notifications are fake, containing links to malware or malicious websites. Like with delivery notifications, hungry consumers welcome food delivery notifications. And this makes it easier to become the victim of a scam.
Again, fraudsters don't know that you've ordered a pizza, but they know lots of people order takeouts, especially during particular times—Friday evenings, Saturday evenings, New Year's Eve, etc. So they send out fake notifications to millions of people and, many times, get lucky.
Here's an example of a food delivery scam: (Clue: It's not really from Uber Eats!)
There's been a problem with your Uber Eats order. Please click here to update your details.
As you guessed, the URL in the message links to a website that downloads malware onto your computer or smartphone. Here's another example:
Your food is on its way! Click here to confirm your delivery address.
Yep, there's malware linked to this message too. Here's another example of a food delivery scam message:
You've won $50 in Uber Eats credit. Treat yourself to free food this holiday season! Claim your credit now!
Sorry to break it to you, but there's probably no free food. Here's an example of a person involved in an Uber Eats scam:
Funny. Just filled in my phone number for an account on the official @UberEats website. Seconds later I get a text with a fake payment link for a postal service (@bpost_nl) scam. Never had spam on that phone number before. Thanks guys! Pls check your 2FA text msg provider.... — Bloemist (@bloemist_) September 3, 2020
Like all spam messages, food delivery scams range in sophistication. Some might be easier to identify as fake messages than others. But some messages might include your name, address, and other personal details. It depends on what scammers already know about you.
Earlier this year, details of Uber Eats customers leaked onto the dark web after a security breach. These details include full names, contact numbers, trip details, bank card details, and account creation dates. Because of this breach, customers might receive phone calls from scammers searching for even more personal and financial information.
Americans give more money to good causes at the end of December than at any other time of year. With philanthropy on our minds during the holidays, scammers raising money for a "nonprofit" or "charity" can easily dupe us. Fake charitable solicitations can sound so realistic, you can see how fraudsters fool so many people. Scammers impersonate genuine charities year-round, but the problem is more pronounced during the holiday season when so many of us want to give to good causes.
Fraudsters exploit our vulnerabilities very easily. After a tough year for everyone, more of us will want to donate to charitable organizations this year, and scammers know this all too well. Recent trends include COVID-19-related scams, where fraudsters pretend to be from the World Health Organization (WHO) or charitable organizations and ask for money or account information.
Part of the spam problem is something called call spoofing, where scammers deliberately change the phone number they're calling from, making it appear as though the call is coming from a nonprofit or charity. The person on the other end of the phone appears genuine but has a hidden motive: To steal your money or personal information. "Ask the fundraiser for the charity’s exact name, web address, and mailing address, so you can confirm it later," says the Federal Trade Commission (FTC). "Some dishonest telemarketers use names that sound like large well-known charities to confuse you."
A fake charitable solicitation call might sound like this:
Hi. I'm calling on behalf of The Salvation Army. Would you be interested in making a small donation for the holidays?
We are raising money for local communities affected by the COVID-19 pandemic. Click here to donate.
If in doubt, donate to the nonprofit or charity directly instead of clicking on URLs in emails and text messages.
Robokiller is a powerful spam call and SMS blocker that prevents dangerous holiday scams like those above. You can stop fraudsters who pretend to be calling from parcel delivery companies, food delivery services, nonprofits, and charities. Here are the benefits of downloading Robokiller onto your Android or iPhone this holiday season: