By SF Fire Credit Union

Security Tips For The Holidays

It’s the season of giving. Unfortunately, for scammers, it’s just another season of taking. While you’re shopping and looking for the best deals, watch out for some of these common Holiday Scams as reported by Consumer Reports. And when it comes to online shopping, you might want to re-think saving passwords on your computer and mobile device.

Fake Websites and Phishing Emails

We all want that amazing deal. If you receive an email or find yourself on a website with too-good-to-be-true prices, they probably are. Does the site have an unusual web address or no contact information? Check before you click. Are you buying from instead of Are you seeing an email address purportedly from Best Buy that ends in .ru (from Russia)? Not legitimate. Scammers are good at closely approximating legitimate sites. It’s always best to take a second look, and make sure any payment page has an "s" after "http" in its URL, which indicates the page is secure.

Shipping & Delivery Scams

With the prevalence of online shopping, we’re all trained to expect deliveries. Be careful in responding to messages indicating there was a problem with a delivery to your address, particularly if you’re asked to call a number or click a link and provide personal information, such as your credit card or Social Security number. These messages could be an official-looking note on your door or an email, and could mimic UPS, FedEx or the U.S. Postal Service, or even retailers, a bank, or a credit card company. Rather than using a phone number on an unusual notice, or clicking on a link in an email, go directly to the merchant or delivery service’s website. You should be able to track legitimate shipments there.

Stolen Rewards Points

This can start with a single data breach at a single merchant’s website. In many cases, you might use the same email and password combination for multiple websites; this is a habit that scammers count on. Once they find one combination that works, they will plug it in to thousands of other sites, including banks and other merchants. This is called “credential stuffing”.

  • Don’t use the same password for multiple sites
  • Change your passwords regularly

Gift Card Fraud

Maybe someone bought you a gift card that you can’t use, and you don’t want to re-gift it either. Selling it online seems a convenient way to extract value from the card. But be careful to whom you sell. Scammers might ask you to do a three-way call with the card issuer to verify the balance; they’re listening in to record your keystrokes to try to capture your login information.

Bogus Charities

Sadly, it’s a simple thing for scammers to create fraudulent fundraising pages online, such as through GoFundMe. Make sure you know to whom you’re donating. Use sites such as CharityWatch and Charity Navigator to check how much a given charity actually delivers to the intended beneficiaries.

Protect Your Password: Don’t Save It

Most browsers give you the option to save your critical information: login credentials, credit and debit card numbers, and more. This can be convenient, but there are risks:

  • Lost or Stolen Devices: If you lose the computer or mobile device, anyone that picks it up could have access to your online passwords.
  • Hacking: Viruses and other malware can provide hackers with remote access to information on your computer, including your passwords.
  • Other Users: Is this a shared computer or device? Do you ever let friends or family borrow it? They could possibly gain access to your information.

Take the time to assess the risks before storing any critical information such as passwords on your computer.