Neowin's Guide to not getting scammed

Black Friday, the busiest day of consumer spending in the US, and the symbolic beginning of the Winter holiday shopping season, is also a scammer's paradise. When customers are throwing money at you faster than you can say “Buy one get one free”, the urge to scam and cheat your way to riches is hard to resist for many. While Black Friday has come and gone, Cyber Monday is today, and the deals are as hot as ever. At Neowin, we practice safe Internet shopping, and we hope our readers will too. We’ve compiled a list of potential scams and schemes to look out for, and some basic guidelines to guide you through your annual gift-shopping adventures.

Phishing

It’s an old trick, but somehow it continues to pay off. Scammers will send you an email or direct you to a website that looks a whole lot like a trusted bank or storefront, and will ask you to enter credentials. When scammers get a hold of your credit card information, identity fraud, account liquidation, and social network hijacking will likely follow shortly. Phishers use popular search terms to target users searching for popular storefronts and financial institutions during big shopping seasons. ‘Black Friday’ and ‘Cyber Monday’ are search terms likely to turn up all kinds of malicious content this year, so look out for it.

There are many ways to combat phishing, and a lot of it has already been done for you. Most browsers come with anti-phishing software that identifies the real domain of whatever website you’re visiting and displays it prominently in the address bar. Also, many search engines will warn you when you are about to click on a link that has been previously associated with malicious behavior. Finally, most respectable webpages that expect you to enter personal data are encrypted under the SSL protocol. You’ll know that you information is encrypted when you see the URL of a page that begins with https:// instead of http://. In order to obtain a license to operate an SSL encryption key, a website needs to purchase the service from a company like Verisign, which ensures that the website accepting your info is protected and reliable.

Smishing

A relatively new opponent in the War on Scamming, Smishing is the cellular version of phishing. Since text messages are considered by most people to come from a reliable source, many will follow the instructions within without thinking twice. Whether it’s a URL or a phone number, many will click or call and ask questions later. The effects and consequences are similar to that of phishing, and the same basic rule applies: Only trust what you know, and never click on something of unknown origins.

Skimming

While not so common yet, this practice is slowly gaining headway as a hard to catch way to steal debit/credit card information. The culprit sticks a magnetic reader to a gas pump card swipe or a restaurant card reader, and simply reads the numbers as they get scanned. However, this only gives the criminal the number on the card, not the personal PIN number. ATMs, a transaction system that always requires PIN authentication, are becoming popular targets for skimmers, and it is therefore wise to use ATMs at monitored locations, such as banks, where it is much harder to attach a skimmer. When using a debit card anywhere else, make sure to process it as a credit transaction, so you don’t need to use your PIN. Not only is this safer, but it also decreases your liability when fraud does occur.

Stripping

This is a crime that applies primarily to gift cards, a prime product in the annual gifting extravaganza. In many stores, gift cards come prefilled. All you need to do is access the information on the card before you leave the store, and it’s yours to spend. As criminals become better and better at this, try to buy cards that are filled at the register after they are purchased. It’s less likely that someone already has the card information of an empty card.

Knock-offs

A malady that proliferates as Internet shopping becomes ever more ubiquitous, the knockoff industry would like to sell you an iPad this holiday season. They’ve got a deal for you, too. For $150, you can own an iPad straight off the Chinese presses. Unfortunately, it runs Android 1.7, isn’t an Apple product at all, and has no customer support line to call when you realize your grave error. These knockoffs look eerily similar to the product they’re ripping off in ads, and many impulse online shoppers are easily fooled and blinded by the seemingly too good to be true price tag. There’s another basic rule of Internet shopping; if it’s too good to be true, it’s likely a lie.

Knock-offs are usually sold on auction sites like eBay, and can be easily avoided by anybody who has an inkling of English grammar skills. The ads aren’t written very well, and typically don’t look very professional. A few seconds of research and thought could save you lots of money and a big headache down the line.

What do I do?

Before you swear off spending money on your loved ones this year, keep in mind these basic tips and your shopping trips will more than likely end as well as they started (minus the large dent in your wallet).

  1. While surfing the Internet, only browse links and websites you know and trust.
  2. If you’re ever asked for personal or financial information, make sure you see a "https://" in your address bar. This means that your information will be sent encrypted.
  3. Try not to use your account PIN when using your credit/debit cards in a card reader.
  4. Check your account balances religiously. Another tactic scammers use if they do have your account information is to “test the waters” by charging micro-transactions (usually no more than a few cents) to see if the customer reacts. If nothing happens, they ramp up the charges until you’re hemorrhaging money in installments of hundreds and thousands. 

I’ve followed Neowin’s advice, but I’ve still been victimized? What Now?

