6 Costly Holiday Scams and How to Avoid Them


Phishing scams, fake websites, and even fraudulent letters to Santa all have a way of turning holiday cheer into holiday blues.

The holidays are supposed to be a time of cheer and goodwill, but there are a lot of shady scammers out there ruining the most wonderful time of the year for the rest of us. Unfortunately, scams—especially online scams—abound during the holiday season.

From phishing emails to fake charity ploys, many scammers take advantage of our festive feelings of kindness and joy, hitting us when and where we least expect it. While Santa is sure to chastise these cyber-criminals with a stocking full of coal, that’s little consolation when you have to deal with identity theft, a computer full of malware, or a drained bank account when you just want to deck the halls.

The good news is that it’s pretty easy to fend off holiday scams, so long as you know how to spot them. With a little help from Emily Long, a security expert with A Secure Life (@ASecureLife), and Lou Ryan, CEO of the cybersecurity firm EdgeWave (@edgewave), we rounded up the six most common holiday scams you should keep your eyes peeled for.

1. Fake order confirmation emails.

Online shopping for holiday gifts has been on the rise for the past several years, and chances are you’ve been doing your fair share. So it while it might not be out of the ordinary to receive an order confirmation email from a store like Macy’s, Target, or Walmart, you should take a close look at every one you get.

Why? Scammers have been known to use fake order confirmation emails to get access to passwords, bank account numbers, and other sensitive data on your computer. This is achieved through a method of email and website spoofing called phishing: the hackers build an email that looks like it comes from a retailer and fill it with links that, if clicked on, will automatically download a .ZIP file containing malware that could seriously damage both your computer and your finances.

Even if you didn’t order anything recently, you’ll be tempted to click these links just to make sure someone hasn’t been using your credit cards to make online purchases, but you should never click on any links in any emails unless you’re positive they come from a legit retailer.

“Phishing scams attempt to trick you into clicking a link or open a message or attachment that either infects your device with malware or takes you to a site designed to steal personal information,” said Long. “This is related to holiday scams in that more people are looking for the best deals online during the holiday season—consumers spent $3.45 billion on Cyber Monday alone in 2016—and may be easily fooled by fake sites or false messages.”

Here are some steps for determining whether an order confirmation email is real or a cunning fake:

  • Real order confirmation emails will arrive seconds to minutes after you make a purchase. If this email arrived a day or week after you bought something, be cautious.
  • Double-check the sender’s address. An order confirmation from Target should have an @target.com email address. If it’s from a random address, don’t open it.
  • Hover over all links in the body of the email. If they’re not directing you to the official website of the retailer they’re claiming to be, do not click on them.

Ryan warns that falling for a phishing scam can have serious consequences:

“The effects of a successful phish include introduction of Ransomware to their system to encrypt and limit access to their files unless they pay the ransom, business email compromise (BEC), malware infections on the network, and credential-based theft so the hackers can use the stolen credentials to gain privileged access to systems, potentially leading to a data breach.”

2. Charity scams.

We reported last week on Inside Subprime—our breaking news blog devoted to the subprime financial industry—that Georgia Secretary of State Brian Kemp has been warning his citizens against falling for fake charity scams during the holidays.

“As we approach the holiday season, Georgians begin looking for ways to lend a helping hand to those in need,” said Kemp. “Unfortunately, bad actors view this time of year as the perfect opportunity to scam well-meaning donors. Before you open your checkbook, do your homework to make sure your donation will reach the intended recipients.”

Charity scams are an issue year-round, but can really ramp up during the holiday season.

“By phone, the goal [of a charity scam] is to get the victim to agree to donate and give up their credit card information,” said Ryan. “This can be achieved through a technique called ‘spoofing.’ Even with Caller ID, it can be made to appear that the call is coming from a legitimate charity, although the call is actually being made by a scammer. By email, the goal is to get the consumer to visit a website and make a donation which never goes to the actual charity. If successful, the scammer has gotten a non-refundable and hard-to-trace financial donation or worse yet, access to your credit card information to use for other future purchases.”

If you’re approached via email, phone, or on the street by someone asking you to donate to a charity, make sure you double check that they will actually be donating your money, and not keeping it to fund their dream of becoming a cat fashion photographer. If you’re confused, check out Give.org, which compiles detailed reports on all legitimate charities, grading them on governance, effectiveness, finances, and solicitation efforts.

3. ‘Letter from Santa’ scams.

Scammers have been pulling this scheme on unsuspecting parents for a few years. According to the Better Business Bureau, this is how it works:

  • You get an email selling a “Handwritten letter from Santa to Your Child.” It encourages you to make your child’s holiday by purchasing “Santa’s special package” for $19.99.
  • You click on the link, and it takes you to a website. The site promises the special package contains an “official” nice-list certification and customized letter from Santa. There’s even a free shipping special that ends (not coincidentally) in just few hours. You decide to purchase and enter your credit card information.
  • Don’t do it! In the best case, you are simply out the $19.99. In the worst case scenario, you just shared your credit card information with scammers, who can now use it for identity theft.
  • In another version of this scam, the site promises a free letter from Santa. It doesn’t request any credit card information, but it does require plenty of personal information, such as your full name, address, and phone number. Theses sites can then turn around and sell your personal information to spammers.

