Mother’s Day is one of the biggest shopping holidays in the United States. Chances are that if you haven’t bought something by now, you’re scrambling – likely on the internet – to make sure that you don’t forget mom. Unfortunately, that could put you (and your mom) at risk for identity theft. Here’s what you need to know:
1. Be wary of e-cards or internet greeting cards. I love a paper greeting card, but as prices go up, the popularity of paper cards has gone down. As an alternative, you can send an e-card for free or for low cost, and it arrives in seconds. Sounds great, right?
Here’s the problem: fake e-cards. Hackers and scammers may send out links of their own, hoping that you’ll click. But instead of a cute dancing bear or heartfelt Mother’s Day wishes, you could end up with malware or spyware when you click. Malware, which is short for malicious software, typically does one of two things: infects your computer, slowing down or stopping normal functions, or steals personally identifying information by sending it back to a third party. Spyware allows can include a keystroke logger that sends login and other sensitive account information from any electronic device, including your mobile phone, to a third party.
Adam K. Levin, a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance, says that consumers should “Never trust, always verify.” Before you send an e-card, let the recipient know that it’s coming (I know, it blows the surprise, but it can help keep the recipient safe). Levin, a former Director of the New Jersey Division of Consumer Affairs, suggests that if you’re on the receiving end of an e-card and you weren’t expecting it, ask the person who sent you the e-card before you click. Don’t click before confirming that it’s a legitimate link.
2. Be cautious of the extras. When you send or receive an e-card or other messaging service on the web, you may be asked to sign up for more services. Sometimes, e-card providers might offer incentives if you become an email list subscriber or a member of their group. Be cautious when you are on such sites – especially if you followed a series of links to get to the site. The links could be fake, or the company could be phishing to gain access to your personal information or information from your friend lists. Don’t click through without verifying that it’s a legitimate site (it’s always best to start at a home page) and be cautious about allowing any companies, even a legitimate company, access to your contact lists, friend lists, and social media. If you’re not making a purchase, don’t offer up financial information like credit card or banking information.
3. Don’t give out your cell phone number like candy. When you sign up for free services, like e-cards or newsletters, it’s not unusual for companies to ask you for your name and your cell phone number. Don’t be so quick to hand over the latter. Levin says that cell phone numbers are the equivalent of today’s Social Security Numbers: everyone asks for it and it’s how you are identified. Your cell phone number is a valuable commodity because, as Levin points out, so much information is stored on mobile these days. When you give out your number to third parties, you may be vulnerable to “smishing” which is the new “phishing” – only done via text messaging. You should always be in control of any exchange over mobile: if you are responding or confirming your cell number from an exchange you didn’t initiate, you’re likely giving up too much information.
(For more on how a scammer builds a profile based on cell or other information, click here.)
4. Avoid fake flowers. No, I don’t mean silk flowers, I’m talking about fake websites set up to steal your personal information. Scammers may attempt to trick you into clicking through links to send a fabulous Mother’s Day flower bouquet. Levin cautions that if you are ordering flowers online, make sure the URL matches the shop’s website if you clicked through from anything other than your own search results. If you’re not certain, call the shop to make sure they are the real deal.
5. Beware of money for nothing. Fake coupons are the rounds again, most recently on Facebook. The classic scam is an offer for “dollars off” coupon from companies like Lowes or Bed Bath & Beyond if you share a link (typically on your Facebook timeline) or take a survey. If you click through, you’ll be asked to take a survey that solicits personal information and may ask you to take additional steps, like emailing or sharing what is, in reality, a worthless coupon. Levin, whose book, Swiped, tackles phishing schemes says the coupon may also be a phishing scheme where you click through to a site that looks like the real thing but is a fraudulent site that looks like the real thing, where you will be prompted to enter sensitive personal and financial information, including your credit card number.
Even if you don’t give out your credit card information, scammers and hackers can use your information to build a profile. Sometimes, it only takes a few pieces of information to cause a bigger problem. In 2015, thieves accessed taxpayer information at the Internal Revenue Service (IRS), including taxpayer filings dating back as much as five years, by using previously stolen Social Security numbers and other personally identifiable information gleaned from other sources.
Data like email addresses and cell phone numbers that can be matched up to other personally identifying information can also lead to significant identity theft. Identity theft, when someone uses your personal information such as your name, Social Security number (SSN) or other identifying information, without your permission, is often used by scammers to fraudulently file a tax return and claim a refund or to take out mortgages or open lines of credit in your name. Identity theft was labeled one of the IRS’ “Dirty Dozen Tax Scams For 2017.”
The bottom line? Be smart. Rely on verified sites and don’t click on links that you don’t recognize. Check for secure websites (look for the lock and https:) before making purchases. Don’t share deals and discounts that you don’t know to be legitimate – especially if they are tied to “too good to be true” deals. Even better? If you can, hand over that card or those flowers in person this Mother’s Day.
—
Adam K. Levin is a consumer advocate and former Director of the New Jersey Division of Consumer Affairs. is Chairman and founder of CyberScout (formerly IDT911) and co-founder of Credit.com. Adam Levin is the author of Amazon Best Selling Book “Swiped”, now out in paperback. “Swiped” debuted at #1 on the Amazon Bestsellers Hot New Releases List. Order your paperback copy today! Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.