(405) 919-9901

by Dave Moore, CISSP
12/04/2022

I received an unusual email today, one I was glad to see. The email’s subject line said, “Holiday fraud alert.”

Usually, when I see “alert” messages in my Inbox, they turn out to be based on a hoax. These messages often start when somebody’s Uncle Bob sees an alarming, scandalous story on some goofy website about the pink goo that Chicken McNuggets are actually made from, complete with photo (hoax), or that microwaved water will kill your houseplants (hoax).

Uncle Bob then, without checking the facts for himself, forwards the bogus “news alert” to all his friends, who then send it on to all their friends, who send it to everyone they know, and so on. Soon, the bogus “alert” has traveled around the world and is accepted by the unthinking masses as fact.

The alert I received today, though, was different. Not only was it a bona fide alert filled with useful information, but I was pleasantly surprised by who had sent me the email: my bank. The message read, in part:

“Holiday Season fraud alert. This holiday shopping season we want our customers to be aware of an accelerated fraud threat that exists in our State. Electronic calls (also known as robo-dialing) are being made fraudulently in an attempt to gain access to non-public personal information such as account information, check card numbers, credit card numbers and/or personal ID numbers (PIN).”

“Therefore, we want to remind you that representatives from our bank will never call and ask for this type of information. In the event of any fraud concern, one of our bankers will contact you personally. Our bank does not use automated calling services to reach our customers.”

The message went on to urge customers to call the bank directly if they have any questions about suspicious phone calls or emails. This is good advice. Never believe anything you hear or read in an unsolicited message without checking it out, first. When in doubt, do not hesitate to call your bank or credit card company directly (only call numbers you have verified first) and ask for clarification.

Other holiday season scams have been making the rounds, as they do every year. Phone call scams, using personal information harvested from the Internet, are becoming more popular with the bad guys. I still hear from customers every week or so about someone from the “Microsoft Technical Team” or the “Norton Security Division” calling and claiming to have detected problems over the Internet with someone’s computer, and insisting they need to grant remote access and control to these “experts” so the problems can be fixed. Go to youtube.com, search for “Dave Moore scamming the scammers” and you can see some of my adventures with this particular issue.

Holiday gift card scams are rampant, too. If you buy gift cards, examine them closely for tampering. Bar codes and activation scratch-off numbers should never be on stickers that can be peeled off. Never buy from people who demand you use a gift card. Says Jennifer Leach, assistant director of the FTC’s Division of Consumer and Business Education, “Anyone who demands payment by gift card is always, always, always a scammer.”

Examine online shopping websites carefully, especially the website address, to make sure it’s not a copy-cat scam site. There is only one amazon.com. Websites with addresses like “amazon-shop.com” are fakes.

Fake online charities are a problem, too. Make sure you are giving to legitimate charity websites, such as feedthechildren.org, redcross.org or goodwill.org. Investigate the charities you wish to support. For example, one well known legitimate charity, the Make a Wish Foundation, makes sure the the vast majority of donations actually go to help children. One the other hand, the copy-cat charity “Kids Wish Network” spends only three percent of donations on kids, according to The Center for Investigative Reporting.

Another prevalent scam, one some folks would say is even more insidious, is when scammers collect names and phone numbers found on the Internet belonging to senior citizens, and then call them on the phone, addressing them directly, using their real names. The scammers claim to be “Sergeant Jones from the Calgary Police Department,” or some other far-away place. They say the victim’s grandchild was kidnapped, managed to escape the kidnappers and is taking refuge at their police station. Could they please wire some money so the child can be sent home?

They then put a little boy or girl on the phone, even using the grandchild’s real name, which the scammers also found on the Internet. The child starts saying things like, “Grandma, I’m scared. I want to come home. Help me, please!” The whole presentation is very persuasive, and many well-meaning grandparents have been conned this way. I have witnessed this scam in person.

Be alert. Be safe. Do your own homework and don’t be fooled. Merry Christmas.

Dave Moore has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org