The Merchant Risk Council talks with the Identity Theft Resource Center in the newest Fraudian Slip podcast about holiday identity theft and what people can do to protect themselves

  • We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season.
  • 2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Most of the fraud and scams is due to cybercriminals using good, old-fashioned scams.
  • The Identity Theft Resource Center (ITRC) sat down with the Merchant Risk Council (MRC) to discuss holiday identity theft, triangulation fraud and steps to protect yourself while shopping during the holiday season.
  • You can learn more about holiday identity theft, retail fraud, what you can do to stay safe and other topics discussed in this podcast by visiting the ITRC’s website
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor.

Below is a transcript of our podcast with special guest Julie Fergerson, CEO of the Merchant Risk Council

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon now.   

We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season. Or, if you have headed the warnings from retail experts, you already know we are in the midst of a second holiday season when supply and demand are not in sync. That means more people than ever are turning to online marketplaces to help Santa deliver the goods this year. However, it also means holiday identity theft.

2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Before you throw your laptop or mobile phone out the window and vow to never shop the internet again, know that very little of that fraud is cybersecurity-related. Most of the fraud and scams are related to cybercriminals using good, old-fashioned scams (and maybe a few bad habits) to trick you into buying something that is too good to be true – because it isn’t.

Joining us to talk about how you can protect yourself and your holiday from holiday identity theft, and the haul from the Grinches that want to steal little Cindy Lou Who’s gifts and roast beast, is Julie Fergerson, the CEO of the Merchant Risk Council (MRC) and the ITRC’s own CEO Eva Velasquez.

We talked with Julie Fergerson about the following:

  • What’s the MRC?
  • Retailers that you do not recognize with deals that sound too good to be true; a quick Google search can show you complaints against a retailer or if they are fake.
  • Triangulation fraud (auction sites).
  • What to do if you don’t recognize a charge on your credit card statement.
  • Alternative payment methods, like buy now and pay later (BNPL) or peer-to-peer (P2P). Payments like those may not have the same consumer protections, which regulators are discussing now.
  • The importance that you trust your instincts to protect yourself from holiday identity theft.

We talked with Eva Velasquez about the following:

You can learn more about the identity scams that involve your identity, privacy or security, or get help if you have been the victim of holiday identity theft by visiting the ITRC’s website

Be sure to join us next week for our Weekly Breach Breakdown podcast. Next month we will look back to see how well we did with our 2021 predictions. We will also look ahead at what to expect in 2022 – on the December episode of The Fraudian Slip.

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.

  • The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19

  • Quick Response Codes, or QR Codes, continue to generally grow in popularity, especially due to COVID-19. Hackers are aware and are looking to possibly attack consumers with the digital barcodes. 
  • There have been attacks in India and Brussels in 2020. Malwarebytes reports the U.S. saw QR Code scams and attacks in 2019.   
  • To reduce their chance of a compromise, QR Code users should be somewhat skeptical when using one of the digital cubes. Look for things that might seem out of the ordinary – like asking for logins, passwords or payment information. Ask an employee if you encounter something you think is odd.  
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

Quick Response Codes, also known as QR Codes, have generally grown in popularity over the years. COVID-19 has sped the use, with an increasing number of businesses using QR Codes for contactless encounters and transactions. However, hackers are aware of the rise, which could mean QR Code security threats to consumers who use them. 

Waitress providing menu for restaurant goer through contactless QR code

What is a QR Code? 

QR Codes are digital barcodes often used for electronic tickets for travel or events, to view a restaurant’s menu, or to share product information at a retailer. They are a quick way to get people to websites, promotional codes and mobile payments.  

QR Code Security Threats 

The convenience of QR Codes comes with security risks too. According to a survey of consumers conducted by MobileIron, 71 percent of respondents could not tell the difference between a malicious QR Code and a legitimate one. Also, more than 51 percent of respondents did not have mobile security on their devices (or did not know if they did) to provide QR Code security in case of a QR Code-related attack.  

Attackers can take advantage of people’s trust in QR Codes by embedding malicious software into the digital cubes. MobileIron says they expect QR Code attacks to increase in the near future. The attacks would steal data from mobile devices or lead to phishing websites that could harvest credentials and other personal information.  

What You Can Do 

Attacks can lead to many different actions that range from inconvenient to malicious. This includes risky texts, emails, initiating a phone call, or adding a contact listing. However, there is one thing consumers can do to protect themselves: be skeptical.  

  • If you see what seems to be a QR Code physically pasted on top of another, ask an employee. The restaurant or retailer may have just updated their QR Code, but it could also be a sign of a malicious code. 
  • Before scanning the QR Code, check the website address of the code. Many phones will allow you to view the web address before you scan it. If you are unsure about the website, you can safely view the site by searching it by adding a “+” sign after the URL. You can also ask an employee about any suspicious website addresses. 
  • Only scan codes from trusted entities. The Identity Theft Resource Center (ITRC) always tells consumers to use trusted entities when donating to a charity or shopping online because there is less risk. The same advice applies to QR Codes. A trusted entity will be less likely to have a malicious QR code on a restaurant menu, plane ticket or promotional code. 

Contact the ITRC 

Consumers need to be aware of QR Code security threats. The more people protect themselves, the harder it will be for identity thieves to succeed in hacking people using QR Codes. If you would like to learn more or believe you have been a victim of a QR Code attack, contact the ITRC toll-free at 888.400.5530 or on the company website via live-chat.  

Read more of our latest information & educational resources below

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

Reports Show Consumer Privacy and Cybersecurity Views Have Evolved