A much better option? Write your kid a letter yourself! It costs nothing, and you won’t be putting yourself at risk of identity theft in the process.

4. Holiday job scams.

If you need to make a little extra cash this holiday season, you may be on the lookout for a seasonal job. Many retailers hire temporary workers to handle the influx of shoppers stocking up on Christmas presents for friends, family, and the one coworker that they got in Secret Santa.

But don’t apply to every job you see without a second glance. Fake job scams can be used to steal your personal information, or even steal your hard-earned cash with the promise of future payback. Whether you’re job-hunting for a seasonal job or for something more permanent, it always pays to remember these tips from ZipRecruiter:

  • No legitimate job will ever make you pay money upfront. If a company is asking you to buy something or pay them for the cost of a background check or “training,” run!
  • Check online for information about the company. They should have a website and maybe some reviews on Glassdoor, LinkedIn, Google, or the BBB. If they’re not giving you their company name, they’re not legit.
  • Check the job description for typos and grammatical errors. If the job is real, they will have taken care to edit the job listing.
  • Don’t get suckered into high-pressure, snap-second “investments.” If something seems too good to be true, it probably is.

5. “Secret Sister” social media gift exchange scams.

Have you seen any posts like this one on your social media feed?

secretsister 2

These “gift exchanges” sound like a lot of fun. Buy one $10 gift and get back six to 36 of your own gifts? What a steal! Well, “steal” is right, because that’s exactly what’s happening here: you’re getting robbed. This is a modern-day example of the age-old practice of cain letters, which are actually illegal here in the U.S.

Heed this advice from the U.S. Postal Inspection Service:

“Chain letters don’t work because the promise that all participants in a chain letter will be winners is mathematically impossible. Also, many people participate, but do not send money to the person at the top of the list. Some others create a chain letter that lists their name numerous times—in various forms with different addressee. So, in reality, all the money in a chain is going to one person.”

3. Lookalike website scams.

Equifax, the scandal-ridden credit bureau whose lax online security compromised the personal information of millions of Americans, was recently in the news (again) for accidentally linking to a spoof website, designed to look exactly like the real thing.

Luckily for Equifax customers, the spoof website was made by someone who wanted to educate them on what Equifax was doing, but most lookalike sites have much more sinister intentions.

Scammers can create entire websites that look exactly like a legitimate retailer, in the hopes that you’ll mistake it for the real thing and provide them with your credit card number, address, and other personal info.

“If a fake website is designed well, then to the naked eye, most consumers may not be able to easily spot a fake from a real website,” said Ryan. “A fake website is successful if it has the ‘attention to detail’ to look like the real  website that it’s designed to impersonate.”

However, Ryan says there are clues to be on the lookout for:

  • The site uses an incorrect URL: “The link in the email doesn’t match the real URL that you would otherwise directly type into your browser”
  • The site asks for your banking information: “Real institutions don’t ask for that as part of a web page login”
  • The site displays low-resolution images
  • The site is rife with misspelled words
  • The site is not a secure site, meaning it’s “HTTP:” and not “HTTPS:”

“Consumers should take the extra minute or two to think critically before they enter their personal information or make a purchase, and there are a couple of easy-to-spot clues,” said Long. “I would always err on the side of caution and skepticism before clicking a link, opening an attachment, or entering information on a site, no matter how innocuous it may seem, as it’s a lot harder and more costly to undo the damage of phishing scams and identity theft once they occur than it is to do your due diligence or to find a product or deal on a legit site.”

What can you do if you’re a victim of a holiday scam?

Despite our best efforts, sometimes the scammers come out victorious. But getting caught in a holiday scam doesn’t have to dampen your spirit. Long says anyone who thinks they’ve been the victim of a scam should reach out to the FTC and record a complaint.

“Although in many cases money lost can’t be recovered, victims can and should take steps to protect their identities and personal information going forward,” Long said. “Identity theft monitoring services are a good place to start—at the very least, keep an eye on credit reports and bank statements for signs of fraudulent activity. Update passwords and remove cached credit card info from any online shopping sites.”
Ryan listed a few more options for consumers who think they’ve been hit by a holiday scam:
But at the end of the day, Long says the best offense against holiday scams is a good defense:
“When it comes to scams and identity theft, prevention and precautions are the best protection!”

Have you been victimized by a holiday scammer? We want to hear from you! You can email us or you can find us on Facebook and Twitter.

Visit OppLoans on YouTube | Facebook | Twitter | LinkedIN | Google+

emily long headshotEmily Long is a security expert with A Secure Life (@ASecureLife). She loves to geek out on new tech gadgets. When she isn’t writing about security and smart tech, she can be found teaching yoga, road tripping, or hiking in the mountains
RyanLou Ryan brings over 20 years of executive leadership to his position as Executive Chairman of the Board at EdgeWave (@edgewave). Mr. Ryan became a member of the company’s Board of Directors upon completion of the merger of St. Bernard Software, Inc. with Sand Hill IT Security Acquisition Corp. in July 2006, and has served as Chairman of the Board of Directors since June 2008. Mr. Ryan’s extensive background in the technology industry includes roles as a co-founder and/or executive in several technology startups including Delrina and Living VideoText, which were both sold to Symantec Corp., and Entercept Security Technology, which was sold to McAfee Inc.

