It’s easy to get caught up in the craziness of the holidays. You have parties to plan, cards to send, and gifts to buy, and that can be a lot to squeeze into just a few weeks. Don’t let the stress cloud your better judgment. Watch out for these scams that prey on holiday shoppers.
Fake Store Apps
The FBI recently sent a press release warning consumers about fake app scams. Once you download these apps, they steal personal info from your device.
They’re usually disguised as games, but some scammers create fake apps that mimic well-known brands like Zappos, Pandora, Dillards, or Dollar Tree. Smartphone users download the app, connect it to their Facebook account or email, and unknowingly give away a bunch of personal information. The apps can also infect your phone with malware.
To prevent this, look beyond a brand’s logo when you download an app from Google Play or the Apple Store. It’s easy to just search for an app and download the first one that looks right. Chris Mason, co-founder of Branding Brand, warns of a few additional red flags to watch out for, specifically typos and run-on sentences in app descriptions. Check customer reviews, too. If there are a lot of one-star reviews or users complain about advertising, that could be a red flag that the app is fake.
Fake Online Stores
The FBI also warns about fake deals from unfamiliar sites. It seems like it would be fairly obvious to spot a bunk online storefront, but criminals are smart about making these stores look legit. As Inc.com explains, some of these sites price most products competitively, but then they list other items ridiculously low to entice shoppers. The regular-priced items make them look like a real store and help them show up in Google search results. Thus, just because a store shows up in Google search results doesn’t automatically mean it’s legit.
Sometimes these scammers will even create fake social media handles and ads to promote their “deals.” These posts might include coupons, holiday promotions, contests, or free gift cards. They’re often accompanied by an online survey, which scammers use to steal your info. Here are a few ways to tell you might be on a fake shopping site:
- The URL is complicated and includes hyphens like “givenchy-gear-for-less.com” or it uses a popular store on its main domain (zara.domain.com, for example).
- The contact email is through an email client like Hotmail or Google, rather than the domain of the store itself. It might also include a bunch of random numbers or letters—a typical throwaway address.
- The brand selection is completely random. As Complex.com puts it, “When was the last time you saw Angry Birds T-shirts sharing retail space with Balmain jeans?” Phony sites target people with popular brands; there’s usually no curating involved.
In general, if you come across a deal that’s too good to be true, it probably is. That said, there are a lot of decent holiday discounts out there, so that rule of thumb doesn’t always work. If you spot a truly awesome deal, chances are, deal sites have already found it. Check sites like Kinja Deals, Slickdeals, or DealNews to verify the discount. You can also use resources like Consumerist or the Better Business Bureau to research potential scam sites. Additionally, WhoIS.net allows you to look up information on the “company” or individual that registered the domain.
Social Media Scams
Social media channels like Facebook are a perfect platform for scammers. It’s easy enough to post a counterfeit ad or update, and the nature of social media allows them to share that scam effortlessly.
The “Secret Sister” scam, for example, has made its rounds on Facebook recently. It’s basically an illegal chain letter scheme in which consumers are asked to buy a gift for a stranger to get gifts back in return. You invite friends, they send gifts, and you get more gifts. It sounds completely ridiculous, but people fall for it. One woman told Pennsylvania’s WNEP:
At first when I read it, I thought it was pretty cool. The girl who tagged me in it is pretty reliable and is really nice, so it seemed like something she came up with. It seemed like this original thing.
Perhaps because social media seems like such a personal platform, it’s easy to fall for fraud. A few other holiday scams that have made their rounds on social media:
- Fake Deals from Strangers: You Tweet about a gift you’re trying to find, then you get a direct message or tag from someone willing to sell you the item. The scammer takes your money or credit card/bank account information, and you never hear from them again.
- Fake Gift Cards: Scammers post fraud gift certificates on social media, collect your personal info, then sell it to telemarketers or worse, steal your identity.
- URL Scams: Scammers bait you with a message or a post that includes a link you have to click on for more information. Once you click on it, it steals your login credentials or installs malware on your computer.
It should go without saying that you don’t want to give out any personal information to a stranger, especially when that information includes financial details, like your credit card number. You should also avoid clicking on any unknown links someone DMs or tags you in.
Phishing Emails From Fake Retailers
Email fraud is nothing new, but it peaks around the holidays when people expect to receive order updates and shipping information from retailers, and busy shoppers may not inspect confirmation emails or account creation emails as closely as they would otherwise. These emails look like they come from legitimate companies, like Amazon or UPS. Some of them may claim there’s a problem with your order. Others may offer a deal or discount. You either click on the link and inadvertently download malware, or you enter your password, address, or other personal information and scammers steal it.
These emails look pretty convincing, but if you hover over any links to see the URL or just check the email address, you’ll notice the link is off. Chances are, it’ll be something like www.amazon.subdomain.com. This link won’t take you to Amazon at all, but to whatever URL “subdomain” is. If you’re still unsure about the email and it’s asking for personal information or to check the status of an order, go directly to the website in question and look up your order or tracking number. As a general rule, think twice about retailer emails and don’t click on any links or attachments if you’re not sure about them.
Misleading Store Credit Cards
Okay, store credit cards aren’t a scam exactly, but they’re almost always a terrible deal. People still fall for them, though, and get stuck in an endless debt trap. Stores bait customers with “deferred interest” cards, which seem like “0% introductory APR” credit cards, but they’re not.
With a “0% introductory APR” card, you don’t pay interest at all for an introductory term, and, afterward, your balance is charged at a regular interest rate. Deferred interest cards piggyback on these rules, but there’s an important difference: you have to pay the entire balance before the end of the promotional period, otherwise, you’ll owe interest for that entire term. Interest rates are high, too. A study from MagnifyMoney found that the average rate is 24.8 percent.
Deferred interest cards can be a decent deal if you have the cash on hand to pay off the balance and you get some great discount, cash back, or other deal for signing up, but the terms of store credit cards are usually terrible. They’re not great for your credit score, either. If you’re interested in the discounts those cards offer, consider opening a rewards card instead. Sites like NerdWallet can help you find a decent one, and they lay out the terms for you before you sign up. Of course, you always want to read the fine print yourself.
A lot of these tips seem like common sense, but keep in mind: thieves are good at creating the illusion of credibility. In general, maintain a skeptical eye. Think twice before giving out any personal information, especially over social media or email. You should also check your bank statements and credit reports periodically to look out for any fraudulent purchases or accounts. Beyond that, make sure to update your antivirus and anti-malware apps. This way, you’re protected even if you accidentally click something suspicious.