The calendar year (and the decade!) are winding down. Year end in the United States is a busy time. The old cultural touchstones of holiday shopping and charitable giving are still alive and well. But new markers of the end of the year have arrived too.
Now, holiday shopping means online purchases and doorstep delivery. All your favorite charities have gone online too, joined by new ways for those in need to ask for help, like GoFundMe and Causes.com. The end of the year is also time for making updates to employee benefits, as well as insurance plans through the ACA Marketplace and Medicare.
What do all of these activities have in common? Money and attack surface. The holidays/year end are a time of spending and lowered defenses. People are relaxing into the season of giving and family time. If it’s been a good year, they might be reveling in a generosity of spirit. Criminals are smart enough to see it: December is a great time to score big. Here’s how to protect yourself while maintaining that spirit of relaxation and giving.
Online & Mobile Shopping
Sixty-one percent of all online Black Friday shopping in 2019 happened on smartphones. That’s $2.9 billion in smartphone transactions in one day.
While it’s convenient to shop from the palm of your hand, be aware that it’s hard to spot a fake or cloned website on a mobile device. You might think you’re perusing a reputable site, but it could be a scammer’s sham site set up to grab your credit card info.
If you’re shopping on mobile, you probably aren’t at home on the couch on your private wi-fi network. Never make purchases on your phone on unsecured public wi-fi unless you have a reputable VPN installed and turned on. If you have to make a purchase on the go, connect to your cellular service provider. Cellular service is encrypted and unlikely to be hacked.
Once you’ve made all your purchases, you can sit back, relax, and watch the packages roll in. Most retailers will communicate with you via email during your items’ journeys from warehouse to shipping hub to truck to doorstep. You may have ordered enough items that you can’t quite track what’s coming when, from whom, and via which service. Luckily, an inbox full of messages from FedEx, USPS, DHL, and UPS are waiting for your clicks. But not so fast!
Scammers take advantage of your confusion and loose clicks at busy times like these. Before you click any delivery confirmation or tracking email, study it closely. Make sure the “From” line contains a valid email address for the delivery company. Make sure the wording is logical and references something you recognize, like your name or the item you ordered. If you’re uncertain for any reason, don’t click any links. They are likely to contain some form of malware. (UPS has done a great job compiling scam messages sent in their name. Take a look at literally 100 examples.)
The holidays really pull at your heartstrings. You’re nostalgic. You want to join in the spirit of giving. You’re spending a lot of money on presents, and you want to share the love with someone in need. Charities and scammers alike want to catch you in this mood and put your money toward their cause. Keep your eyes open so you can be sure that your well meaning gift is going to a trusted nonprofit or individual and not a malicious actor.
Just as a scammer can create a phony retail site that’s hard to detect on a mobile device, they can also create sham donation sites. If you’re logging on to donate to a charity, make sure it’s one that you know and trust. Check the URL to make sure it’s legit and make sure you’re donating on a secure page.
The rise in crowdfunding sites means that more people than ever can broadcast their needs to a caring community of donors. Before giving to someone who is sick or needs money for transportation or gifts for underprivileged kids, do your research.
Look up the individual who created the crowdfunding campaign. Are they a known community organizer in the area where they are raising funds? Do you have friends in common who can vouch for their honesty? Check your emotions before you pull out your credit card. Plenty of unscrupulous people have faked illnesses or created other phony situations to gather donations through crowdfunding campaigns.
The end of the calendar year usually means the end of one set of health benefits and the beginning of another. Medicare enrollment changes were due on December 7 and changes to Marketplace insurance plans were due on December 15. But fraudsters are still on the go.
The FTC issued a warning regarding the various scams that are popular this time of year. Many of these scams prey on older adults who are enrolled in Medicare. They might get a call insisting that they have to enroll in a pharmacy plan or they will lose their Medicare coverage altogether. Or a caller could present as an “official Medicare agent” and demand payment over the phone while threatening loss of coverage.
Enrolling in an ACA plan is simple enough through the online portal. The main tip is to be certain you’re only providing personal information on sites that contain “.gov” as part of the URL. In some cases it is necessary for a representative of the Marketplace to call you. Agents of the Marketplace will always provide you with their first name and agent ID number (you should write them down). It may be necessary to verify your identity on the call using your name, address, social security number, or some other piece of information. The caller will not request any personal financial or health information.
Once you’re enrolled in a plan, you’ll receive a number of phone calls, emails, and/or letters regarding your payment options. These should come directly from the insurance company you selected on the government website. Be certain that when you log on to pay, you type in the correct address (don’t click on links from dubious sources). Cases of sham website presenting with similar logos as insurance companies like Blue Cross have occurred in the past.
Be Generous, Be Cautious, Be Safe
Don’t lower your defenses just because it’s the holiday season. Scammers and hackers are still working hard. Keep up the good work of cautious clicking and careful sharing of personal information. And by all means, be as generous as you can with the charities and individuals you’ve verified.
Asylas wishes you a joyous holiday season and a happy new year too. If your company has security needs in 2020 contact us at firstname.lastname@example.org or 615-622-4591. We’d love to work with you!