MANCHESTER, NH – Holiday shopping gears up with Black Friday this week, followed by Cyber Monday and a whole lot of whipping out the card, clicking, and spending.
The scammers, though, are way past gearing up and are poised to separate you from your hard-earned dollars.
A variety of groups are warning about some of the top scams this holiday season, and are offering tips on how to protect themselves.
Fake shopping sites
The Federal Trade Commission warns that fake shopping sites proliferate online during the holiday season. You click on a link, and before you know it, you’re scammed. The FTC advises that you don’t click on an ad for an item that’s being offered at much lower price than it should be.
The FTC offers these tips to avoid fake shopping site scams:
- Search online for the name of an unfamiliar seller and include words like “review,” “complaint” or “scam” to see what other buyers say.
- Look at the price, other charges, the refund policy, who pays for return shipping, and if there’s a restocking fee.
- Pay by credit card whenever possible, rather than a debit card. Credit cards offer more protections and give you the option to dispute charges if you don’t get what you ordered.
- Never buy from online sellers who demand you pay with gift cards, wire transfers, payment apps, or cryptocurrency. Only scammers tell you to pay that way.
Travel scams
AIPRM, an artificial intelligence site, has compiled a list of the top AI-driven scams that travelers should watch out for during the holiday season.
Fake airline and hotel booking websites: These mimic legitimate travel booking platforms and advertise irresistible prices for flights and accommodations, then steal your personal and financial information.
AI chatbots offering fake travel deals. AI-powered chatbots can be used by scammers to impersonate customer service representatives offering huge discounts on flights, hotels, or holiday packages. The bots may ask for sensitive personal information or prompt users to pay upfront for non-existent trips.
Phishing emails and text messages. Scammers use AI to craft phishing content disguised as legitimate companies. The text or email may say your flight is canceled, and to avoid losing your reservation you must click a link and enter your payment details immediately. The pressure to act quickly could lead you to inadvertently put your financial information into the hands of fraudsters.
AI-generated reviews. Scammers can generate hundreds of favorable reviews in minutes, making it harder for travelers to distinguish between real and fraudulent content.
Fake travel itineraries and AI-generated images. Fake itineraries often feature attractive holiday packages that promise an unforgettable vacation at an unbeatable price, with AI-generated images used to promote false activities. Once you send a deposit or full payment, that dream holiday may not exist.
Fake TSA PreCheck. The FTC also has issued a warning about a TSA PreCheck scam in which you are texted or emailed a link that looks like it’s from TSA PreCheck. The message asks you to pay or re-enroll. The FTC says if you’re applying for TSA PreCheck for the first time, you pay in person at a TSA enrollment center, not online. To renew, you may pay in person or online, and TSA does send out renewal emails, but don’t click a link. To avoid being scammed, start your renewal at tsa.gov/precheck. A scammer’s link will take you to a scam site that looks real, but will steal your information and money.
AIPRM and FTC’s tips on how to avoid being scammed on your holiday travel include:
- Verify any deals or offers you find online through official travel websites.
- Don’t provide payment information through unfamiliar channels.
- Double-check all details and confirm through official customer service numbers or emails before finalizing any travel booking or urgent message from an airline or other travel site.
- Never click on links or provide sensitive information through unsolicited emails or texts.
- Red flags to look out for are urgency-related phrases like “limited-time sale” or “only 1 left,” suspicious URLs, small spelling errors, or anything that feels off about the website’s design or offers.
- Check reviews across multiple sources and don’t rely solely on reviews from travel booking websites – check independent review platforms and social media for additional feedback.
- Pay attention to patterns – if a place has an unusually high number of extremely positive reviews posted in a short period of time, it’s likely a red flag that they’ve been generated by AI or planted by scammers. Authentic reviews tend to be more balanced, including both positive and constructive feedback.
- Stay alert when presented with offers that seem too good to be true, and verify the source. AI-generated itineraries may appear polished, but they often contain subtle inconsistencies. Check for missing or mismatched details and examine the photos closely. AI-generated images can have imperfections like unnatural lighting or blurry areas.