If for any reason you suspect that your financial information has been comprised, immediately call your bank(s) and inform them of the situation. The sooner you let them know what’s going on, the less liable you will be for fraudulent charges. If a credit card is in question, call up the various national and international credit bureaus that track your credit ratings and inform them as well. This will ensure that the fallout will not affect your credit ratings too much. Most banks are pretty good about refunding fraudulent transactions and reissuing cards. It’s all a matter of keeping vigilant and staying on top of your own financial goings on.

The holiday shopping season is rife with deals, bargains, and huge crowds of joyously angry shopping mobs. Don’t let the scammers of the world get you down, and set your wallet free!

 

Report a problem with article
Previous Story

Microsoft looking to create new TV service to rival Google TV

Next Story

Google buying Groupon for $2.5 billion?

36 Comments

Commenting is disabled on this article.

"The holiday shopping season is rife with deals, bargains, and huge crowds of joyously angry shopping mobs." - This should be the official motto of the 2010 Holiday shopping bonanza.

From experience....

Do not shop online unless....

PLAN A

1) You have a very good ant-virus program
2) You have a very good firewall
3) You have several anti-spyware / anti-malware programs and 1 with real-time protection
4) You have some kind of protection to validate the sites you visit

5) NEVER ignore any warning you may get from 1 - 4. Even if you think it is a false positive.

PLAN B

1) Use ONLY a pre-paid debit card (best to have more then 1 and keep your money spaced a part)

2) Do NOT use the same password for everything

3) Do NOT use short or easy to guess passwords

4) Setup your e-mail for TEXT read online

5) Web mail is better then downloading it on your computer.

6) PRINT out EVERYTHING

7) Do not share more information then you have to

PLAN C

1) Add Plan A with Plan B and apply. Neither alone will protect you.

The Visitors said,
From experience....

Do not shop online unless....

PLAN A

1) You have a very good ant-virus program
2) You have a very good firewall
3) You have several anti-spyware / anti-malware programs and 1 with real-time protection
4) You have some kind of protection to validate the sites you visit

5) NEVER ignore any warning you may get from 1 - 4. Even if you think it is a false positive.

PLAN B

1) Use ONLY a pre-paid debit card (best to have more then 1 and keep your money spaced a part)

2) Do NOT use the same password for everything

3) Do NOT use short or easy to guess passwords

4) Setup your e-mail for TEXT read online

5) Web mail is better then downloading it on your computer.

6) PRINT out EVERYTHING

7) Do not share more information then you have to

PLAN C

1) Add Plan A with Plan B and apply. Neither alone will protect you.

Yeah except you very rarely have to download anything when buying stuff online, so Plan A is useless. And I don't know about you, but I've never been scammed or any other of the above. Shopping online is pretty safe as long as you use common sense.

De.Bug said,
Yeah except you very rarely have to download anything when buying stuff online, so Plan A is useless. And I don't know about you, but I've never been scammed or any other of the above. Shopping online is pretty safe as long as you use common sense.

You do not have to download anything with knowledge, to be infected with any of the above. You're cache files is good enough to start... Although there are other ways also & all you need do is visit a site.

Another scam recently hitting internet is when seller asks to do a bank transfer telling us that its safe and convenient way of transferring funds. Now he/she has this fake bank account set up and once the money is transferred, they run away closing down the account. When you go to the bank to do a charge back, they refuse to do so as money was transferred on your own will. This happened to my landlord so beware. Especially of gumtree or criaglist listings. Never do bank transfer in these cases. Just plain cash in hand and pickup of item is recommended.

sanke1 said,
Another scam recently hitting internet is when seller asks to do a bank transfer telling us that its safe and convenient way of transferring funds. Now he/she has this fake bank account set up and once the money is transferred, they run away closing down the account. When you go to the bank to do a charge back, they refuse to do so as money was transferred on your own will. This happened to my landlord so beware. Especially of gumtree or criaglist listings. Never do bank transfer in these cases. Just plain cash in hand and pickup of item is recommended.

Not sure about England but in the USA, you just go to the police and they get the FBI involved as that is a form of scamming. It would take a while, but A. the scammer eventually gets caught and B. you get your money back. Very inconvenient though.

I've never seen any stores that have gift cards pre-filled. If that were the case I'm sure shoplifters would jump on those. It would be like having cash displayed on your shelves.

giantpotato said,
I've never seen any stores that have gift cards pre-filled. If that were the case I'm sure shoplifters would jump on those. It would be like having cash displayed on your shelves.

You see it mostly in kiosks that sell gift cards from a variety of places, like at supermarkets.

