Web Scammers Get a Jump on Holiday Shoppers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.wltx.com/news/national/article/254262/142/Web-Scammers-Get-a-Jump-on-Holiday-Shoppers

Mini-candy bars haven't even hit trick-or-treat bags yet, and we're already 
hearing about all the Freddy Kruegers that cause credit card nightmares 
during the holiday shopping season.

"Sometimes, the pathway to being a victim to fraud is the desire to find a 
bargain without really thinking about it," said John Buzzard, a consumer 
fraud expert and product manager of FICO Card Alert Service. "You're not 
going to find a Cartier watch for $50. If you could, I'd have one by now."

The scams, which often lure victims to provide credit card numbers, have 
grown in sophistication over the years. One hot spot: websites that offer 
incredible deals on designer duds and electronics. Buy there, and you'll be 
giving your credit card number to con artists.

One of the more troubling tricks is when a box is actually in the mail 
after you order something from these sites, and you can track the package. 
Yet when you open the box, you'll find an odd item, maybe a toothbrush or a 
shower cap, instead of that designer deal.

As we move into the holiday season, expect even more pitches by e-mail, 
text and other digital means to encourage consumers to put their purchases 
on plastic. But all that convenience can create easy pickings for con 
artists. Yes, credit cards have protections, but you don't want to be at 
risk for ID theft or face the headache of clearing up fraud.

The FICO Falcon Fraud Manager Consortium research indicates that 
"card-not-present fraud" is a fast-growing area and now accounts for nearly 
half of all credit card fraud.

Miranda Perry, a staff writer for the consumer advocacy site Scambook.com, 
said last holiday season, plenty of websites popped up that were based in 
China, bragged of big bargains and had oddly worded descriptions of 
designer items.

"That's just a very big red flag," Perry said. "The $500 handbag for $20 is 
not a real deal."

"When you go online, a little bit of research can save you money," said 
Terry Thornton, fraud services director for Comerica Bank. She suggests 
taking time to search for any complaints about a site or a product before 
buying.

Another warning: Don't fall for any phishing e-mails telling you that your 
computer has a virus, and you can get free security software by clicking 
here. Thornton said the virus software scam is alive and well lately.

"They lure you in," she said.

Many consumers aren't even doing the basics, according to an online survey 
released Monday by Experian ProtectMyID. The survey, conducted by Harris 
International, surveyed more than 2,000 consumers. The survey noted risky 
practices:

More than 40% of adults who use a smartphone say they rarely or never use a 
password to unlock it. Will a thief who picks up your phone have easy 
access to stored credit card information via a retail app?

If a phone isn't password protected, the phone thief could have "a very 
fast shopping spree on you," said Becky Frost, senior manager of consumer 
education for Experian ProtectMyID.

About 57% of online shoppers do not always go to sites directly. Instead, 
they click on links that increase the risk of going to a fraudulent site 
designed to capture their personal information.

Todd Albery, CEO of Detroit-based Quizzle.com, which provides free credit 
reports and scores, said consumers should make sure they're shopping at 
protected sites. "You'll know a website is protected by the 'https' address 
and a lock icon in the Web address bar," he said.

Beware of hackers, too. Public computers and public Wi-Fi areas that aren't 
protected by a password are not good places to buy holiday items on your 
credit card, Albery said.

According to the Experian ProtectMyID survey, about 29% of adults said they 
carry their Social Security card or a copy of it in their wallet or purse.

If you think that younger consumers are far more savvy, think again. 
Melanie Duquesnel, president and CEO of the Better Business Bureau serving 
eastern Michigan, said her 23-year-old daughter put her purse in a shopping 
cart and then discovered that her wallet was taken out of the purse. And 
yes, she had her Social Security card in that wallet - even though her 
mother has warned her about how to watch her personal information and her 
pocketbook.

In October, Royal Oak police said a string of thefts from cars at parks and 
golf courses could be connected to the Felony Lane Gang, which is involved 
in ID theft in several states.

Do not put write your PIN on the back of your debit card or keep that PIN 
in your wallet with a debit card. Thornton said some consumers say they 
cannot remember the PIN, but you're making it too easy for crooks to tap 
into your checking or savings account.

Here's another clue: A car's glove compartment isn't a secret hiding place.

"Wallets left in glove compartments account for thousands of credit card 
thefts each year," said Sukhi Sahni, a spokesperson for Capital One.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.