Fraudsters trying to steal money and personal information have varying approaches that usually include manipulating people or technology or both.
Sometimes a scam boils down to a skimmer being placed on a credit card reader to steal a card’s information. Other times callers convince individuals their grandchildren are in prison and need bail money.
“Technology is hard. People are easy. If you want to try to figure out a way through a variety of technical controls, it can be done…but the easier way is to find a way to talk people into simply giving you what you want,” said Dave Salisbury, a cybersecurity professor at the University of Dayton.
»RELATED: Retail vacancies reach new highs as holiday shopping approaches
The tactics include fear and a sense of urgency to pay money or hand over some piece of personal information to get out of a troubling situation, Salisbury said.
Scammers might say they’re with the IRS and have discovered someone owes $25,000 in taxes, but if they pay 10 percent now it will be forgiven.
Or scammers could send a blackmail-style email saying they have email and password login information and are going to release video footage from a webcam if money isn’t wired immediately.
“Every one is pretty standard. There’s something that they know about you, or they can kind of fake that they know about you … And then there’s an action that you have to take expeditiously or something bad is going to happen,” Salisbury said.
One of the ways scammers try to get money fast is through scam calls. Some of the calls are for charities and others claim to be a heating company, the IRS or law enforcement demanding quick payment.
Just last month Darke County resident Terry Huston, 65, got a call from someone who claimed to be David Wilson from Social Security. The man told him police found an abandoned rental car along the Ohio River with money, blood on the seats and drugs.
“I gave them my social security number to work with them because I know that happens in the police department sometimes. They try to scare,” Huston said. “As soon as I got done talking to him, I said ‘you goofed.’ I said how am I going to protect myself? So I immediately called my bank,” Huston said.
Now anyone that calls Huston’s bank branch with his Social Security number will be transferred to the local branch where he has a special password to make any changes.
Consumers who give away information they wish they hadn’t can also freeze their credit, North said. If credit is frozen, no new lines of credit can be taken out in an individuals name unless the credit is thawed with a unique code.
»RELATED: Stores offer deals earlier to attract holiday shoppers
In addition to social security and law enforcement-based phone scams, one of the most common around the holiday comes from scammers trying to take charity funds. Legitimate charities take in most of their donation in the last couple months of the year, North said, so its prime time for fraudsters to try to take a share.
“As we approach the holidays, while Americans are opening up their hearts, they’re also opening up their wallets,” North said. “Scammers know that, so they try to take advantage of that giving season as well.”
To make sure a charity is legitimate, North said consumers should ask a lot of questions including the nonprofit’s bottom line and how much of the donations go to the actual delivery of programs and services.
Some legitimate charities outsource fundraising and the third parties can charge sometimes up to 80 percent, North said.
Shopping online and emails
Meanwhile as shopping picks up around the holidays, so do scam emails that phish for consumers to click links and provide financial information. About 96% of cyber crimes begin over email, said Shawn Waldman, CEO and founder of Miamisburg-based Secure Cyber Defense.
“Being able to craft the perfect email that makes it look like Macy’s is giving away Kuerigs is very easy and everybody’s going to click on it,” he said. “Listen to your gut. Look out for those fake Black Friday sales.”
»RELATED: JCPenney’s new store format includes fitness classes, smart dressing rooms
Emails with bad grammar or generic greetings instead of a consumer’s real name are often giveaways of fraud, Waldman said.
Some emails around the holidays appear to be from legitimate delivery companies like the United Parcel Service or FedEx to track recent purchases.
“We’re all used to tracking packages, and we’re going to be tracking packages during the holiday season,” North said. “You may get an email from what alleges to be the United States Postal Service, asking you to click on a link….You click on a link, they download malware into your computer, they steal personal information, they get access to your contacts to replicate that fraud.
To avoid clicking on a bad link, Waldman said to hover over a hyperlink to make sure it’s going to the website of a legitimate company.
When malware is downloaded into a computer, some pop-ups might appear offering to help clean out the system and get rid of viruses. Many times these are also scams.
Earlier this year Trotwood resident Rhonda Cortner was working on her computer when it started beeping and a pop-up virus alert suggested she call a number to help get rid of the issues. She called and tried to pay $513.86 for lifetime coverage of her computer.
The man on the phone asked her to pay via check, but she tried to pay with a credit card that wasn’t accepted. She called her bank to help make the purchase go through and they alerted her it may be a scam.
Other scam pop-up windows may show up while online shopping that offer help with the checkout process, said Natalie Dunlevey, president of National Processing Solutions.
“They say ‘we can help you right now. We can take your payment right now in this chat room.’ Absolutely not,” Dunlevey said. “You never give your information in a chat room.”
Dunlevey said shoppers should never give any information over a website that doesn’t contain the letters ‘https’ in the address bar as well as the padlock symbol. Sites without those items are not secure.
Credit, debit and gift cards
In addition to watching online shopping security, both Dunlevey and Waldman recommended using credit cards over debit cards because its more likely money will be returned in case of fraudulent purchases.
“The credit card companies won’t insure your purchase if you use a debit card, so rule number one is to always use a credit card. Since its the holiday, maybe try to get just a shopping credit card, a separate card with a lower balance,” Waldman said. “This is the time of year that you’ve got to be really careful about your charges and watching to make sure there are no fraudulent charges.”
Checking often is important, Dunlevey said. It’s a lot easier to dispute a pending transaction than one that has already gone through.
Using gas pumps close to the building and ATMs in well-lit busy areas is also best, North said, because the ones in darker areas further away from employees are the ones most likely to be tampered with.
»RELATED: Target releases Black Friday ad with preview sale this weekend
“At the end of the day, your data has already been breached. What you’re needing to understand is that you and your data live in a contested environment,” Salisbury said. “You have to assume that you are under attack.”
Using a credit card that’s better insured can also help in the instance of a data breach while in a store or online. Using unique passwords for all sites and accounts that have sensitive information will help one breached account from leading to many, Salisbury said.
Freezing credit can also help prevent fraud if personal information is captured.
“We’ve seen over the years, even the biggest retailers in the world have become vulnerable because people have hacked into their computers and gained access to our personal information,” North said. “It’s always important to not just guard your information but know how your information is being used.”
Buying gift cards can also be concerning, Dunlevey said. It’s best to buy directly from a retailer or behind a counter rather than from a kiosk in a store’s aisles.
“There’s a little scratch off on the back. You have to make sure that that is intact because if it has been scratched off somebody has put the information into a program and as soon as that gets swiped at the checkout line, they have access to that money,” Dunlevey said.
FIVE FAST READS
• Popular Dayton sports complex makes a comeback following tornado
• Needmore Kroger closing comes at ‘vulnerable time’ following tornadoes
• Average airfare at Dayton airport among top five most expensive
• Here’s what to expect with your home heating prices this winter
•Winter season expected to be mild in Ohio
Ways to protect yourself
Use credit cards instead of debit
Check for broken or loose pieces on card readers
Use unique passwords on all accounts
Check for the “s” on “https” web site addresses, and a lock sign, before entering information on websites
Don’t take online quizzes/games that request information that are common security questions
Freeze your credit
Check URLs before clicking them in emails
Check closely who the email is from
Look for grammatical errors in emails that might be scams
Beware of urgency in calls
Know that the IRS won’t call or email for information
Check email address on https://haveibeenpwned.com/
Install multi-factor authentication