3 Identity Theft Warning Signs

identity theft warning signs

If you see a purchase on your credit card statement that you don’t remember making, you might be a victim of identity theft.

As cyber attacks and data breaches occur more and more frequently, the risk of losing your digital identity to theft increases. This is why you need to know both the warning signs, as well as the best ways to protect against it.

Otherwise, you and your credit score could be in for a whole world of hurt.

1. Denied credit.

Robert Siciliano, CEO of IDTheftSecurity.com (@RobertSiciliano) says, “A sure sign of identity theft is when you are denied credit. Once a consumer checks their credit report and sees unauthorized accounts that means their identity has effectively been stolen.”

Sage Singleton, safety expert at Safewise (@SafeWise) agrees that a clear warning sign of having your identity stolen is “if you are denied [for a loan or credit card] and you know you have good credit.” A good credit score takes hard work and discipline to maintain, and yet a stolen identity could cause untold damage to your score.

In fact, seeing an abrupt drop in your score is another good reason to request a copy of your credit report and look for signs of theft. You can request a free copy of your credit report once a year from each of the three major credit bureaus: Experian, TransUnion, and Equifax. To order a copy of your report, just visit www.AnnualCreditReport.com. (Did we mention that it’s free?)

And if you have bad credit, well, you can find solace in the fact that your financial identity is not a prime target for scammers. It’s not much of a silver lining, but it’s better than nothing, right?

2. Unknown charges or statements.

If you’ve ever had your purse or wallet stolen, you’ve probably seen a bunch of charges immediately show up on your account. Thieves in those situations usually head straight to the nearest electronics or jewelry store and spend as much money as they can before the card is canceled by the owner.

When someone steals your identity, the results can be pretty similar. Not only will the thief use your information to apply for new loans and cards, they can also make purchases on the cards you already have. The only difference is that, unlike a pickpocket, they’ll probably be a little more subtle about it.

According to Siciliano, a person who “receives bills for products and services they did not order or they are called on by a lender or creditor for unpaid loans,” is very likely a victim of identity theft.

“If you notice an error on your bank statement, talk to your financial institution immediately. It may be a simple error or it could be a sign of identity theft,” says Singleton.

Likewise, it’s important that you keep an eye out for the statements that arrive in your email inbox and your actual mailbox. Singleton says that “If you receive any statement from an unknown account, your identity may have been stolen and the thief may have opened many accounts in your name.”

Now, of course, there’s always a chance that you made that purchase or applied for that credit card and simply don’t remember it. Who among us has not started a free trial of Tidal so that we could listen to the new Beyonce/Kanye/Jay-Z album and then forgotten to cancel it in time?

Still, it’s a good idea to keep on top of both your purchases made and the financial statements being sent to you. If fraud is being committed using your information, that’s where the evidence will likely surface.

3. Gone phishing.

No not that kind of phishing. The other kind.

According to lawyer, author, and identity theft expert Steve Weisman (@Scamicide), “One of the most common ways that we become victims of identity theft is by clicking on links in emails or text messages that contain malware that enables the identity thief to gain access to all of the information in our phones or computers and use it to make us a victim of identity theft.”

Weisman says that you should “Recognize the dangers of phishing and the more tailored spear phishing and never click on a link unless you have confirmed that the communication is legitimate,” adding that you should also “Make sure you have good security software on all of your electronic devices and keep it up to date with the latest security patches.”

Lastly, he has another recommendation that will deter hackers and identity thieves from targeting you in the first place:

“Limit the amount of personal information you provide on social media.  This information can be used by a clever identity thief to create a spear phishing email or text message to you that you trust and lure you to click on a link infected with malware.”

Ways to Protect Your Identity

Of course, what good are knowing the warnings signs of identity theft if you don’t also know how to protect your information?

Don’t worry. We’ve got you covered.

Store, Shred, and Protect

Someone looking to steal your identity doesn’t need to be a world-class hacker with five computer screens and a hard drive the size of a Buick. Lots of times, all they would need to do in order to nab your financial info is go through your trash

“It may seem obvious,” says Singleton, “but it’s important to keep sensitive documents secured in a fireproof safe. Never leave important documents in your car or laying on the counter of your kitchen. When you no longer need a document, make sure to shred it and dispose of it safely.”

She also recommends that you empty your mailbox daily:

“Utility bills often include personal information. As such, it’s important to empty your mailbox daily so thieves can’t scavenge your mail and steal your identity.”

The same principles hold true for your Social Security number. Keep it close to your chest and try to limit the number of documents that carry it. The more pieces of paper or computer files out there that carry your SSN, the greater the odds that a hacker can get their grubby little hands on your identity.

