The Internet is engrained in our daily lives—we use it for shopping, paying bills, booking vacations and even dating. A 2018 Pew Research survey found that 77 percent of Americans are online every day, and about 26 percent of Americans say they go online “almost constantly.” However, this connected convenience comes with risks — namely, cyber fraud.
Internet scams use “phishing” tactics (i.e., they’re “fishing” for your sensitive information), which can lead to data theft and virtual identity theft, wreaking havoc on their victims’ lives. These online scams have increased at an alarming rate over the last three years, and there are certain times of the year, like tax season and Cyber Monday, when the risk of becoming a victim is especially high. This seasonal guide will show you what to look out for and how to protect yourself all year round, so you can use the Internet safely and securely.
- General signs to watch for
- January to April: Tax season scams
- February: Internet dating and romance scams
- March to August: Spring break and summer vacation scams
- June to October: College prep scams
- November: Veteran scams
- October to December: Medicare scams
- November to December: Winter holiday scams
- More Year-Round Scams: Charity scams
- How to protect yourself
General signs to watch for
At the center of most cyber scams are fraudulent emails and websites that result in stolen personal information (such as bank account numbers and social security numbers).Phishing scams often come in the form of an email requesting you to download a file or click on a link. Don't take the bait. While it’s getting increasingly difficult to tell if someone is scamming you online, there are general warning signs to watch for:
- The email looks to be from a legit business or organization but uses a free email service, such as Gmail, Yahoo, or Outlook, instead of a business email. Always double check that you know the sender before opening it. If you do open it, don’t click on any links within the email or download any attachments if you have even the slightest suspicions about the identity of the sender.
- The body and/or subject line of email uses aggressive or strong language to convey an urgent action you must take.
- The sender asks for your personal or financial information. Call the organization and ask if it has sent you an email. If not, forward the email to the company, and then delete it.
- The sender asks you to give them money via wire transfer, gift card, or Western Union. All of these are sure signs that the sender is trying to scam you out of your money. Be vigilant about avoiding scammers who try to impersonate your boss or another person within your company — always check directly with that person before making a financial transaction.
Keep in mind that anyone can be a victim of these scams — even the young and tech-savvy. Because cyber scammers are turning to more sophisticated and clever tactics to dupe consumers, Internet users of all ages must remain vigilant. In fact, the Federal Trade Commission's March 2018 report found that 13 percent of online consumers ages 20 to 29 reported falling victim to a scam in 2017, compared to 11 percent of people ages 70 to 79.
Keeping those general tips in mind, here are the scams to watch out for month-by-month:
January to April: Tax season scams
Phishing tax scams are on the rise. The IRS says over 2,000 tax-related phishing scams were reported to the agency between January and October of 2018. In a typical example, the sender poses as the IRS using the official IRS logo and font. Often, the imposter sender says that you are owed a tax refund or that you have an outstanding tax debt to be paid. The email then requests your social security number and bank account number.
Another frequently used email tactic by cyber fraudsters is to inform you that “your account has been locked.” To unlock your account, you are instructed to click on a link to fill in your personal and/or financial information on a fake website (aka “spoof” website) that has been created to capture and steal your data.
It’s important to remember that the IRS does not initiate communication with individuals via email and will never ask you for personal or financial information through an email.
February: Internet dating and romance scams
Around Valentine’s Day, the number of flower and chocolate deliveries increases dramatically — and cyber crooks take advantage of it. An example of a common phishing scam is an email telling you that the flowers or gift you've ordered could not be delivered due to an issue with the credit card; a link in the email leads to a fake website, where you are directed to re-enter your credit card information.
Even something as simple and sweet as a Valentine's Day e-card has become a common tool of cyber criminals. When you click on a fake e-card to download it, malware is installed onto your computer or mobile device and used to steal personal information. If you aren't sure about the origin of the e-card, don't open it, or contact the person who you think may have sent it.
