Nov 6, 2019

Holiday Scammers: Watch for These Common Red Flags

Santa's hand holding a cell phone with twinkling lights in the back


The busy holiday season is fast approaching. Soon, your “to-do” list will be as long as Santa’s “naughty and nice” list. Shopping for presents, making travel arrangements, and planning festive meals are just a few of the holiday duties that compete for your attention each winter. It’s easy to see why 88 percent of Americans report feeling stressed during the holidays.

When you’re stressed, it’s easy to become distracted. That’s what scammers count on this time of year. Stay alert this season and watch out for these common red flags.

WARNING: Account Verification Text Messages Requesting Sensitive Data

Scammers see increased credit card activity during the holiday season as an opportunity, but in a way that many victims are only just now discovering.

SMishing (SMS Text Phishing) begins with a spoofed phone number from the fraud department of a credit card or financial institution.  The scammer sends the fake text alert claiming that you must respond to resolve a discrepancy or suspicious activity on your account.

Requests to confirm account information by providing confidential data such as CV2 codes, PINS, expiration dates, and online login credentials via text are red flags.

Tip: Never send personal financial details to anyone via text message or by clicking on a hyperlink sent via text.

WARNING: Money Related Direct Messages from “Friends”

When a friend sends a direct message claiming that she received $1,000s in free grant money just in time to pay for holiday expenses, you’re naturally curious. After a series of back and forth messages in the app, she encourages you to click a link to get your share of free money before it’s gone. But there’s one problem. The direct message wasn’t really from your friend. A scammer hacked her account and is sending fake messages to all of her connections.

When you click the link, you might unknowingly install malware that the fraudster uses to scan your device and steal personal financial information.  

Tip: If you receive a direct message from a social media connection related to money, don’t respond or click on any hyperlinks. Instead, contact the person offline and verify whether the direct message is genuine.

WARNING: Live Two-Step Verification Phone Calls

Whether it’s snowing outside or day five of triple-digit weather, setting up two-step verification on financial accounts offers an extra layer of protection against unauthorized access 365 days a year. This user enabled feature requires an extra step during the account login process.

  • Step 1: Enter user name and password
  • Step 2: Enter a One Time Passcode (OTP)

The OTP is usually sent to the email address or text number on record with the financial institution.

Vishing (Voice Phishing) occurs when the scammer poses as an employee of your financial institution and requests your OTP in hopes of gaining full access to your account.

It might begin with the fraudster contacting you by spoofing the credit union’s phone number. Since the phone number appears to be from the credit union, requests for personal information during a live phone call are often provided without question. The fraudster logs into the financial institution’s online website and asks for your OTP, claiming it’s needed to confirm your identity.

Once they’ve successfully logged in, the fraudster can transfer funds from your account and change the password.

Tip: Never provide your financial account login details to anyone via telephone. Call or visit your financial institution to verify any unusual requests.

Don’t let a fraudster steal your holiday joy. When you’re alert and know what to watch out for, you can reduce the chances of becoming a victim of the latest holiday scam. The Federal Trade Commission encourages consumers to sign up for email alerts to learn about recent scams and their warning signs.