“The most important thing you can do to protect yourself from identity theft is to guard the privacy of your Social Security number which is the most valuable piece of personal information for an identity thief,” says Weisman.

“Don’t provide it merely because it is asked for by anyone for identification purposes unless absolutely necessary.  Your primary care physician does not need it although many ask for it.”

Keep on top of your statements.

“Check your financial statements regularly,” says Singleton. “Look for irregular transactions and notify your bank immediately if you see something suspicious. The sooner you catch an error, the easier it is to prevent identity theft.”

She also recommends that you “Enable security alerts on your financial accounts. Set up auto security alerts on your bank cards that notify you of any purchase. You will get a notification to your phone or email detailing purchases.”

“This is an easy way to keep track of your spending and be notified immediately if something is wrong.”

Consider a credit freeze.

According to Siciliano, “The most effective way to prevent this type of fraud is via investing in identity theft protection services and what’s called a credit freeze. A credit freeze locks down your credit report so lines of credit cannot be opened unless you thaw your credit.”

Weisman also suggests a credit freeze to prevent identity theft. He says that putting on a freeze will make sure that “even if an identity thief has your Social Security number and other personal information about you, he or she cannot gain access to your credit report to get credit or make large purchases in your name.”

If you want to place a freeze on your credit report, you will need to contact each of the credit bureaus directly and pay a small fee.

(For more information about credit freezes, you can read Weisman’s entry on his Scamicide blog.)

Protect Your Passwords

Another recommendation from Singleton is to “Keep passwords in a secure place and change them often. Don’t use the same password for every account and create strong, unique passwords.”

“Hackers are extremely tech-savvy and can crack weak passwords (like your maiden name, birth date or anniversary) and access your information easily. Don’t write your password down on a notepad near your computer.”

“If you must write it down,” says Singleton, “store it in a safe location.”

What to do if you have your identity stolen

“If you think you have become a victim of identity theft,” says Weisman, “you should file a police report and contact each of the three major credit reporting bureaus to inform them that they have erroneous information in your credit report and demand an investigation and the removal of the deleterious information from your credit report. Credit reports are critical documents because they are used not just by companies granting credit, but also by employers, insurance agencies, landlords and others.”

In cases where someone has used your identity to commit a crime, Weisman instructs you to “go to your local police department and District Attorney’s office to provide fingerprints and photo identification to show that you are a victim of identity theft and get a letter from the DA to keep with you in case you are ever stopped in the future in regard to a crime committed by someone in your name.”

Fixing a bad credit score is hard enough to enough to do on your own. You don’t need some cyber-criminal making it harder. Follow these steps and take care of your identity. It’s the only one you’ve got.

Have you had to deal with having your identity stolen? We want to hear about it! You can email us at OppLoansBlog@OppLoans.com or find us on Twitter at @OppLoans.

Visit OppLoans on YouTube | Facebook | Twitter | LinkedIN | Google+

Robert Siciliano (@RobertSiciliano) is a #1 Best-Selling Author and CEO of IDTheftSecurity.com which is funny, but serious about teaching you and your audience fraud prevention and personal security. Robert is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus. His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure. Your audience will walk away as experts in identity theft prevention, online reputation management, online privacy and data security.
Sage Singleton (@SafeWise) is a safety expert for SafeWise. She enjoys teaching, individuals, families and communities about safe home and lifestyle habits. In her free time, she enjoys wedding planning, traveling and learning French.
Steve Weisman (@Scamicide) is a lawyer, college professor at Bentley University and author.  He is one of the country’s leading experts in identity theft.  His most recent book is “Identity Theft Alert.”  He also writes the blog scamicide.com where he provides daily updated information about the latest scams and identity theft schemes.

Don’t Let a Phishing Scam Lead to Bad Credit!

Phishing Scam

Fixing your bad credit is hard work. Falling victim to a phishing scam could send you back to square one.

When you think about the phrase “cyber warfare”, you’re probably picturing something from the movies: sexy, leather-clad tech geniuses furiously typing away on five computers at once or a sexy, leather-clad black-ops master daringly sneaking into a high-tech compound or a sexy, leather-clad—you get the idea.

But the reality of most cyber warfare is that most of it relies on much simpler methods.

Two weeks ago, a massive cyber attack struck hundreds of thousands of computers across the globe. Details are still emerging but it’s known that the “ransomware” used to perpetrate the attack was delivered primarily by an email.

That’s right: an email.

Hackers can literally just send an email to their targets. If you open the email and click a link inside, then you’ve just welcomed hackers into your not-so-carefully-guarded system.

This is a “phishing” attack. It’s been around for a long time and it can be notoriously damaging. Unlike other financial scammers (looking at you, payday and title lenders) these hackers don’t have their victims permission. In a phishing attack, hackers steal a person’s identity—including all their financial data. While the victim is sitting quietly at home, the hacker can max out their credit cards, drain their bank accounts, and generally ruin the victim’s financial well-being.

If you’re someone who’s working hard to fix their bad credit, falling for phishing scam could undo all that good work—or even make your credit worse than it was to begin with.

How does a phishing scam work?