- To renew TSA PreCheck, start at tsa.gov/precheck – typing in that URL yourself is the best way to avoid the scam. All TSA PreCheck sites are .gov sites, so if the URL has .com or anything other than .gov, it’s not real.
Gift Card Scams
There are two types of gift card scams: Gift cards sold in stores that are tampered with in a way to steal your money, and scammers asking you to buy a gift card to pay for something.
Gift card tamper scam 1: The FBI warns that scammers place fake barcodes on the back of real gift cards that are on display on store racks. When you buy the card, the cashier scans the barcode and it pushes your money into the scammer’s gift card account. The card you’ve just bought will then have a zero balance.
Gift card tamper scam 2: Also at a store display rack, scammers duplicate or scan the bar code on gift cards. They get a notification when the card is loaded and transfer the money to themselves before it can be used.
Pay with gift card scam: You are asked to pay a fine, a charitable donation, a utility bill, or anything else, with a gift card.
To avoid gift card scams, the FBI advises:
- Never pay anyone seeking money from you with a gift card. Only scammers ask you to pay for something with a gift card.
- Examine any gift card you buy off a store rack carefully. If the gift card is in a package, the bar code will be visible through a window, make sure it matches the bar code that’s on the packaging. Make sure the packaging hasn’t been opened or tampered with in any way.
- Avoid any cards where the bar code – either on the card or on the packaging – is on a sticker.
- If you have to scratch the card to see the bar code or PIN, make sure the card hasn’t been scratched and covered over with a sticker.
- If a sticker covers the barcode, make sure it hasn’t been peeled or ripped.
- Don’t take the front card, take one from the middle or the back (though this is not a guarantee it hasn’t been tampered with).
- If you have an option to buy a gift card from a cashier, rather than off the rack, do it.
- When the card is scanned at checkout, make sure the number that shows matches what’s on the card.
- If it’s possible to register the card, do so immediately.
- Keep the receipt for the gift card.
Undeliverable package scam
Scammers email or text that you have a package that can’t be delivered, and have a link to lick on. The email or text will look like it came from USPS, UPS, FedEx, or some other legitimate delivery service. The message may say the package has the wrong zip code, or some other error. Or it may just say it’s not deliverable, and you need to rectify the issue.
The U.S. Postal Service warns that these smishing scams (a combination of SMS and phishing) are intended to lure the recipient into providing personal or financial information.
USPS does allow users who register to track specific packages, free of charge, but they must register online, or initiate a text message with a tracking number. USPS will not send customers text messages or e-mails without a customer first requesting the service with a tracking number, and it will not contain a link, USPS says.
To guard against giving personal information to a scammer through a package smishing scam (most of these tips apply to other smishing scams as well):
- If you did not initiate a tracking request for a specific package directly from USPS, it’s likely a scam.
- USPS uses a 5-digit short code to send and receive SMS (texts) to and from cellphones, not a website or phone number.
- Do not click on a link from an unsolicited USPS, UPS, FedEx, or other package delivery service text.
- If the text has a phone number, not a five-digit code, it’s likely not from a legitimate delivery service. But also check the number for the country code – if it’s not +1, it did not originate in the United States or Canada.
- Look for typos or weird punctuation.
- Double-check the URL in the link against the legitimate URL for the agency or business (don’t click on it!). Scam URLs are designed to look similar to legitimate ones.
- Look for odd language or references that don’t seem like something a business or agency would use.
Fake invoice scam
You get a text or email with an invoice or receipt from a business like Best Buy, Lowe’s, Home Depot or Amazon, or from a software security company like Norton or McAffee, either saying you owe money or that your bill has been paid. It’s not a bill you’re familiar with, though.
The invoice either has a website or phone number to check. Don’t. These are scam customer service sites that may seem legitimate, but will ask for account information and drain money from your bank account or credit card.
To avoid being scammed out of personal information or money:
- Delete the text or email immediately, don’t click on anything or call the number.
