For a lot of consumers and businesses, Christmas is the busiest time of year. And often, people are generally in a more giving mood and willing to spend a bit more money on gifts for others and donations to charity.
Unfortunately, this is an ideal opportunity for fraudsters to take advantage of peoples’ generosity and scams are rife this time of year – especially online scams.
This guide will outline some of the most common scams that happen over the festive season.
Online Shopping Fraud
Shopping online for Christmas presents and food is becoming increasingly popular year after year, providing people with the ease of buying gifts without facing the rush of the high street. However, with so many people entering their personal information and card details into various shopping websites, this is making it an easy target for cyber criminals.
Bogus Shopping Websites
Scammers can easily create bogus websites where they advertise goods and services which are poor quality or unsafe, or, goods that will never be delivered. They will often advertise with images of well-known products at a much cheaper price, persuading customers to go to their site.
These fraudsters will often advertise their websites on social media platforms, especially Facebook, so they will be seen and shared by a vast majority of people. It is also common for fraudsters to send out a link to the site through phishing emails.
Once you make a purchase on the website, the fraudster will steal the personal information and card details you enter which can then be used to steal money or commit identity theft, and you will never receive the item you bought, or you will receive something very poor quality or broken.
- Only ever pay for something online using a credit card payment or a secure payments service, such as PayPal. This means your payment will be protected if the worst happens. If the website asks you to pay via a bank transfer, leave the site immediately.
- Never click on links provided in unsolicited emails, especially if it is from a company you don’t recognise or have never done business with in the past.
- If something seems too good to be true, it probably is. Take your time and don’t rush into purchasing something because you think it’s a good deal.
- Check for a green padlock in the address bar – this means the website is safe and secure. If there isn’t one, give the website a wide berth and definitely don’t enter any details.
- Look for reviews of the website from other people if it is one you have never used before. Search this from a separate search engine, not the website itself, as they can easily display fake reviews.
Read the following article for more information on how to tell if a website is safe and secure.
Another very common method of online shopping fraud is fake accounts on auction sites like eBay.
Fraudsters will advertise products on the site that are either poor quality, broken, different from the original description, or, non-existent. Once they have a potential buyer, the fraudster will normally try to direct them to another website that they have created to look like the legitimate auction site, where they will ask for your personal and payment details, or ask you to do a bank transfer.
Once the transaction has gone through, they will steal the money you have transferred and use the details you have entered to commit further thefts and identity fraud.
- The seller doesn’t have any feedback from other buyers.
- The seller privately messages you to offer you other deals that aren’t available on the their page.
- The seller doesn’t have much information on their page about themselves of their ‘company’.
- Never pay for anything online via a bank or wire transfer, only pay through a secure method, such as a credit card or through PayPal. This way your payment is protected.
- If the seller takes you to a separate website for payment, check the URL in the address bar. If you are using the site eBay, for example, if the domain name is anything other than ‘ebay.co.uk’, it is a fake website.
- Check for a green secure padlock in the address bar. Any secure payments site should have this.
- Make sure you read the website’s term and conditions, regarding payments, to see how you are covered.
Problems with Delivery
With most people purchasing their Christmas gifts online, many people are expecting lots of parcels to be delivered all at once, which are sometimes easy to lose track of. Most companies contact their customers via email to update them on the delivery process, and when their parcel is expected to be delivered. Fraudsters take advantage of the massive rush of online orders being placed over the festive season by sending out thousands of phishing emails.
They create fake emails to look like they have come from legitimate shopping websites, or courier services, such as, DPD or Hermes. They can easily spoof the display name and they commonly steal the logo of the company to display at the top of the email to appear more convincing.
They will say that they have tried to deliver your parcel but were unsuccessful and give you some excuse as to why – normally that no one was home to sign for it. Then, they will urge you to click on the link provided to rearrange a better time for delivery.
This link will either download viruses and malware onto your device or, you will be taken to a fake website where you will be asked to enter some personal information to ‘log-in’.
This information will be stolen to defraud you and potentially to access other online and bank accounts.
- The display name is easy to spoof, so make sure you check the sender’s email address. If it looks unfamiliar or doesn’t have a legitimate domain name, click off the email immediately.
- Fraudsters often have grammar and spelling mistakes.
- Legitimate companies will address their customers by their first name. If the email begins with ‘Dear Customer’, ‘Dear ’, or something else similar, be suspicious. Fraudsters send out thousands of phishing emails at a time so they are normally generalised.
- Check for the company’s contact information – in phishing emails, they are either very vague, or there is none at all.