“It’s called a phishing attack, and yes, it’s a play on words,” says identity theft expert and CEO of IDTheftSecurity.com Robert Siciliano (@RobertSiciliano). “When you fish, you throw a hook and worm into the water and hope you catch something. Hackers do the same when they phish.”

“Except, their hook and worm, in this case, is an interesting looking email that they hope you are going to click on… it’s then, that they can reel you in.”

According to Siciliano, there are a couple different ways that phishing scammers can get your information:

  • Spoofed websites: “Hackers phish by using social engineering. Basically, they will send a scam email that leads to a website that looks very familiar. However, it’s actually a spoof, or imitation, that is designed to collect credit card data, usernames, and passwords.”
  • Phishing “in the middle”: “With this type of phishing, a cybercriminal will create a place on the internet that will essentially collect, or capture, the information you are sending to a legitimate website.”
  • Phishing by Pharming: “With phishing by pharming, the bad guys set up a spoof website, and redirect traffic from other legitimate sites to the spoof site.”
  • Phishing leading to a virus: “This is probably the worst phish as it can give a criminal full control over your device. The socially engineered phish is designed to get you to click a link to infect your device.”

The website for the National Cyber Security Alliance, StaySafeOnline.org (@StaySafeOnline), has tons of resources to help consumers maintain their digital privacy and, well, stay safe online! In their article titled “Spam and Phishing,” they identify “spear phishing” as another common tactic:

“Spear phishing is highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems.

For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.

How can you identify a phishing scam?

The key to phishing scams is the emails look like they’re legitimate. The email might appear to be from Amazon asking you to “update your credit card information” or it could be from your best friend telling you to “click this link and check out this cool new site.”

However, there are always going to be signs that something “phishy” is up.

Amit Bareket is the CEO & Co-Founder of SaverVPN (@SaferVPN), a leading VPN and security provider. Here are some of his tips for how to spot the “irregularities” that identify a phishing email.

Spelling & Grammar Errors: “Cybercriminals are not known for their grammar and spelling. Professional organizations usually have a staff of editors that wouldn’t allow a mass email to have any mistakes. So, if you see a suspicious email with incorrect spelling and/or grammar, be attentive that this could be a scam.”

Multiple Links: “If you see a link in a suspicious email message, be sure not to click on it. You can rest your mouse over the link and see if the address matches the hyperlink in the email.”

Threats: “Cybercriminals will often use expressions or threats that your security has been compromised in the hopes the links they’ve included will be clicked on. For example, it could say something like: ‘If you don’t fill out this application your account will be blocked.’”

Spoof of popular websites: “Scammers will often use images or graphics that appear on popular websites, that when clicked on will bring you to a phony site.”

Can You Protect Yourself from Phishing?

“Yes” says Siciliano. “The standard rule is ‘don’t click links in the body of email.’

“That being said, there are emails you can click the link and others you shouldn’t. For example, if I’ve just signed up for a new website and a confirmation email is then sent to me, I’ll click that link. Or if I’m in ongoing dialog with a trusted colleague who needs me to click a link, I will.”

“Otherwise, I don’t click links in email promotions, ads or even e-statements. I’ll go directly to the website via my password manager or a Google search,” he says.

Likewise, Bareket’s advice for what you should do in the face of a phishing emails is to “delete, delete, delete, as well as report and block the sender’s address.”

On StaySafeOnline.org, The National Cyber Security Alliance makes the following recommendations:

“When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.

“Think before you act: Be wary of communications that implore you to act immediately, offers something that sounds too good to be true or asks for personal information.

“Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music”). On many sites, you can even use spaces!

Unique account, unique password:  Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.

Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.”

If you fall for a phishing scam, here’s what to do:

First of all, don’t beat yourself up. These scams are designed to trick people. There’s no shame in being taken advantage of by a con artist.

Besides, if you’re feeling dumb, just remember the esteemed psychotherapist who fell for the old “Nigerian Prince” email scam. If someone like that can fall for it, anyone can.

Next, follow these tips provided by Bareket:

  • Change your passwords.
  • Notify the credit agencies.
  • Contact your Credit Card companies to explain the situation and freeze or cancel them.
  • Update your software and run a comprehensive virus scan. Additionally, you should use encryption and ensure you have a firewall enabled.
  • Check and monitor your accounts regularly.
  • Report the email scam in places such as the National Fraud Information Center.

StaySafeOnline.org also recommends filing a report with your local police department, as well as the Federal Trade Commission or the FBI’s Internet Crime Complaint Center.

Businesses need to watch out too!

If you’re small business owner, or just worried about what a phishing/ransomware scam could do to the place that signs your paychecks, then here’s some advice from Adnan Raja, Vice President of Marketing at Atlantic.Net (@AtlanticNet), a trusted web hosting provider:

“There are many steps these organizations can take to protect themselves from ransomware attacks. On many occasions these attacks succeed because employees haven’t been properly trained to recognize (and avoid) suspicious links or email attachments. Proper email security training, as well as establishing better rules for email attachments and which users are allowed to run executable files and install software can go a long way toward bolstering your defenses against a ransomware attack.

