In this issue:

• Spotting fake gift cards

• Venmo payment scam

• Data breaches this week

• RERUN from July: Fake shopping sites

Spotting fake gift cards

I am not great at picking out gifts for other people, so gift cards feel like the perfect present. They are simple to buy, easy to give, and widely accepted by stores. That convenience is also what makes them attractive to criminals. Gift card scams steal billions of dollars from consumers every year, and once the money is gone, it is almost impossible to recover.

For years I've been listening to the radio show (now podcast) of Clark Howard, who has warned for a long time not to trust the gift cards purchased off the racks at pharmacies, grocery stores, or anywhere they are sold.

The criminals use automated tools to monitor the balances of the compromised cards. When a legitimate customer purchases and activates a card with funds, the scammers immediately steal the money by making online purchases or transferring the balance to their own accounts. 

The good news is that spotting these scams is not difficult once you know the warning signs that I learned from him.

Check the card before you buy

Gift card racks in stores are open to everyone. Scammers sometimes tamper with the packaging, record the numbers, and wait for someone to activate the card. They may even will steal the cards and bring them back to the store after capturing the information.

• Before buying one, look carefully at the packaging. Make sure it has not been opened or altered. Look for tears, wrinkles, or exposed nicks along the pull tabs or sealed edges.

• If you can see the back of the card, check that the protective strip covering the PIN is still intact. The protective scratch-off layer over the PIN should be flat and smooth. Avoid cards where the cover is missing, has pieces missing, or shows signs of having been removed and reapplied.

• Run your finger over the back of the card to check for a fraudulent barcode sticker placed over the original printed barcode.

• Check for misaligned printing, smudges, excess glue residue, or unusual card thickness compared to other cards of the same brand. 

• Take a card from the back of the rack, because the scammers will have the put the vulnerable ones at the front. Or better yet, only buy from stores where the gift cards are placed in a secure location, just like Costco does with the various gift cards and gift certificates they sell.

Always keep the receipt since it can help you if you need to report an issue to the card issuer. When possible, purchase digital gift cards from the official websites of well known retailers like Amazon or Walmart. This simple step protects you from cards that have been altered or compromised in stores.

Venmo payment scam

Mobile payment apps make it easy to split a dinner bill or send money to family, but they also create new opportunities for scammers.

A rising scheme is targeting people who use Venmo and PayPal, and the trick starts with one small detail. The two services can now send money to each other. That convenience also makes it possible for someone on PayPal to look you up on Venmo by using your phone number.

Criminals take advantage of this by sending a payment to a stranger, then messaging, “Oops, wrong person, can you send it back?” It sounds innocent, but it is a setup. The original payment is often made with a stolen card or hacked account. When the real owner reports the fraud, the payment gets reversed. If you already sent the money back, you lose it. The scammer keeps the money and disappears.

There is a way to shut this down before it starts. Venmo gives you control over who can search for your profile. Many users do not realize this setting exists, and the default is more open than it should be.

To tighten your privacy, open the Venmo app and follow these steps:

• Tap your profile icon (your picture)

• Go to Settings (the gear icon)

• Select Privacy

• Change the option so only trusted contacts can search for you (not Public)

This small change blocks strangers from discovering your profile through your phone number. It also helps prevent unwanted requests and reduces your exposure to the wrong person refund scam.

If you ever receive money from someone you do not know, never send it back. Contact Venmo support and let them handle the reversal. Scammers count on quick reactions and good manners. A few seconds of caution can save you from a costly mistake.

Data breaches this week

Most of the time these will be companies that you don’t have any personal data with, but scan the names to make sure you aren’t affected.

• Asahi Group Holdings of Japan: 1.5M individuals: Asahi Data Breach Impacts 2 Million Individuals

• Dartmouth College: 33k residents: Dartmouth College Confirms Data Theft in Oracle Hack

• Iberia Airlines: Undisclosed: Spanish Airline Iberia Notifies Customers of Data Breach

• Delta Dental of Virginia: 146k people: 146,000 Impacted by Delta Dental of Virginia Data Breach

RERUN from July: Fake shopping sites

Following a lead tweeted by a journalist in Mexico, another large set of fake shopping sites has been uncovered by cybersecurity company Silent Push. The English and Spanish websites have been traced back to China.

Everyday, thousands of website domains are registered, and a large majority of them are intended for scams. The cybersecurity firm identified several brand names, such as Apple, Harbor Freight Tools, Michael Kors, REI, Wayfair, Wrangler Jeans, Brooks Brothers, Jos. A. Bank, Nordstrom, Guitar Center, Tommy Hilfiger, and Tumi being targeted with copycat sites.

If you see a shopping advertisement on Facebook, Instagram, TikTok, Google, or somewhere else, it’s very likely to be a scam. Always check the website address. Even if it looks legitimate, it could easily be a site created by a criminal. In this collection of websites they found harborfrieght[.]shop (e and i are reversed), brooksbrothersofficial[.]com, nordstromltems[.]com (a lowercase L instead of an i), guitarcentersale[.]com, tommyilfigershop[.]com (missing an h), and tumioutlets[.]com.

Here are some way to identify fake shopping sites:

• Look for website names that are variations of legitimate sites:

  • Switching i, l, and 1, or zero for an O.

  • Using foreign or special characters.

  • Adding sale, outlet, official, clearance, or discount into the website name.

• You can use the “lookup” tool to see when the website domain was created.

• Be suspicious of heavily discounted prices. If it’s too good to be true, it probably is a scam.

• Look carefully at the website content for blurry images or logos, missing pages such as the “Returns Policy”, limited company contact information, and grammatical mistakes.

You should assume that a large number of advertisements you are seeing are now created by criminals. If you want to look for a deal, go directly to the retailer’s website and located the sale and clearance sections. Don’t lose your money to the criminals.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com