12 Tips to Avoid Holiday Scams

12 Tips to Avoid Holiday Scams

We thought we'd put an identity protection spin on the song, "Twelve Days of Christmas."

Instead of offering partridges, turtledoves, French hens, and other delightful but somewhat impractical gifts, we have reliable tips to keep your good name and credit safe.

1.   Pay attention to website URLs. Online searches can lead you to scammer-run websites that unleash computer malware or collect credit card numbers for identity theft. Carefully read website domain names. Watch for unfamiliar vendors or missing letters, misspellings or other tweaks to the name of a legitimate company. Pay special attention to the last letters: For example, indicates a Mongolia-based website, not the legitimate website for Tiffany & Co.,

2.    Steer past sites that lack clear Terms and Conditions. Before ordering, check the “Contact Us” page for a phone number and physical address, and the “Term and Conditions” link detailing return policies and such. Unlike legitimate vendors, bogus websites are less likely to post these—or they’ll provide them in a suspicious manner, such as via a faxed request only.

3.    Avoid buying untended gift cards. Buy gift cards from a store’s attended Customer Service counter or its website, rather than display racks, which are less secure. Fraudsters can peel off stickers to glean gift card codes, replace them in envelopes and wait for an unsuspecting shopper to buy them. Once purchased and activated, they enter stolen codes at the retailer website to make online purchases—leaving the intended recipient with a useless card.

4.    Shop on https sites only. When buying online, don’t provide your credit card or other information on any page without an "https://" instead of merely "http://”. The “S” is for “secure.” Even with an “https://” avoid using public Wi-Fi hotspots for online shopping or other financial transactions.

5.    Beware of post-auction offers. When shopping at online auction sites, never trust offers that arrive after you’ve lost a bid, such as when a seller claims to offer you the merchandise off-site.

6.    Take care on Craigslist. At Craigslist or when answering classified ads, deal only with sellers who provide a phone number that you can verify. Don’t rely solely on email correspondence.  Assume any request for wire-transfer payment is a scam; also be suspicious of prepaid debit card transactions. Using Paypal or a credit card are your safest bets.

7.    Avoid deals that are too good to be true. Stay clear of prices from private sellers that are too good to be true or tied to hard-luck stories, such as a need to sell quickly because of divorce or military deployment. These are common scams to get advance payment—and you’ll likely get no merchandise.

8.    Beware of holiday e-cards from unnamed friends or admirers. Delete these if you don’t know the sender or even if they’re from These mass-sent greetings likely contain malware. Legitimate card notifications should include a confirmation code to safely open the card at the issuing website.

9.    Avoid emails claiming that FedEx, UPS, DHL or the U.S. Postal Service has an undeliverable package with links for details. The links will install malware that can log keystrokes to steal computer files and passwords. Unless you previously provided an email address, courier services won’t contact you this way.

10.    Don’t fall for a mailed postcard about an undeliverable package. Hmmm, funny that the courier has your address but couldn’t provide delivery. This scam baits you to call for details—at which point you’ll be tricked into making an expensive overseas call and/or to revealing your personal and financial information. Look up the callback number yourself if you’re curious.

11.    Be mindful of charity scams. Be suspicious of email solicitations unless you have previously provided your email address to a charity. Never give cash to charities. And request proof materials be provided and authenticated before providing a credit card to callers or a check to door-to-door solicitors.

12.    When giving or receiving computer devices, secure them with comprehensive security suite software before use. Do an online check of vendor reputations before installing mobile apps. When transferring files with a flash or portable hard drive, use a secure USB stick that encrypts information.

If you suspect you're a victim of identity theft, check with your providers. You may already be covered for identity management services through your financial institution, insurer or employer.

About Brett Montgomery   |     |  

Brett Montgomery is a fraud operations manager at CyberSecurity's Fraud Resolution Center.