“Other better and more thoughtful security practices can protect your organization against these ransomware attack vectors. Multi-factor authentication helps ensure that only your authorized employees can access your network. Two-factor authentication should be applied not only to your VPN but to your organization’s LinkedIn and Google accounts and other online accounts as well.

“Better password management (including using password management tools such as KeePass) will also prove helpful in locking down your infrastructure. Autonomous offsite backup is a must, and network monitoring solutions to throw up an alarm if thousands of files suddenly start modifying themselves in the middle of the night can alert you soon enough to head off the worst of the damages if a ransomware attack hits you.”

Repairing the credit damage from a phishing scam could take years. While the chances of getting hit with one might feel remote—it’s still wise to take the precautions we’ve laid out. You only have one identity, after all. Take care of it.

Visit OppLoans on YouTube | Facebook | Twitter | LinkedIN | Google+

Amit Bareket is the CEO & Co-Founder of SaverVPN (@SaferVPN). Amit is a cyber expert with extensive experience in system architecture and software development. He is the author of seven patents issued by the USPTO for storage, mobile applications and user interface. Prior to SaferVPN, Amit served in the Israel Defense Force’s elite intelligence unit and then went on to work as a Software Engineer for major enterprises including IBM XIV Storage and BigBand Networks. He graduated Cum Laude with a B.Sc. in Computer Science and Economics from Tel Aviv University.
The National Cyber Security Alliance (NCSA) (@StaySafeOnline) is the nation’s leading non-profit organization in promoting cyber safety and digital privacy. NCSA’s core efforts include National Cyber Security Awareness Month (October); Data Privacy Day (January 28) and STOP. THINK. CONNECT.™, the global online safety awareness and education campaign cofounded by NCSA and the Anti Phishing Working Group, with federal government leadership from DHS. You can visit their site at staysafeonline.org
Adnan Raja is the Vice President of Marketing for Atlantic.Net (@AtlanticNet), a trusted web hosting solution for businesses seeking enterprise level data centers, specializing in Cloud, Dedicated, HIPAA-Compliant, and Managed hosting services.
Robert Siciliano (@RobertSiciliano) is a #1 Best-Selling Author and CEO of IDTheftSecurity.com. IDTheftSecurity.com is funny, but serious about teaching you and your audience fraud prevention and personal security. Robert is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure. Your audience will walk away as experts in identity theft prevention, online reputation management, online privacy and data security.

How to Protect Yourself From Phone Scams

How to Protect Yourself From Phone Scams

Ring ring! What’s that unknown number calling you? Could it be… a scammer?!
Phone scams are on the rise and it’s getting so bad, law enforcement agencies are having to issue regular warnings.

What’s the solution? Do we give up telephones entirely? Maybe we could set up a network of smoke signals and bike messengers who have all been sworn to protect the integrity of the messages they carry with their lives.

Or you could just take this advice from the experts we spoke to.

Take it easy

Scammers know that a nervous person isn’t a careful person. They’d be less likely to succeed if they called you up, told you they needed $1,000, and gave you a few days to think on it. That’s why scammers will try to weaponize urgency, and why you shouldn’t let it get to you.

Nick Santora, CEO of cyber security firm Curricula (@Curricula), offered this advice: “One of the ways to protect yourself is to understand any inbound call can be suspicious, especially when asking for any personal information. The caller might use a sense of urgency to get you to give out your personal information. They will ask questions that they already ‘know’ the answer for you to confirm, but are really just making you give away your information. It is easy to be tricked or manipulated on a phone call.

“Depending on the information you give to the scammer, you may be at risk for being applied for financial accounts or other services using your personal information. Your identity may also be at risk along with other personally identifiable information.

“To protect against these risks, do not respond to any sense of urgency request, especially via an unsolicited phone call. If you are unsure, hang up and call the main public line of any service requesting information.”

Build up your defenses

The only thing better than handling scammers smartly is never having to talk to scammers in the first place. That’s why Justin Lavelle, chief communications officer for beenverified.com (@BeenVerified), suggests you take the following steps as soon as you can:

“Do register with the Do Not Call Registry. Although the Do Not Call Registry isn’t always consistent, it’s important to register with them to help eliminate a good portion of calls. If you’ve been on the Do Not Call Registry for a month or longer and still get calls, file a complaint with the FTC. It doesn’t take long, and sometimes enough complaints can get policy changed. Report illegal robocalls to the Federal Trade Commission at consumercomplaints.fcc.gov or call 888-225-5322.

“If you’re constantly being called by the same few numbers, consider blocking them. A variety of apps and services, many of them free, make it possible to cut down on unwanted calls on some landline and mobile phones (both Android and iOS). They work by blocking them, alerting you to a possible robocall, or forwarding suspicious calls to voicemail.

“Set-up an ‘anonymous call rejection’ option. Call your phone provider to find out if this option is available for your landline. It lets you screen out calls from callers who have blocked their caller ID information—a tactic of telemarketers.