Although the Valentine's Day season may drive some to start online dating, online romance scams are often played out over a long period of time, which is why these schemes are some of the most effective — and most financially hard-hitting. The Better Business Bureau(BBB) recently reported that romance scam victims have lost almost $1 billion in the US and Canada over the past three years. (Numbers are likely higher than reported, because the victims are often embarrassed about filing a report, or simply don't know how.)
Instant messaging is another method used by applications such as “flirt-bots” that attempt to bring you into a romantic online chat and then ask for your credit card information to “prove you are over 18” and legally allowed to enter an adults-only website.
In addition, each year thousands of romance fraud victims report being contacted by someone who claims to be in the US military service, asking for money. The US military has posted important information here to help you determine if you are dealing with a military romance scam.
March to August: Spring break and summer vacation scams
Holiday rental fraud victims spend months planning and anxiously awaiting a spring or summer vacation, only to arrive at their destination and realize the prepaid vacation rental doesn't exist. To avoid this devastating situation, it's critical to pay close attention to the ads and websites you come across when searching for your spring break or summer accommodation.
You might be able to sniff out a rental scam when you realize that all the rentals on the website have that “too good to be true” factor (think, “super-luxe accommodations for the price of a cheap motel” style listings). The rental agency or property owner will often request you to send 100 percent of the payment upfront via wire transfer, Western Union, or check, which is also a major red flag. A legit rental business will feature a secure payment system on its website, offer refund options, and may not even transfer your payment to the owner until you have checked-in to the property. Another way to screen a property listing from a private owner is to verify the address of the vacation rental on Google Maps before sending any money.
These holiday Internet scams are not limited to vacation rental properties. Some cyber fraudsters target consumers seeking an entire vacation package. If you come across an unknown travel agency offering a fantastic bargain for flights and hotel, proceed with caution — it may be a well-crafted but fake website waiting to scam you out of your personal data and your money.
If you've booked a flight for your spring break or summer trip (but beware all year round, as this can happen during the winter holidays, too), you might receive a fake confirmation email of your flight that asks you to click on a link inside to confirm your flight or your personal information. Once you click, you're led to a fake website that is used to steal your personal and financial data.
In general, it's best to stick to official airline websites and established accommodation booking sites. If you’re the victim of a vacation home rental scam, you will at least have the support of a legit company to help you find another rental or to refund your money. Also, always book with a credit card; it offers more fraud protection than a debit card.
June to October: College prep scams
High school students and their parents are typically the targets of college prep scams. Although these imposters sometimes seek to connect with the target over the phone, they often send emails that appear to be from the College Board (the makers of the PSAT and SAT).
In one of the latest scams, students or parents may receive an email stating that they must pay for the PSAT or SAT study materials. If you get such an email, know that the College Board will never ask for credit card numbers, bank account details, or a College Board account password over an email, or over the phone. If you get a call from someone claiming to be from a company selling test prep materials, always look up the company name online together with the word “scam,” or look for them on the BBB database.
November: Veteran scams
Unfortunately, even a revered holiday like Veteran's Day has become an opportunity for cyber crooks to prey on those who want to honor the people who have fought for this country. During the Veteran's Day season (and really, all year round), you may receive an email from an organization claiming to be (or be affiliated with) a “charity for veterans.” Never send money, or your personal information, to a charity (or anyone) without looking up the organization online and verifying that it is credible.
If you are a veteran, remember that the Veterans Administration does not email or call its members requesting them to verify or update personal or financial information. If you receive such an email, it’s from an imposter. Veteran charity scams may also come in the form of fake ads that pop up in online searches, or social media ads offering a too-good-to-be-true military discount on cars, or property rentals. These ads almost always express urgency and require the money to be sent via wire transfer, both of which are major red flags.
October to December: Medicare scams
During the enrollment period for Medicare in the fall, older Americans should be on high alert for phishing emails (and calls), where the sender pretends to be a valid employee of the Medicare program or the government. The email may tell you that in order to collect a rebate or extra benefits, update your account, or resolve an issue with your account, you must click on a link and fill in your personal information.
