It’s the most wonderful time of the year—for scam artists and other would-be thieves. Every time you swipe your credit card at the register or enter your personal information on a website, you risk having your sensitive data fall into the wrong hands. And as you count down the remaining shopping days in the season, you may let down your guard in a mad dash to check everything off your list.
“The holiday season is a busy time for consumers, when we do the majority of our shopping for the year, and hackers are priming themselves for the wave of data coming in,” says Yaron Samid, founder of personal finance app BillGuard (which was acquired by lending site Prosper in October 2015). “This is the Super Bowl of scam season.”
To keep your holidays happy and your identity safe, be wary of these six common scams.
1. The Scam: Phishing
You get an email luring you to a fake deal site promising unbelievable savings on your Christmas gifts—often popular electronics and gadgets. But it’s really just a ruse to get your credit card information and other personal data.
The Fix: You can easily avoid this threat by not clicking on links in emails from unknown sources. Even if the email seems to be from a legitimate retailer, you should type its Web address directly into your browser rather than clicking on an email link, to be on the safe side.
Also, shop only at sites you are familiar with or that are recommended by a reliable source. You can check with the Better Business Bureau to verify that the merchant is legitimate. And make sure that wherever you shop online is secure: The url on any checkout page should begin with https:// and have a lock symbol next to it in the browser.
2. The Scam: Empty Gift Cards
The gift card you buy from a discount site might actually have no value. Criminals can spend the funds and replace the scratch-off material that covers the card’s PIN, so the card seems unused when sold for a percentage of its face value.
The Fix: Buying discounted gift cards online is a great way to save money. You just have to be sure you use legitimate resellers. Consider trying Gift Card Granny and Raise.
3. The Scam: Skimming
You innocently withdraw money from your checking account at the local drive-through ATM. Unfortunately, bad guys have attached a stealthy device to the machine’s scanner that lifts your account information when you swipe.
The Fix: Samid recommends using only indoor ATMs because they offer additional security that is likely to deter scammers. Gas stations are also prime targets for this particular threat, so he suggests paying inside instead of at the pump. It may be less convenient, but it’s not as troublesome as dealing with the repercussions of identity theft.
4. The Scam: A Fake Charity
You get an email, a phone call or even an in-person request asking you to contribute to some seemingly worthy cause. But the solicitor turns out to be a fraudster who plans to take your credit card information and profit from the kindness of strangers like you. “Scammers are leveraging the fact that people are feeling particularly generous around the holidays and are more susceptible to charity requests and helping other people out,” says Samid.
The Fix: Check on the legitimacy of any charity before you give. Sites such as Charity Navigator, Charity Watch and the Better Business Bureau’s Wise Giving Alliance can help you verify the quality of a charity and decide whether it’s worthy of your largesse.
5. The Scam: Nonstandard Payments
You go to make a purchase on Ebay or Craigslist, but the seller asks you to pay by money order or some other random way. “Any nonstandard forms of payment like these are almost always a scam,” says Joe Siegrist, cofounder of password management site LastPass.
The Fix: Stick to the more usual ways to pay. Credit cards are a particularly safe method of payment because they come with fraud protection. You can easily dispute any unfamiliar charges.
6. The Scam: Fake Tech Support
You get an unsolicited call from someone saying he’s providing assistance from the maker of your computer. Then he walks you through how to yield control over your machine. Once he has taken over, he’s free to swipe any sensitive data you have stored there.
The Fix: Just say no. “Microsoft and Apple will never call you and ask you to take these types of steps, and they’ll never email you with these requests either,” says Siegrist. “Be wary of anyone who contacts you with these requests.”
Also make sure you use a unique password for each and every account you have. Apps such as Dashlane, Keeper and Siegrist’s LastPass can help you create and keep track of all of them.
Other ways you can protect yourself: Take advantage of your free annual credit report to make sure no fraudulent activity has been going on in your name. And keep a close eye on all your account statements. If any charge, big or small, seems odd or unfamiliar, be vigilant and check whether you need to dispute it. “There is no substitute for your checking your own card statements during the holiday season,” says Samid. “You are the frontline of defense.”