“Sign-up for Nomorobo. Nomorobo uses a “simultaneous ring” service that detects and blocks robocalls on a blacklist of known offender numbers. Similar to the Do Not Call Registry, it’s not infallible but adds a layer of protection. It’s free for landlines and subscription based for mobile.

“Check your caller ID. If you do not recognize the phone number on your caller ID, do not answer the phone. Let it go to voicemail or the answering machine. Most telemarketers will hang up and not leave a message. If it’s important, the caller will leave a message. If you answer and there’s a pause, that’s often an indication of a robocall, and you should simply hang up. Never follow the automated voice asking you to press 1. Do not push any numbers to reach a live operator, this signifies that the autodialer has reached a live number and this will probably lead to more robocalls.

“Block incoming numbers on your cell phone. Most cell phone providers allow you to block an incoming number to your cell. After the call comes in, follow your provider’s instructions for blocking the number from calling you again.

“Download a call-screening app to your cell phone. To help with robo telemarketing calls and robo spam texts to your cell phone, get a call-screening app like Truecaller or PrivacyStar that screens and blocks them.

“Sign the Consumer Union Petition at EndRobocalls.org to pressure phone companies to start offering free call-blocking technology.

“Check the WhitePages.com. Use the online telephone directory WhitePages.com to look up a phone number you’re unsure about. The site will let you know the scam potential of the phone number you’re checking on even if it doesn’t have the company name listed.

“Give out your phone numbers sparingly. Resist the urge to provide a phone number unless it’s absolutely necessary. Just because you’re asked for it, doesn’t mean you’re required to provide it.”

The above tips will help you build a moat around the castle that is your phone.

Know your enemy

In addition to protecting your phone, you should familiarize yourself with some of the most common scams so you know exactly what to do when those crooks come a ringin’. Consumer advocate and scam expert Tom Antion (@TomAntion) gave us a rundown of some common hoaxes to watch out for so you’ll be prepared:

‘Never say Yes’

“Never say ‘Yes’ to an unknown caller. Say, ‘Who’s calling?’ or ‘What are you calling about?’ If you say ‘Yes’ to anything, they record you saying yes and then edit that audio into another audio asking if you agree to certain charges for BS services. You have to really train yourself to do this because they may ask for ‘Joe’ and you say, ‘You must have the wrong number. There isn’t any Joe here.’ Then the scammer says, I’m calling (says your number). Is that your number?’ as soon as you say ‘Yes’ they have you and hang up.

‘Can You Hear Me Now?’

Another one is a perky, sweet sounding girl supposedly fiddling with her headset. Can you hear me? if you say ‘Yes’, you’ve been had. In that one it’s not even a real girl. It’s a robo call.

‘One Ring Scam’

Another scam is where the phone rings once. If you call back it’s a US mainland ‘looking’ number, but actually located in a foreign country and you’ll be charged enormous rates as they try to keep you on the phone for as long as possible running up your bill which they get a portion of similar to the 900 numbers of the past.


Short for SMS Phishing. This is similar to “phishing through email where the bad people are trying to get you to click on a link so they can download a virus or trojan horse to steal your identity. Don’t click on anything from an unknown person texting you and don’t even click on something that appears to be from your bank, Amex, Visa, Paypal, etc. Call the entity directly to see if there is something wrong with your account.

‘Lottery Scams’

You are told you hit the lottery or won a big prize and you just have to pay the taxes. You send the ‘tax’ money. There is no winnings. Guess what. If you didn’t play a lottery or join a contest, you ain’t gonna win. :)

‘Grandparents Scam’

You get an urgent call from a young person on a static sounding line who says ‘Gramma. I’m in big trouble. I got in an accident.’ The grandparent may say, ‘Jimmy, is that you?’ Now the scammers have the grandchild’s name. Jimmy says to Gramma, ‘Here’s the lawyer.’ An authoritative person gets on the phone telling the grandparent Jimmy is in pretty big trouble and is probably going to jail. Then the attorney needs immediate funds to represent Jimmy and keep him out of jail. The grandparent is instructed to go to Walmart, a drugstore, western union etc and send untraceable cash… Which of course, disappears. Alert everyone in your family about this scam especially any elderly people and tell them what to do and who to call to see if ‘Jimmy’ is ok or not.

‘Utility Scam’

You are called and told you have an outstanding utility bill and a representative will be there shortly to disconnect your power, gas, etc. unless you pay him cash when he gets there. Utilities don’t operate like this. Keep your door locked and call 911 for police assistance and call the utility company to tell them too.


Any 3rd grader can use a spoof service and make the caller ID that shows up when your phone rings look like it’s the IRS, FBI, your local sheriff dept. etc. An example would be Spoofcard.com. The number may actually be the real number of the sheriff, FBI etc, but when you call them back to check, most likely unless you’re on the most wanted list, they won’t be looking for you.

‘Microsoft Scam’

This is where somehow you’ve gotten a virus and a Microsoft window pops up after locking up your computer. The pop-up has a phone number for you to call to get it fixed. Do not call the number. Look up a reputable computer repair and pay them to fix it and then be careful what you click on and what sites you visit in the future.

