Fraud Information Center

'Tis the Season to be Cybersecure

As the holiday season approaches, cybercriminals ramp up their attacks hoping to catch consumers off guard. This year, however, their attacks may be aided by AI and more difficult to spot. The IBA has collected best practices and common scams to be aware of. Share this information with your consumers to help them and your bank stay safe. In this case, more knowledge equals better security, and that’s a gift everyone can use.

General Holiday Awareness Tips

• Treat every email and advertisement with suspicion. Don’t respond to unsolicited emails that ask you to click on a link or download an app to access a deal. Rather than clicking on a link from an email or text, go directly to the site of the company purportedly offering the deal. Watch out for spelling errors or incorrect grammar on email or text as these are typical red flags that help identify bogus content.
• Is it too good to be true? Look out for huge discounts on gift items, especially on social media posts or unfamiliar websites. These types of scams will impersonate major brands or nonexistent retailers to entice you with great deals for products you'll never receive.
• Steer clear of Wi-Fi woes. Avoid conducting any business online (making a purchase, donating, accessing password-protected sites) while using a public Wi-Fi network unless you employ a virtual private network (VPN).
• Avoid peculiar payment methods. Any time you are prompted to make a purchase or donation by wire transfer, cryptocurrency or gift card, it’s a scam.

2024 Trending Scams

• Charity scams: Bogus charities exploit seasonal goodwill via fake websites, door-to-door solicitations and telemarketing. Pushy charity telemarketers could be an indicator that they are imposters. Legitimate charities will accept your donations on your timeline. Be sure to do your research before you donate.
• Credit card decline scams: It’s always a great idea to pay for gifts by credit card because you can dispute charges and limit the damage if the transaction was fraudulent. However, this new scam declines your credit card then asks for a second card. You’ll be charged for purchase on both cards. If your purchase declines initially — and you believe it should not — don’t provide a second card, contact the card issuer of the initial card instead.
  Delivery scams: During the gift-giving season, people are buying online and sending gifts. Beware of phishing emails from fraudsters posing as UPS, FedEx, U.S. Postal Service (USPS), or U.S. Customs and Border Protection. They also send messages (SMS/MMS), so be wary of content on your phone as well.
• Gift card scams: Criminals steal the numbers off gift cards from a rack in a busy grocery store or big box retailer. Once you loadmoney onto the card, it gets siphoned off. Buy gifts cards online, instead of from a retail rack, where the cards can be tampered with. When receiving a gift card as a present, register it if that’s an option, and use it sooner rather than later.
• Porch pirates: With holiday shopping and shipping comes package theft. In 2023, an estimated 3 in 4 Americans experienced package poaching. To outsmart porch pirates, retrieve a package as soon as it arrives. Have the sender require a signature, if possible. Also consider picking up your package somewhere else, such as shipping to your nearest store or your workplace.
• Travel scams: Criminals may use emails, texts or spoofed websites offering travel deals, such as free or heavily discounted tickets or travel packages, to get credit card information or download malware. To protect yourself from travel scams, determine if a website is real. Don't trust phone numbers as they can be easily spoofed. Also, be wary of travel businesses that ask for payment before confirming reservations.

--Information provided by Iowa Bankers Assocation Bank Note Newsletter

Give to a charity, not a scam

There’s no shortage of good causes to donate to this holiday season. But before you give somewhere new, make sure you’re not donating to a scam.

Scammers are pros at tricking people into donating. They’ll often even use names that sound a lot like other charities you’ve heard of to get your money. Here’s how to make sure your money is going to support the cause you care about:

• Don’t be rushed or pressured into giving, especially over the phone. If it’s a request to donate on social media, take the time to make sure the person who shared it with you knows the organization or person fundraising.
• Research the charity before you give. Search the name plus “complaint,” “review,” “rating,” or “scam.” Organizations like the Better Business Bureau's (BBB) Wise Giving Alliance, Charity Watch, or Candid also let you research charities.
• Don’t trust your caller ID. Technology makes it easy for scammers to fake caller ID information. Calls can look like they come from your local area code, or from a specific organization, even if they don’t. In reality, the caller could be anywhere in the world.
• Check out the charity’s website. Does it give you details about the programs you want to support or how it uses donations? How much of your donation will go directly to support the programs you care about? If you can’t find detailed information about a charity’s mission and programs, be suspicious.
• Pay attention to how you pay. If a charity asks you to pay with cryptocurrency, by wiring money through Western Union or MoneyGram, with a payment app, or with a gift card, it’s likely a scam. Donating by credit card or check is safer.

--Information from Federal Trade Commision Consumer Advice

75% of Black Friday Spam Emails are Scams

Three out of four Black Friday-themed spam emails are scams, according to researchers at Bitdefender. Most of these scams are targeting users in the US and Europe.

“This year, 77% of all Black Friday-themed spam (by volume) analyzed by Bitdefender’s Antispam Lab team was classified as scams, while only 22% was identified as marketing lures—emails designed to drive traffic to legitimate but overly aggressive promotions,” the researchers write.

“In 2023, 7 out of every 10 Black Friday-themed spam emails were scams, compared to 2024, when this figure rose to 3 out of every 4 emails. This 7% increase in scam prevalence underscores the greed and daring of cybercriminals, who increasingly leverage fake offers and phishing tactics to exploit consumer shopping behaviors and trends.”

Threat actors are tailoring their scams to specific regions, using familiar social engineering techniques to trick people into acting quickly.

“As in our previous Black Friday scam trends analysis, scammers leaned heavily on impersonating trusted brands and leveraging psychological tactics such as urgency and exclusivity,” Bitdefender says.

“Fraudulent emails promised exclusive or early access to Black Friday deals and rewards in exchange for survey participation or irresistible discounts on mystery boxes for submitting payment details. Counterfeit Rolex watches, Louis Vuitton bags, and Ray-Ban sunglasses are among the recurring themes and usual suspects in this year’s Black Friday scam agenda, with scammers luring shoppers with realistic websites and too-good-to-be-true prices.”

Predictably, these scams have steadily increased in the days ahead of Black Friday. Similar shopping scams should be expected to continue throughout the holiday season, however.

“Spam activity surged in the lead-up to Black Friday, with a noticeable uptick starting in late October,” the researchers write. “According to data gathered between Oct. 1 and Nov. 17, 2024, Black Friday spam rates peaked at over 6% of total Black Friday Spam email volume, showing a significant increase compared to early October. The spikes in activity align with the shopping season's momentum as scammers leverage the heightened consumer interest in deals.”

--Information from KnowBe4 Security Awareness Training Blog

If you have been the victim of identify theft, here are some steps to help you get your life back on track:

1. Place a fraud alert on your credit report.
   • When you place an alert on your credit, this will prevent any other account from being opened.
   • You can request a report to see if any charges seem suspicious.
2. Close the accounts you think could be affected.
   • Contact someone in the fraud or security department of your financial institution.
   • Follow up in writing with copies of any supporting documents.
   • If any debits exist on your accounts, or a new account has been opened, ask the financial institution for the correct paperwork to dispute them.
3. File a complaint with the Federal Trade Commission (FTC)
   • When you file with the FTC, you are providing information to help law enforcement officials track down thieves.
4. File a report with the local police department
   • Filing a report, along with a complaint to the FTC, can give you certain protections to ensure your identity can be protected and restored.