Just in time to catch people ducking out of work early before taking off a travel day before Thanksgiving and rising, stupefied from a tryptophan-induced coma Friday morning to chase bargains on consumer goods like a thoughtful but slightly superficial mouse on a wheel – is the annual official list of Holiday Shopping Tips from the federal Internet Crime Complaint Center.
IC3– formerly the Internet Fraud Complaint Center – is a joint effort between the FBI and the National Wite Collar Crime Center (NW3C), a non-profit security professionals' association based in Glen Allen, Va., near Washington.
None of the advice is unique to this year; criminals have been using the Internet heavily enough and regularly enough that they don't come up with completely new scams from year to year.
They keep getting better at the same old gags, though, like the guys in Kung Fu movies who say they don't fear an opponent who can do 10,000 kicks, but the one who does one kick 10,000 times.
After enough practice, it's possible to make even a lame scam work.
Most of the other advice is relatively routine, but IC3 does have a scam-alert listing of the most recent twists, as well as an Internet Crime Schemes page listing all the old faves. Both are useful. The alerts are available by email.
There is also a page of tips on how to avoid or check the legitimacy of some email offers so you can figure out who in your pile of email is after what, just in case the "what" isn't Tickle Me Elmo.
Here are a few of the hot scams for this season, and tips on how to avoid them:
Buy them directly from the store, not from a third party site online.
The card you get in return could be one that was obtained fraudulently, which would cause the store to turn it away. It could be an act of fraud itself; what you get in the mail might be a Target card, but one with no value in its account. Or you could get nothing at all in the mail, which in some ways is a lot clearer.
None of those results will help your loved one sail through checkout happily with a present of their own choosing. More likely they'll be disappointed and maybe stuck in a side room for questioning about the fraudulent card.
Phishing and Social Networking
- 1. Do. Not Believe. Your. Email.
- If a friend or acquaintance or friend-of-a-friend is in trouble – stuck in an airport, in a small town with a broken down car, in Nigeria with billions in cash to sneak out of the country – phone them or have them phone you. Do not believe sob stories in email. Even if they look true. Go straight to the source to make sure it's your friend who's in trouble, not whoever responds to that email.
- 2. Do. Not. Click. On. Links. You. Get. Through. The. Mail. From. Strangers.
- Or from friends. If they sound the least bit odd, or it's not part of an ongoing conversation, retype the URL in your own browser to avoid the hidden redirect to a malware-soaked web site that could infect your PC with viruses that swipe your credit card numbers when you buy a present and sends itself to all your contacts to infect them as well.
- That's not a good present for anyone.
- 3. Repeat 1 and 2.
- Write it on a stickie note and stick it to your monitor. Email increases in volume and pathos around the holidays. Many of them are both true and laudable. They're still unsolicited email looking for donations from strangers.
- The rest are scams from gangs also looking for donations from strangers, but for causes that are not as hygienic.
4. Do. Not. Open. Attachments. Or. Pictures. From. Strangers.
- Everyone knows this. Everyone does it anyway. Don't
- 5. Do not believe any email from your bank or credit-card company, phone company, utility or any other company you deal with is actually from that company.
- If there's a problem that requires that you "resolve account information," call them about it. You'll clear any problems up more quickly.
- Even if you think it's legit and want to go to the site, don't click on the link provided. Type it in separately. Then double-check that it's actually the site by looking up your own account information, not by re-typing it into a site that looks like your bank, but probably isn't.
The IC3 advises that if you get a request from a legitimate-sounding organization asking for personal information like your phone number, address, or even to confirm your email address, you should look up the contact information from a phone book or other source rather than using what's in the email.
Anyone can say they're writing from the American Cancer Society, and make their return address look as if they are. It's very likely the contact information in the email is fake; it's very unlikely whoever faked the email has also been able to do redirect on every web site you might use to find the correct contact information.
(Even if the info in the letter matches what you find elsewhere, don't click on the link in the letter. The text can read correctly but link somewhere else, even if you look at the URL to make sure.)