Tzvi Friedman said,

You see it mostly in kiosks that sell gift cards from a variety of places, like at supermarkets.

Grocery stores around here fill them at the register.... TO be honest I don't think I ever saw a pre filled gift card on display

Rudy said,
Grocery stores around here fill them at the register.... TO be honest I don't think I ever saw a pre filled gift card on display

Many of them do, all they do is activate them...now think about a patient scammer, they have 100 card numbers. Those are the first 10 from 10 racks, they will be activated, in most cases, very quickly, tucked in a card, stocking, etc.

All they have to do is keep punching the number in until one day it is active and the person buying has no idea until sometime after Christmas morning.

schubb2003 said,

Many of them do, all they do is activate them...now think about a patient scammer, they have 100 card numbers. Those are the first 10 from 10 racks, they will be activated, in most cases, very quickly, tucked in a card, stocking, etc.

All they have to do is keep punching the number in until one day it is active and the person buying has no idea until sometime after Christmas morning.

All the cards I have ever used have had a scratch-off code on the back that needs to be revealed when using it. I don't see how anyone can use the card with only the card number, even after it's activated.

Had no idea about skimming and stripping. I think I saw skimming in the CSI: Miami episode with the restaurant and the family and the explosion there.

How do you know if a gift card is already prefilled or not? Though I personally prefer to give flexible currency, than restricted store credits.

Quikboy said,
How do you know if a gift card is already prefilled or not? Though I personally prefer to give flexible currency, than restricted store credits.

If it has an amount printed on it, it's prefilled.

Corky842 said,

If it has an amount printed on it, it's prefilled.

Wrong, most of them still need to be "activated"

Rudy said,
Wrong, most of them still need to be "activated"

Did you not read the article at all?

"All you need to do is access the information on the card before you leave the store, and it's yours to spend."

That is the activation process. If it is prefilled, you don't get asked, how much do you want to put on it.

ILikeTobacco said,

Did you not read the article at all?

"All you need to do is access the information on the card before you leave the store, and it's yours to spend."

That is the activation process. If it is prefilled, you don't get asked, how much do you want to put on it.

I'm pretty sure what Rudy says still applies. You can't use the information until the card is activated at the register.

"When using a debit card anywhere else, make sure to process it as a credit transaction, so you don't need to use your PIN."

This sentence made me literally wince. In the UK and most of Europe, we rarely sign anything any more, and card fraud has gone down as a result. The idea that a signature is more secure than a PIN is absolutely ludicrous.

iKenndac said,
"When using a debit card anywhere else, make sure to process it as a credit transaction, so you don't need to use your PIN."

This sentence made me literally wince. In the UK and most of Europe, we rarely sign anything any more, and card fraud has gone down as a result. The idea that a signature is more secure than a PIN is absolutely ludicrous.

If someone gets your PIN, most credit card companies won't reimburse for fraudulent charges when it is used.

iKenndac said,
"When using a debit card anywhere else, make sure to process it as a credit transaction, so you don't need to use your PIN."

This sentence made me literally wince. In the UK and most of Europe, we rarely sign anything any more, and card fraud has gone down as a result. The idea that a signature is more secure than a PIN is absolutely ludicrous.


If you use it at a gas pump you don't sign anything. I think he wants it so it can't be used to withdraw money from an ATM.

Blasius said,

If someone gets your PIN, most credit card companies won't reimburse for fraudulent charges when it is used.

Really? Maybe it works differently in the States to Europe then.

iKenndac said,
"When using a debit card anywhere else, make sure to process it as a credit transaction, so you don't need to use your PIN."

This sentence made me literally wince. In the UK and most of Europe, we rarely sign anything any more, and card fraud has gone down as a result. The idea that a signature is more secure than a PIN is absolutely ludicrous.

I don't even know what it means. What the hell is a "credit transaction"?

Examinus said,

I don't even know what it means. What the hell is a "credit transaction"?


When you use your debit card, you are asked "debit or credit". You can use your card as a debit card and enter your pin number, or use it as a credit card and just sign your name. That would be a credit transaction.

If someone steals your card, they can use it as a credit card and just fake your signature, but that's ok. The credit card company that backs it will give you back your money.

However, if the person who steals your card uses it in a debit transaction, it would require your pin number. In this case, your bank will not give you back your money.

Rudy said,
People always forget the best tool... "common sense"

Ditto... first thing I thought when I read the title, was hoping to see that in big red letters as the entire article.

jason13524 said,

Well I think its proven IE 8 annd potentially 9 is more secure than Firefox.

I said install the Firefox and IE versions of Web of Trust. I didn't mean install Firefox. I meant if you have Firefox install that version of the add-on and if you have internet explorer install that version.