WASHINGTON — As boxes arrive on the porch and holiday cards in the mailbox, you may have noticed your email and text inboxes filling up with urgent, suspicious messages.
Unless you have a workshop of elves helping you complete your holiday gift list, you’re probably heading online to do at least some of your shopping.
With that, there’s a chance of flurries of texts and emails about your order from shippers, stores, and scammers.
THE QUESTION
How can you tell if one of these messages is legit – and what do you do if it’s not?
THE SOURCES
WHAT WE FOUND
These messages – known as “phishing” – happen all the time, but can get particularly bad this time of year. The Federal Trade Commission defines phishing as a type of online scam targeting consumers by pretending to be from a well-known source, like a shipping company or retailer, and then asking the consumer for personal information.
Often, scammers rely on a shock factor to put targets on the back foot.
“You see that you think to yourself, oh my God, I've got to make sure everything's okay with the account,” said The Better Business Bureau’s Melanie McGovern.
Even a spot on the “nice list” – or the do not call list – isn’t enough to avoid being targeted.
“They don’t care about the laws that we have in place to protect customers,” she said.
This week, Amazon warned customers to be wary of calls, texts, and emails pushing you to confirm or cancel a purchase by providing payment information, installing software, or purchasing gift cards.
On its website, FedEx describes several types of phishing scams more common this time of year, including “vague” messages about undeliverable packages or more information needed.
And the FTC cautions consumers about opening links and emails offering deals or free items – even though the rewards don’t exist, the emails will get your *real* information if you engage.
Even in the frenzy of the season, don’t click the link before you stop and think:
If you get an alert about a package delivery issue, are you even waiting on a package from that company?
Is the message threatening or urgent?
Does the link include the company’s name?
Is it asking you to enter a password, address, or credit card number?
Even if a message seems legit, our sources say the best idea is to go straight to the store or shipping company.
“Go to the retailer's website, enter your account information, and see what's going on with that package,” said McGovern.
If you do click a link you shouldn’t have – or give personal information to the wrong person – there are resources to help.
IdentityTheft.gov is an FTC website that will walk you through next steps based on what information you gave.
Bottom line: As you make your way through your shopping list, when you get a link – check it twice.