Travel and shopping have become synonymous with this time of year. Trying to juggle working and year-end deadlines with buying gifts and visiting family and friends, often leaves people exhausted. Looking for short-cuts to getting all your items on your list checked off? You may want to slow it down a bit and make sure you aren’t falling for scams or worse, some activity that compromises your personal identity.
While reading a recent issue of Fraud magazine, I was astounded at the level some folks will go to make money off of the average consumer. Not that one would actually expect to find happy stories in such a magazine. To make things worse, some of the scams have been happening for quite some time. Hey, it worked in the past, people forget, so why not try it again? Being aware during the holiday craziness is your best defense. Here’s some of the schemes that really irked me (and I am sure many of you sadly have other tales of woe):
Buying for your favorite pet:
These days, it’s easy to create a label on a printer and produce packaging that looks like the real thing. Recently, another scam came up where the vendors were smuggling in fake flea and tick medication that was sold mostly online under popular brand names. Fluffy unfortunately cannot tell you if the medicine tastes different or is not working as well. The FDA has published on their website that “there are Internet sites that represent legitimate pharmacies” and that “If you are ordering pet medications online, you should look closely to ensure that you’re ordering from a reputable pharmacy.”
Buying food items such as Extra-Virgin olive oil (EVOO):
This one really hit home. My husband and I have traveled to Italy and Spain and like to think we are discriminating consumers who know what brands to purchase and can tell the difference in taste. We like to cook and we use a lot of EVOO, and often look to buy big containers at a good price. After reading about reports of contaminated or adulterated EVOO, I am not so sure that what we have been using is totally the real thing. The International Olive Council website has everything you want to know about olive oil including the legal definitions for the various types of olive oils. Some of the additives found in EVOO have been other oils such as soybean, corn, and sunflower. What really got me is that they found oils from hazelnuts and peanuts, both high-allergy products. The North American Olive Oil Association (NAOOA) conducts the nation’s largest olive oil testing and certification program, and provides a list of brands that agreed to product testing at least twice a year, for quality as well as purity.
Making charitable donations:
Our firm works with many non-profit organizations in the Metropolitan area and we truly care about the ability of these organizations to be able to collect donations so that they can fulfill their missions. With the end of the year approaching, many consider making donations in order to claim a charitable deduction on their tax return. With countless organizations asking for support, especially in the wake of the recent hurricanes, giving to legitimate organizations for legitimate causes may not be as simple as it seems. The Federal Trade Commission (FTC) has a website for consumer information and notes “do your research to avoid fraudsters who try to take advantage of your generosity” and provides tips to help make sure that the charitable contributions actually go to the cause you support. Sources to check out a charity include Better Business Bureau Wise Giving Alliance, Charity Navigator, Charity Watch, GuideStar, IRS Search for Tax Exempt Organizations, and National Association of State Charity Officials. If you are donating online, make sure that the website is the official website, and that SSL (secure sockets layer) encryption installed. The site’s URL will start with HTTPS:// (instead of just HTTP://) and an icon of a locked padlock will appear, typically in the status bar at the bottom of your Web browser. PayPal is generally a safe method for making online payments/contributions (however, see next bullet).
Clicking on Email links:
Nothing is sacred. You get an Email with a link to on a holiday greeting. Or you get an email from your bank requesting you confirm your information as part of a security review. Beware of the ever-present Email phishing scams. Also on the FTC’s Consumer Information website, is information about email phishing scams and offers practices to reduce your risk of being scammed. “Phishing scammers make it seem like they need your information or someone else’s, quickly – or something bad will happen. They might say your account will be frozen, you’ll fail to get a tax refund, your boss will get mad, even that a family member will be hurt or you could be arrested. They tell lies to get to you to give them information.” If you click or respond, the damages can be extensive. The scammers go to great lengths to mimic the look and feel of the company that is asking for your info or requesting you to simply click on a link. Hot off the press is an Email scam that is very sophisticated and actually comes from an official PayPal source. The Email informs users about a change in their “billing information” and directs the user to click on a link if the user did not make the supposed change. The link then takes the user to a fake login page that looks just like an official PayPal web page. PayPal recommends that if you cannot tell if the email is real or fake, then go directly to their website, and login to check its resolution center, where you will see a verified green signature on the web address. When in doubt don’t click and check directly with the company or the person sending you the email to ensure it is valid.
Using public charging stations:
You are out and about running all kinds of errands, or you are traveling, and your phone needs to be charged but your charger is nowhere near where you are. You may be tempted to use a public charging kiosk. Let your battery run out. It doesn’t matter what type of phone you have as they all allow the power supply and data stream to pass over the same cable. That means the cable is used not only to recharge your battery but also to transfer and sync your data. By plugging in someone else’s USB, you may be allowing that user to inject malicious code onto your device and steal your data. You don’t know what the other end of the cable is plugged into. This is known as Juice Jacking. Nope, not a new fad liquid diet. Since smartphones are really mini hand-held computers that also happen to make phone calls, almost all of us have personal identifying information stored on our phones that can be very attractive to cybercriminals. And don’t forget about tablets as the same rules apply. Keep your devices charged, carry your charger with you, carry a backup power charger, and avoid using public USB chargers. If you need to use a public charger, make sure that you are directly plugged in (use the AC/DC charger). Also consider using your phone’s security features as many have the ability to request your permission to transfer data or not if your phone is connected to a USB cable.
Getting to the holidays and year-end can be stressful enough. A little bit of vigilance and acumen can help you to enjoy the holidays. From all of us at Cerini & Associates, wishing you a safe and joyful holiday season and a very happy New Year.
Shari Diamond, CIA
Shari has been with Cerini & Associates, LLP since 2008 where she works primarily with the firm’s school district clients providing internal audit and claims audit services. She has over twenty years’ experience performing internal audits, risk assessments, and compliance reviews, as well as recommending processes to strengthen the internal controls environment while increasing efficiencies. Her prior experience at PWC and Northrop Grumman included performing Information Technology audits.