Stay a step ahead of cybercriminals this season by being aware of these scams.
It’s no wonder so many of us look forward to the holidays. It’s a time to gather with family and friends, share memories and gifts, and make plans for the coming year.
Cybercriminals look forward to the holidays, too—but for starkly different reasons.
This time of year represents an opportunity to unleash their schemes on a busy, distracted audience that’s focused on merriment, not mayhem. But being aware of some common scams can help keep you safe throughout the holidays.
Billions of packages are shipped during the holiday season.1 So, it’s not surprising that cybercriminals have concocted several schemes related to package deliveries.
A popular scam involves receiving a text or email that asks you to click on a link for a number of reasons, such as to get an update about the delivery date, track the package location, give your payment preferences, provide delivery instructions, or pay a shipping fee. You may also be given a phone number to call for more information about your delivery. Since fraudsters want you to act without thinking, they may convey a sense of urgency in their message.
While some of these communications are obviously fraudulent—perhaps containing multiple misspellings or other errors—many are carefully crafted, even replicating a shipping company’s logo or email format in some cases.
So, it’s easy to get duped, especially during the hectic holidays.
Unfortunately, clicking on the link may infect your phone or computer with malware that enables a cybercriminal to capture your passwords or take control of your device. Or it may direct you to a form that requests personally identifying information, which can be a gateway to identity theft.
Calling the number typically leads you to a friendly-sounding individual who asks you to verify your personal information or provide the credit card number used for your purchase. You might also be asked to pay an additional delivery fee, customs fee or tax for the package.
If you receive any of these communications, it’s best to simply go to the shipper’s website for more information about your alleged delivery using the tracking number provided. (Type the website address directly into your browser because search results may lead you to a fake or phishing site that mimics the authentic one.) Or call the shipper using a verified phone number.
Sometimes scammers take a more aggressive approach and call you pretending to be a representative from a package delivery service. If this happens, don’t provide any personal information—just hang up. If you receive a voicemail with a call-back number, don’t return the call.
Who doesn’t hate missing a package delivery?
Cybercriminals know this. So, they’ve created a ruse that involves leaving a note on your door claiming to have a package for you that couldn’t be delivered. The note contains a phone number to call and reschedule the delivery. If you call the number, you may be greeted with questions related to your personal identity that could later be used to commit fraud.
If you receive a missed delivery note, look at it closely for any mistakes or other signs that it could be fraudulent. It’s also a good idea to check your recent orders to see if a delivery was scheduled for that date. Even if the notice looks legitimate, don’t call the number listed on the note. Instead, visit the company’s website to find the official customer service number.
'Tis the season for gift cards. So, naturally scammers have devised some ploys to take advantage of this.
A common gift card scam involves receiving a phony or “phishing” email or text that appears to be from someone you know—such as an executive at your company—and asks you to purchase multiple gift cards for a work-related function. Or perhaps it’s a personal request allegedly from a relative or friend who claims to need some help with ordering gift cards.
If you receive any unusual requests for gift cards during the holidays, reach out directly to the individual by phone to confirm the authenticity of the request.
During the holidays, you might see promotions or contests on social media sites offering gift cards or vouchers in exchange for simply completing an online survey. Unfortunately, the survey usually isn’t legitimate. It’s only a means of capturing your personal information to commit identity fraud or other types of cybercrime.
Or you might be offered a prize for just liking or sharing a social media post. But doing either could infect your device with malware.
The bottom line? Be extra cautious during the holidays on social media, especially with enticing offers that seem unusually generous.
According to song, it’s the most wonderful time of the year. And, during the holidays, we open our hearts and wallets to help those who need it most. Unfortunately, fraudsters are ready to swindle generous individuals with old tricks or new scams.
To ensure your money is going to help those in need, take your time and research the charity you are donating to if you are unfamiliar with the organization. Sites such as CharityWatch, Charity Navigator, GuideStar and Better Business Bureau Wise Giving Alliance offer ratings about charities, as well as insight into how charities conduct their business and spend their donations. Use the Internal Revenue Service (IRS) Tax-Exempt Organization Search to determine if your contribution is tax deductible and help confirm the authenticity of a charity. Scammers may try to push your emotional buttons with unsolicited calls, but trust your instincts. Don’t feel guilty about pausing to assess the situation before handing over your money.
If you make a donation online, make sure the URL of the site begins with https://. That “s” indicates it’s a secure, encrypted connection. For an added layer of security, use a credit card. If you use a credit card, you can dispute the charges with your credit card provider if you’re a fraud victim. Plus, using a credit card may make it easier to document your donation for tax purposes.
Record every donation you make during the holidays, including the date, charity’s name, donation amount and method of giving. Then review your financial statements later to confirm your donation was for the correct amount. It’s also wise to make sure you haven’t inadvertently agreed to make recurring donations to the charity.
For even greater security, think about opening a Donor Advised Fund (DAF) account. A DAF is an easy way to coordinate your philanthropic giving, and your DAF donations qualify for a tax deduction immediately at the time of the contribution. Plus, a DAF enables you to recommend how your money should be granted. Consult with your Morgan Stanley Financial Advisor for more information on the Morgan Stanley Donor Advised Fund, Morgan Stanley GIFT.
We hope you’ll enjoy the holidays without the stress of dealing with fraud. But, if you fall victim or even encounter a scam, here’s what to do:
Another line of defense is designating a Trusted Contact to your accounts, which can help protect against fraud and is permitted by FINRA.2 A Trusted Contact is a person appointed by a client who serves as a point of contact in case a concern arises about the client’s health status, financial activities or wellbeing. It is important to note that a Trusted Contact is not authorized to act on your behalf or make any investment decisions. Reporting suspicious activity as soon as it occurs can help protect you and others.
Learn how to protect yourself.
If you suspect you may be the victim of fraud or identity theft, or if you notice
suspicious account activity or receive a questionable email or text that
appears to be from Morgan Stanley, please contact us immediately at
888-454-3965.
(24 hours a day, 7 days a week)
For international clients, please contact your Morgan Stanley Client
Representative immediately to report any online fraud or security concerns.
Footnotes:
1 U.S. Postal Service, U.S. Postal Service Ready to Deliver for America During the Holidays, Sept. 19, 2023, https://about.usps.com/newsroom/national-releases/2023/0919-usps-ready-to-deliver-for-america-during-the-holidays.htm
2 FINRA, Rule 4512. Customer Account Information, https://www.finra.org/rules-guidance/rulebooks/finra-rules/4512
Disclosures:
This article is provided for educational and informational purposes only and no representation of any kind is intended with respect to the practices described. Nothing in this article should be construed as a cybersecurity evaluation. Morgan Stanley is not responsible for determining what cybersecurity best practices are most appropriate for your needs. While efforts have been made to assure the completeness and accuracy of the information as of the date of the presentation, no representation is made that such information is accurate or complete, and Morgan Stanley undertakes no obligation to update the information as its practices change. Reproduction, transmission, dissemination, or other use without authorization or attribution is prohibited.
Morgan Stanley Smith Barney LLC is not implying an affiliation, sponsorship, endorsement with/of the third party or that any monitoring is being done by Morgan Stanley Smith Barney LLC (“Morgan Stanley”) of any information contained within the website. Morgan Stanley is not responsible for the information contained on the third party website or the use of or inability to use such site. Nor do we guarantee their accuracy or completeness.
© 2024 Morgan Stanley Smith Barney LLC. Member SIPC.
CRC#4068625 (12/2024)