If the email seems authentic (because it has an official-looking logo or font), it is still important to first verify the link that is given in the email before clicking on it. Hover over the link to check if it will direct you to a US government website, like Medicare.gov. The URL must end in either “.gov” or “.gov/”, and, if it does not, delete the email immediately. The FTC offersmore tips here on avoiding Medicare scam emails.
November to December: Winter holiday scams
The winter chaos begins with the shopping “holidays” of Black Friday and its digital counterpart, Cyber Monday. Online shoppers are at risk of being lured by bargains and clicking on a fake ad, website, or an auction listing, where their personal and/or financial information can be captured and stolen.
As you hunt for the best holiday deals online, force yourself to slow down and stay safe. Here are the key ways to avoid Black Friday scams and other online scams during holiday shopping:
- Use a secure payment method. Only shop on sites with secure payment methods, such as PayPal. Stay away from any site that accepts checks, wire transfers, or money orders. To identify a secure site, look for “https” in the browser’s address bar instead of “http.”
- Reset shopping passwords. It’s a good idea to reset your shopping account passwords every 90 days in case there is a data breach at an online retailer. Also, never use the same password for multiple online shopping accounts or online banking portals, because if one is compromised, so are the rest.
- Don't check a gift card balance on any website except for the one listed on the back of the card. In November 2018, the BBB reported on a website that claimed it would check your gift card balance, but it actually stole it instead.
- Be wary of information requests from shipping companies. The delivery of packages jumps dramatically during the holiday season — and so does the number of package delivery scams. To be safe, you can check a list of scams reported by UPS and FedEx. Both companies have reported an increasing number of various phishing and spoofing emails that may ask the recipient to download an attached invoice or form, or to enter their financial information on a linked website. Neither of these shipping companies will ever ask for this kind of data via email.
- Don’t fall for fake shopping apps. Fake shopping apps containing malicious software are popping up, posing as legitimate apps within the Apple Store and Google Play. The best way to ensure you are downloading the authentic app to your mobile device is by getting it directly from the company’s website.
More Year-Round Scams: Charity scams
While there’s a spike in certain types of scams season by season, many of these scams can really happen year-round. One particularly pervasive year-round scam is the charity scam.
When disaster strikes across the country or the globe, sometimes the only way to lend a hand is by donating to a charity or non-profit organization that is helping those in need. Scammers prey on those who want to help by impersonating a well-known charity, such as the Red Cross, or leading consumers to a website with a name that is very similar to that of a legitimate charity. Emails for fake fundraisers are common, and they’ll ask for your financial information. Be aware that you may also receive scam phone calls, or an imposter could even show up at your door or stop you on the street to ask for donations.
The IRS recommends searching its database of tax-exempt organizations to verify whether the nonprofit you're considering does indeed exist. You can also look up the charity here. If it is not listed on either site, or if you are asked to donate with cash or a gift card only, this is a major warning sign that the charity is probably a donation scam. You should always donate money with a check or credit card so that your donation is recorded in case the charity does turn out to be fake.
How to protect yourself
Keeping online fraud at bay requires a multi-faceted approach to cybersecurity. In addition to avoiding the bait of phishing scams by not clicking on unknown sites or attachments, you can also protect your online connections for even stronger security by doing the following:
- Protect your devices and your home network with a smart security solution like Xfinity xFi.
- Install tools like Xfinity xFi Advanced Security, which offer personalized security and real-time monitoring of your home network.
- Maintain strong passwords on your various online accounts to decrease your risk of virtual identity theft. To improve password strength, the National Institute of Standards and Technology recommends using passphrases instead of passwords. Contrary to what you may have heard, though, there's no need to change your passwords every few months unless you think your account may be compromised. For example, if you broke up with your partner who knew your passwords or if a business you shopped at experienced a data breach, you should consider changing your passwords.
What to do if you’re the target of a scam
If you suspect that you may be dealing with a cyber scammer, check the BBB’s searchable Scam Tracker database of scams reported within the US and Canada, which includes the names of people and businesses used by the scammer.
To report a scam, contact the Federal Trade Commission (FTC) or the BBB. The US Senate Special Committee on Aging also has a fraud hotline for older Americans who have discovered they are a fraud victim or are about to be victimized.