Ellliott Greenblott | Fraud Watch: 'Tis the season for holiday shopping - and phishing scams

Posted
In case you haven't noticed, the holiday season arrived early this year (right after Labor Day) and once again the Grinch in the form of a con artist is working hard to ruin your celebrations. In this two-part series, we'll look at a number of ways criminals are working to separate you from your money.

Black Friday and Cyber Monday sales have become a major part of the shopping season on the con artist calendar. A "new" twist seen this year is the use of email messaging to obtain Amazon account and credit card information. The message states that "your account has been accessed from a different device" and mentions "suspicious" activity, asking you to click a hot link — underlined text — "to Regain Access."

The link takes you to a browser page displaying the Amazon logo and looking remarkably like a normal Amazon sign in page requesting your Amazon log in email address and Amazon password. Clicking on the sign-in button opens a new web page which also looks quite legitimate requesting credit card information and a Social Security number and is followed by another page to verify driver's license and other personal information. Once you have entered all of this information, the fraudulent website actually deposits you on the "real" Amazon website.

I note that this is a new twist because it is the first time I have seen this scam on an imposter website for a commercial vendor. Similar attempts frequently use imposter bank or credit card email notices and bring into question the legitimacy of other email messages received from businesses.

One basic understanding — legitimate commercial enterprises are well aware of online security and do not send this type of message. If you receive one, the best first step is to examine the address of the sender.

For Amazon, the address would be Amazon.com; an email from a credit card company address would be from an issuing bank such as citigroup.com or bankofamerica.com. Legitimate commercial websites display the letters HTTPS or a padlock in the address line of a web page and display the name of the company such as https://Amazon.com.

A second step is to determine if there is any problem with your account. Contact the company that is the assumed source of the email by using a phone number or website you know is correct. Use the phone number on the back side of a credit card or the one that appears in a commercial web site listed in an internet search or stored in your computer contacts.

The third step is to report the scam. Businesses such as Amazon and credit card companies want to know if there are imposter messages in circulation so report the incident to them. In addition, report the attempted scam to your state consumer protection agency. In Massachusetts, it's the Attorney General's Office: (617) 727-8400 http://www.mass.gov/ago/consumer-resources.

Traveler Alert: Booster Bags! Never heard of them? Many business owners and managers know them — shoplifting tools! A booster bag is a hollowed-out tote, shopping bag, suitcase that has the bottom removed and a clutching device or adhesive material installed. The shoplifter places the bag on a counter or over an item on the floor, activates the clutching device, and walks out of the store with the stolen merchandise.

What does this have to do with travelers? Identity thieves have been arrested at some major transportation hubs including airports using booster bags. Travelers put a briefcase, carry-on, or purse on the floor as they shop in a newsstand or grab food or a beverage. The thief moves next to the victim, places the booster bag over the other item and walks away. The victim suspects nothing.

Booster bag thefts are becoming more common and the best way to thwart the thief is to physically maintain control of your bags at all times when traveling.

Elliott Greenblott is a coordinator for the AARP Fraud Watch Network and writes this biweekly column. If you suspect that you may be a victim of a computer-based scam, call the AARP Fraud Watch Network hotline at 877-908-3360 or the Massachusetts Attorney General's Consumer Protection Division at (617) 727-8400.

TALK TO US

If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.



Powered by Creative Circle Media Solutions