“In addition to these scams, scammers are using intimidation techniques to scare people into paying. If you don’t pay up, they are using Google Earth to look at your house and call you with an identifying feature as if they are outside waiting to get you… ‘Your house has the blue door and we’re going to bust it down if you don’t pay.’”

Robert Siciliano (@RobertSiciliano), CEO of IDTheftSecurity.com, offered up his own list of scams to watch out for, including the prize and grandparent scams:

“Don’t assume you’ll never be targeted by phone scammers just because you don’t have a cell phone; they continue to feast on landline users, especially those over 50.

‘This is the IRS…’

  • Drill this into your head: The IRS never calls to collect back taxes. NEVER.
  • A common ploy is to threaten that the listener will go to prison if they don’t pay up immediately.
  • If you really do owe taxes, the IRS will contact you alright—but via snail mail, not a phone call, text or e-mail.
  • Scam calls may also sound professional with no threats and may be a pre-recorded woman’s voice.
  • Scammers can make the caller ID show ‘IRS.’

Charities and Fundraisers

  • A call comes from the fraudster, claiming he represents a charity and wants your donation. The con artist may even say he’s with the local police department.
  • Want to help mankind? Hang up on the caller and give to a reputable foundation or give out homemade sack lunches to the homeless.
  • Go online and search the organization in question to verify they’re legit.
  • If the call has an automated message, hang up immediately.
  • A legitimate organization will not request your Social Security number or personal financial information.

‘You’ve won a prize!’

  • No, you haven’t. These are scams; hang up.

Tech support never calls you…

  • You must call them first. So if you get a call from ‘tech support’ asking for personal information, it’s a scam. Geek squads don’t just up and call people.
  • A call about installing an update is a scam.
  • Scammers can make the caller ID show ‘Microsoft.’

‘Hi Grandma, it’s your favorite grandson!’

  • If relatives call asking for money, hang up and call them to verify that said caller is really your relative.

Avoiding Scam Calls

  • Must you answer the phone every time it rings? It’s perfectly legal to ignore a ringing phone.
  • If your phone has caller block, input numbers from suspected scammers. Next time they call, there’ll be barely one ring, then the caller will be blocked.”

Whatever may come

Even with these tips, you’ll still need to be wary. Scammers can be very creative and are coming up with new traps all the time. Richard Lowe (@richardlowejr), the former director of computer operations for Trader Joe’s, told us about one creative scam he encountered:

“Scammers can look through your social media and can thus find out a lot about you. Or, as in one instance that I experienced, they can hack an account and pretend to be someone you know.

“In this instance, the night before, I had just met a lady and we used our phones to friend on Facebook. The next morning I received a Facebook message from her, claiming that she was in London and lost all her money and was in terrible straits. She gave me a beautiful sob story. Of course, I knew it was a scammer … it’s not possible that she got from California to London overnight. But if that had not been the case, the scammer might have had more luck. She knew everything about the lady, because she had access to her account.”

Lowe also affirmed that the IRS will never call you and that you shouldn’t be taken in by a phone call claiming urgency. He recommended hanging up and calling the alleged institution’s number from their website, to be certain you’ll be speaking to a real representative.

And the risks are real. “You can lose a LOT of money if you fall for the scam and keep working through it,” Lowe warned, “And, in the case of scams aimed at businesses, you could cost your company thousands or even millions of dollars.”

And you can be sure that if you’re already struggling with bad credit, getting ripped off is just going to make it even worse.

It’s a scary world out there, but take all of this advice to heart and keep your wits about you, and you’ll outsmart every scammer who comes your way.

Visit OppLoans on YouTube | Facebook | Twitter | LinkedIN | Google+


Tom Antion (@TomAntion) is an Internet Multimillionaire, consumer advocate, and scam expert. He’s the creator of the TV show “ScamBrigade” Scambrigade.com which is currently with a major Hollywood production company being sold to the Networks.

Justin Lavelle is a Scams Prevention Expert and the Chief Communications Officer of BeenVerified (@BeenVerified). BeenVerified is a leading source of online background checks and contact information. It helps people discover, understand and use public data in their everyday lives and can provide peace of mind by offering a fast, easy and affordable way to do background checks on potential dates. BeenVerified allows individuals to find more information about people, phone numbers, email addresses and property records. beenverified.com

Richard Lowe Jr (@richardlowejr) is a bestselling author who has published 63 books, ghostwritten 12 books, and produced several hundred articles for blogs and publications. He is the owner and senior writer of The Writing King, which provides services such as ghostwriting, book coaching, WordPress implementation, blogging and copywriting.

Nick Santora is the CEO of Curricula (@Curricula), which helps teach organizations how to not get hacked. Curricula delivers short animated stories through their cyber security awareness training platform. Nick spent 7 years as a cyber security advisor for the agency that regulates our nation’s power grid.

Robert Siciliano (@RobertSiciliano) is a #1 Best-Selling Author and CEO of IDTheftSecurity.com. IDTheftSecurity.com is funny, but serious about teaching you and your audience fraud prevention and personal security. Robert is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure. Your audience will walk away as experts in identity theft prevention, online reputation management, online privacy and data security.