- Never click on links provided in unsolicited emails.
- Look carefully through your past orders by going directly to the site you bought the products from. You will be able to find out what is still due to arrive and also what courier they use.
- If you are unsure about the email, go to the site directly and log-in to your account from there. They will have all the information regarding your order.
A lot of retailers promote their Christmas sales to current customers via email – this is where criminals can take advantage of customers by using phishing emails.
The scammer will take any shop which is likely to be having a Christmas sale and they will create an email address which looks almost identical to retailer’s real one. If this retailer has already sent out Christmas sale emails, this makes it even easier for the fraudster as they can simply copy the contents of the email so it looks identical.
In the email, they will prompt you to follow a link to go to their website to access the sale. This website will actually be bogus one which has been created to steal any details you enter if you try to purchase something.
- Even if you are interested in the advertised sale, never click on the link provided in the email. Instead, go to the website directly from your web browser – any information regarding a Christmas is likely to be all over the homepage.
Read the following article for more information on how to identify a phishing email.
Rather than sending standard paper Christmas cards, it is a popular option to send Christmas e-cards, via email, instead. Most are genuine, however, fraudsters have been catching on to this trend and have been sending out versions of their own.
The emails contain viruses and malware that embed into your device without your knowledge. This malware then collects information from your device, such as; personal data and information, financial and banking details, and usernames and passwords. The fraudster can then use the information to defraud you, commonly by accessing bank accounts in your name.
- Sending bogus emails from your account to your whole contact list, which look like they have come from you.
- Launches various inappropriate websites and display inappropriate images on your device.
- Bombards your device with various pop-up advertisements.
- If you get sent an anonymous e-card, that isn’t from an email address you recognise, it’s better to be safe and not open the email at all.
- Make sure you have up-to-date anti-virus software installed on your device to protect it from any potential viruses.
Some people tend to give more to charities over the festive season, and Christmas is traditionally a time where charities seek more donations. Fraudsters use this as an ideal opportunity to take advantage of peoples’ charitable nature.
These charity scams can be simple, it could be someone standing on the street pretending to be representing a well-known charity, asking for donations from passers-by. But more recently, charities have been taking to social media and email marketing to spread awareness and ask for donations for their charities. A great way of spreading the word about a good cause, but a problem when criminals can create identical looking websites to do the same.
Fraudsters can often break into other weaker sites, such as blogs, and re-create them to look how they want. In this case, they can make them look like an existing charity website with a ‘donate’ section. They will often ask you to donate via a bank or wire transfer, instead of a card payment or any other secure method of payment. Once the transaction has gone through, the fraudster will take the money you donated, but, also any personal and banking information you entered into the fake site. They can then use this information to further defraud you.
Fraudsters will often send out phishing emails too, for the same purpose. They will create an email to make it appear as if it came from a legitimate charity, providing a link for you to go to, where you will be directed to the fake website to ‘donate’ to the charity.
- If you want to donate to a charity, go directly to their website from your search engine, never through emails or adverts. If you are unsure about the site you are on, phone the charity and they will be able to assist you.
- When you are on the site, check the address bar to make sure the site is secure. It should begin with ‘https’ (not ‘http’) and have a green padlock with ‘secure’ written next to it. This is especially important when you are at the donating stage where you will be entering your personal and banking information.
- Be cautious of emails from charities you have never heard of before, fraudsters sometimes make up their own charities entirely. Research the charity from your search engine to check its authenticity, and if you want to donate, do it from their official website – not the email.
- Never transfer money online via a bank or wire transfer. Only pay by using a credit/debit card payment or another secure service, such as PayPal. This way your money is protected if the worst happens.
- If you are in any doubt, contact the charity directly. Any legitimate charity will be happy to help you.
Social Media Messages
Over the festive season, a lot of scammers will also take to social media messaging services to target their victims.
Scammers are able to hack into users’ social media accounts and send messages to make it look like it has come from that person. A common message they will send to friends and family is a plea for a loan so they are able to buy Christmas presents. They will say how they’ve been really struggling with finances over the last year and they need your help so they can treat their family over Christmas – all to try and take advantage of your emotions.
They will give you a bank account number and sort code to transfer the money to.
- Think whether this is a close friend or family member of yours and if this is something you would expect them to do. This could be someone you haven’t spoken to for over a year, so is it likely that they would be coming to you for this sort of help?
- Look at the language they are using in the message and whether it sounds normal for that person.
- A fraudster will be very demanding and will make up excuses as to why they can’t talk to you over the phone or meet you in person to get the money.
