How to protect yourself from gift card scams and fraud this season

These holiday scams are heavy on naughty, totally lacking in nice

Nov. 26, 2019 5 AM PT

It’s the most wonderful time of the year. But for consumers, it’s also the most dangerous.

From gift card rackets to online fraud, consumers are under near-constant assault amid what some analysts are calling the country’s first trillion-dollar holiday season.

The Department of Homeland Security has urged shoppers “to be aware of potential holiday scams and malicious cyber-campaigns, particularly when browsing or shopping online.”

It specifically cited “malicious links or attachments infected with malware,” and “spoofed emails requesting support for fraudulent charities or causes.”

Today we’ll look at some of the more prominent threats out there and what you can do to protect yourself.

Gift cards

Gift cards top many people’s holiday wish lists, with the National Retail Federation saying 59% of people surveyed are hoping to find at least one in their stockings.

Mercator Advisory Group, a payment industry consulting firm, estimates nearly $100 billion was loaded onto gift cards last year.

Scammers are well aware of how popular these things are, so they go to great lengths to cut themselves in for a piece of the action.

“Gift cards are safe, secure and in-demand gift options,” said Erin Wood, chairwoman of the Retail Gift Card Assn. “Unfortunately, like all payments tools, criminals have found ways to abuse gift cards.”

One of the most common rackets is for would-be thieves in stores to peel back the stickers covering gift card PINs. They also write down the card number. Then they go online after the card has been activated and try to make a purchase with whatever balance remains.

Some scammers use the brute-force method, employing software programs to try out every possible combination of card number and PIN on a retailer’s website. If they luck into a working combo, they can either use the card themselves or sell the info online.

Always check to make sure a card’s packaging hasn’t been tampered with and that the PIN sticker is in place. Also, don’t peel away the sticker or scratch off the PIN covering until you’re ready to use the card.

Cards purchased online aren’t as easily messed with as cards purchased in stores. Also, cards stocked behind the cashier’s counter are safer than cards that are unattended on a rack.

One other thought: If you receive a gift card, use it. It’s estimated that more than $45 billion in unused gift card balances have piled up over the last 15 years, which is just free money for stores.

If you don’t use up all yours, think about selling remaining card balances on sites such as Cardpool and CardCash.

Phishing

Email inboxes are being inundated with messages and freebies that appear to be from prominent retailers. Some are undoubtedly legit. But in many cases, that super-cool offer is just a ruse to get you to hand over personal information or download a malicious program.

I receive such emails ostensibly from Amazon several times a week. They’re fake. Costco announced the other day that what looks like a Facebook link to a free $75 coupon is actually a hoax.

“Costco is NOT giving away $75 coupons,” the company warned. “While we love our fans and our members, this offer is a SCAM, and in no way affiliated with Costco.”

Make it a part of your digital hygiene to never click links from sources you don’t recognize.

If you have doubts, hover your cursor over the link and see what comes up. If it’s a straightforward URL, especially for a recognizable brand, you’re probably OK. If it’s a long string of gobbledygook, back off.

Paul Stephens, director of policy and advocacy for San Diego’s Privacy Rights Clearinghouse, warned about the growing threat of so-called dark patterns.

“These are websites that try to trick you into upgrades, additional purchases or more expensive shipping options by defaulting to these more expensive options in subtle ways that may not be readily apparent,” he said.

Watch out for pre-checked boxes that commit you to things you might not want, such as permission to share your personal information with marketers.

Sneaky emails

You may receive an email from what seems to be a reputable online payment service such as PayPal confirming a recent purchase. However, you may not recall making such a purchase.

That’s what scammers are counting on.

The email will include a link to dispute or cancel the suspicious order. Clicking on it, however, will take you to a bogus site that will ask for personal info, such as your name, address and credit card number.

Always deal directly with retailers. If the email is confirming an order from, say, Victoria’s Secret that you don’t recognize, don’t click the link. Call Victoria’s Secret.

Along these same lines, watch out for emails that purport to be from a shipping company such as FedEx or UPS alerting you that your package is delayed. These emails also may contain links that seek to rob you of personal info or download a virus into your computer.

Do the cursor test before clicking any links. If you have the slightest doubt, call the shipper with any questions.

Fake charities

This is a particularly revolting racket because it preys on people’s desire to do good during the season of giving.

It’s now a sad reality that after any tragedy — a fire, an earthquake, a shooting — fake charities instantly pop up trying to exploit people’s eagerness to help others.

“Scammers — opportunists that they are — are relying on generous consumers to use their hearts, and not their heads, when donating to a charity or cause in the holiday spirit,” said Lauren Hall, a policy advocate with Consumer Action.

Protect yourself by avoiding solicitations from any foundation or charity you don’t recognize. Or make a habit of checking out any such entity on charity rating sites such as Charity Navigator and CharityWatch.

Make no mistake, helping others in need is a very good thing. Donating to worthy causes is a very good thing. Just be careful.

Relatives in distress

Perhaps the nastiest of scams, this is where a call arrives from someone claiming to be in a position of authority — a police officer, an FBI agent — informing you that a loved one is in trouble.

“This is a scam of opportunity and the holiday season is the perfect opportunity to play on victims’ emotions,” South Dakota’s attorney general, along with other state officials nationwide, warned last year at this time.

Also known as the grandparent scam because it frequently targets seniors, victims are instructed to wire money (or gift card numbers) to some far-flung location to get their kin released from jail.

“Scammers know all the buttons to push,” said John Breyault, vice president of the National Consumers League. “They may swear the grandparent to secrecy, insist the money is needed right away, and use personal information gleaned from social media to make their pitches sound convincing.”

This is an elaborate and aggressive con. I wrote last year about a Central Coast resident who spent 20 hours being run all over the Southland and robbed of thousands of dollars by fraudsters claiming his daughter had been kidnapped.

If you receive such a call, the FBI says, hang up.

Oh, and happy holidays.