It's the first week of December, and most of us are already knee-deep in the hustle and bustle of the holidays. But while we're perpetually preoccupied with holiday shopping, tree-trimming, and cookie-baking, cyber criminals are laser-focused on taking advantage of our distraction.
The scammers' word du jour is "fake." As in fake mobile apps, fake invoices, and fake news. Fraudster elves are working hard to create incredibly believable imitations of the real thing, hoping that we'll be so busy that we won't think before we download, click, pay or share.
Cyber Monday 2016 shattered records for online shopping with over $3.45 billion in purchases. A lot of these purchases were made using iPhone mobile apps from stores like Amazon, Target, Belk, Dillard's and Dollar Tree. The problem, though, is that the Dillard's and Dollar Tree apps were counterfeit. These stores don't have official apps registered in the iTunes store.
Although Apple tries to vet new apps before making them available in the store, savvy scammers create fakes that are so sophisticated that they slip through the cracks. They may also offer links to "apps" in the text of emails. Fraudsters are hoping you'll download the app (maybe for a big limited-time discount) and enter personal financial information, like your debit or credit card number or a frequently-used password.
What to watch for: Our friends at KnowB4 recommend that you never download an app via an email; always visit iTunes or Google Play and look at the reviews for the app (very few reviews or bad reviews are always red flags). Also, look for misspelled words (like "Footlocke" instead of "Footlocker") or logos that just don't look quite right.
This scam usually targets businesses that fraudsters believe will be too big or busy to scrutinize every invoice that drops into the accounts payable box. However, consumers can also fall victim to this scam, which is simply an authentic-enough-looking demand for payment (via paper or electronic invoice) for products and/or services that you never authorized.
What to watch for: If the invoice or billing statement looks legitimate but you know you didn't authorize the purchase, contact the company to rule out a simple mistake or misunderstanding. (NOTE: If you an unauthorized debit has hit your bank account, always contact your financial institution immediately).
Be sure to check the invoice for misspelled words, sketchy graphics and logos, unusual locations or monetary units...just anything that looks out of place. Try reaching out to the company by phone and searching online for references to the company using the words "scam" or "invoice" in your query. Last, but certainly not least, contact your local Better Business Bureau to report the scam.
With so many sources of online information it's hard to know what is truly "news" and what is fiction...especially in such a highly-charged election year. Several reputable news outlets have even suggested that fake news may have greatly influenced voters in November. Some of these fake news sites may include obscure disclosures that their content is purposely "satirical" while others blatantly pose as legitimate news outlets. The outlets' motives vary from publicity to paid ad revenue to acting as "click bait" to get you to download malware.
What to watch for: The Huffington Post recently published nine recommendations for recognizing a fake news story, including checking out the author, outlet and publish date and time; looking for reputable links, sources, quotes and photos; and simply reading past the headline before sharing the news with others on your own news feed.
The last thing you need this holiday season is to become a victim of financial fraud or panic about a news item that is truly fake. So while you're focusing on family, fun and festivities, be sure to keep an eye out for fraud. That's the kind of holiday surprise no one wants to unwrap.