Christmas is also a very busy time for sending and receiving mail, which is another opportunity for criminals to steal peoples’ money and personal information.
‘Something for you’ Missed Delivery Cards
‘Something for you’ cards are normally used by the Royal Mail to post through the letterbox when they have been unsuccessful in delivering a parcel, informing the customer of how and where to collect it. Many other courier services have their own versions.
Scammers have been creating fake cards to look incredibly similar. It is likely that they will take advantage of the huge amount of deliveries that will be made over the festive season.
These fake cards advertise a premium rate phone number that customers are urged to phone to organise a ‘re-delivery’. This number is not registered to the Royal Mail or any other courier service it is claiming to be from, and, earlier, charges huge amounts of money to anyone who phones it. The automated message also asks for personal information to be provided to authorise the delivery, which is then stolen by the fraudster to further scam their victims.
- Look to see whether the card has an official logo.
- Consider what deliveries you are expecting and check where your parcel is in the delivery process, from the website you ordered it from.
- If you have received one of these cards and you are unsure whether it is genuine, go to the Royal Mail website to find their correct contact details and contact them with that way.
This isn’t a ‘scam’ as such, more of a theft, but it’s definitely something to be aware of especially around this time of year when you might be receiving a lot more post than usual.
Criminals can steal letters and parcels that have been left outside your home if they’ve been delivered when you’re not there. This means they can get hold of various pieces of personal information but also bank details if you have been sent a bank statement or bill.
- If you live in a communal area, like a block of flats, consider getting a lockable post-box which can’t be access without a key or passcode.
- When you move home, make sure to tell your bank and any other businesses which may send you correspondence via post. You should also tell Royal Mail so you can have all of your post redirected to your new address so nothing will be left outside your old home.
- If you know that you won’t be home when you’re expecting to receive a delivery, contact the courier service and arrange a different time for delivery so you wont risk them leaving it outside.
Fake Event Tickets
A very popular Christmas gift is tickets to various memorable events, for example, concerts, comedians or sporting events. A perfect Christmas gift, but unfortunately, fraudsters are creating bogus websites where they are advertising fake tickets which have claimed a lot of victims in the past. These scams are even more common over the festive season as more people are wanting to purchase tickets.
A very common scam for these fraudsters is advertising tickets to popular events that have already sold out, at a much cheaper price. Or, in some cases the event they are promoting doesn’t even exist.
If you purchase the tickets, they will either; never be delivered, you will be told that a representative will meet you on the day to give you the tickets but no one turns up, or, it may be an e-ticket that you are told is fake when you get to the event.
The people who buy these tickets are left out of pocket and without the tickets they purchased, missing out on a memorable day or night. Additionally, any personal and payment information they entered in the fraudster’s bogus website will be stolen and used to further defraud them by accessing bank accounts under their name.
- Only purchase tickets from reputable websites. Check that the website has a green padlock in the address bar, and that the address starts with ‘https’, not ‘http’ – this shows the website is safe and secure.
- Check whether the vendor is a member of the Society of Ticket Agents and Retailers (STAR). This is the self-regulatory body for the ticketing industry in the UK. You can check this by going to their website and looking at the member directory.
- If you choose to buy tickets from an independent source, never pay via a direct bank transfer. If you pay using a credit card or a secure service such as PayPal, your transaction and money will be protected if the worst happens.
Fake Christmas Loans
Around this time of year, most people could normally do with a bit of extra cash to aid spending over Christmas and the new year. Unfortunately, fraudsters know this all too well as use it as a perfect opportunity to scam people out of their money.
It is a common scam for criminals to pose as lenders, offering borrowers a quick and cheap loan to get them through the festive season. They will advertise very low interest rates with an easy and quick set up process to draw in victims.
Once they have a prospective borrower, they will tell them that, in order to set up the loan, they will need to pay a fee upfront, known as an advance fee. The amount of this can vary, but could be a few hundred pounds. Once this has been paid, the fraudster disappears with the money and the victim is left with nothing and unable to contact the fraudster again.
- You may have a bad credit score and you have been rejected for loans in the past. With these scams, you will be accepted without hesitation or any further checks.
- They will ask you to transfer the fee via a direct bank or wire transfer.
- You will be put under a lot of pressure to pay the fee quickly.
- When you apply for a loan, make sure it is a Financial Conduct Authority (FCA) authorised firm. You can do this by going to their website and searching for the company in the ‘Financial Services Register’.
Use our simple online quiz to see if you can spot potential fraud.
The questions are multiple-choice, and some questions have more than one correct answer.
Find it useful? Please share!