- Check your bank account, PayPal, or wherever it said the money came from to make sure your account wasn’t accessed.
- If you’re not sure if it’s real, call the actual business (not the number or email provided in the text or email) and ask to speak to someone in customer service.
- Check the email address – it’s frequently a gmail address. No large business will email you from a gmail address.
- Check for multiple recipients – often, these emails have dozens of other recipients besides you. No legitimate business will copy anyone but you on a receipt or invoice.
- Keep an eye out for grammar issues, bad punctuation, and other things that don’t make sense.
Charity Fraud
Let’s not leave Giving Tuesday and other spirit of the season scams off the list.
AARP warns that you may not even know you were taken advantage of in a charity scam. The scammers take your money, but keep most of it for themselves, rather than giving it to the charity. Particularly with the increase in weather disasters, it’s important to know where your money is going.
As with other scams, red flags include pressure to give immediately and/or a request for payment in cash, gift card, wire transfer or bitcoin. Also keep an eye out for a thank-you for a donation you don’t remember making; a request for payment by cash, gift card or wire transfer.
Some of the top charity scams, according to AARP:
Capitalize on disasters and humanitarian efforts. There’s an increase when disasters and humanitarian events are in the news, with scammers using heart-wrenching photos and stories to pull on your wallet.
Mimic a real charity’s name. Scammers often imitate the names of familiar, trusted organizations to deceive donors.
Pretend you have given before. They may call you or send an email implying you’ve made a pledge and they’re following up.
Use online crowdfunding. You may get a message or see a post on Facebook or other social media for a GoFundMe campaign for someone who has a serious illness or some personal disaster like a house fire or accident, complete with fake photos and a fake story.
To avoid these scams, AARP recommends:
- Proactively give to the charities that mean something to you, and when someone calls asking for a donation say, “I appreciate what you do, but I already have specific charities I give for.” Don’t let them push you into giving.
- Look through the charity’s website for specifics about its programs, finances, governance oversight and impact, which should be easy to find and detailed.
- Consider who runs the charity, including looking at the board and staff and checking their LinkedIn profiles.
- Visit sites such as Charity Navigator, CharityWatch and the Better Business Bureau’s Wise Giving Alliance, which monitor and evaluate organizations, to check out a charity.
- Visit the New Hampshire Department of Justice registered charities webpage and don’t donate to a charity that isn’t on it.
- Avoid giving through third parties. A third party can be legitimate but will take a cut. Donated directly to the charity.
- Use a credit card so that you can check your statement to ensure the payment went to the charity, as well as challenge a charge if you were scammed.
- Don’t share personal and financial information such as your Social Security number, date of birth or bank account number to anyone soliciting a donation.
If you’ve been scammed
It’s up to you, unfortunately, to be as vigilant as possible as scammers get more sophisticated and stay a stop ahead of most consumers
General rules to protect yourself from holiday scams:
- Don’t click on any link that is texted or emailed to you.
- Don’t give in to pressure or urgency.
- Buy items in person at stores, rather than online.
- When buying online, do your research and also make sure it’s a legitimate website.
- Never use a gift card to pay someone asking you for money.
- Never buy bitcoin or crypto currency to pay for something at someone’s request.
- When looking for a store or shopping website online, make sure it’s the real thing, not a proxy website set up to scam you.
- Don’t give anyone personal information over the phone or by text or email.
- Never share your computer screen with a customer service person.
If you have lost money to a scammer, or given one information you shouldn’t have, report it to your local law enforcement agency – even if they think it’s weird you’re reporting it, or tell you that they can’t do anything, that’s the first step. Most law enforcement agencies in New Hampshire report their crime statistics to the FBI, and this includes scams. The more information they have, the more resources will go to fighting this type of crime.
Report it to the New Hampshire Department of Justice as well at the Attorney General’s Consumer Protection Hotline 1-888-468-4454 or email DOJ-CPB@doj.nh.gov.
Report it to the FTC at ReportFraud.ftc.gov.