FBI warns of holiday online flash sales operated by ID thieves

The feds are out with their annual tips on avoiding Black Friday, Cyber Monday and other holiday-related online scams. This year, flash sales, social media come-ons and mobile shopping apps increasingly are targeting gift-givers, according to the FBI, Homeland Security Department and security researchers. And the schemes net personal information, not just cash. For instance:

• Through online marketplaces and auction websites, con artists sell defunct gift cards and promise hot items at rock-bottom prices -- after you handover payment information, reports the FBI’s Internet Crime Complaint Center. The debit cards are inactive by the time the present is opened. And the “discounters” are more interested in profiting from the personal information that is transmitted than the direct sale.

• “Never provide credit card numbers, bank account information, personally identifiable information or wire money to a person who advertises items on these sites at a too good to be true price,” bureau officials advise.

• Fraudulent sites conducting flash sales that claim limited time -- one-day or one-hour -- bargains on trendy products multiply during the holidays, the FBI reports. The fake e-tailers quickly repurpose the credit card information for their own financial gain and never fulfill the order.

• On social networks, the same tricks are attempted. A purported merchant offers amazing deals to lure members into sharing information that the merchant then uses to hack their social media accounts. The peddler tries to “log in to other accounts you may have tied to this account, or to post illegitimate offers on your behalf,” bureau officials warn.

• At any shopping forum, users should check the seller’s ratings and comments to ensure credibility, officials recommend.

A post by antivirus software-maker Symantec, peppered with product pitches of its own, notes that mobile shopping apps are a rising threat:

• These apps sometimes collect sensitive information to help consumers compare prices, check if items are in stock at other stores and even conduct the financial transaction. Individuals run the risk of exposing banking and other confidential data when it is stored externally.

• “Avoid apps that display unwanted ads or otherwise interrupt your shopping experience,” suggests Symantec Internet Safety Advocate Marian Merritt. “We call this aggressive advertising in mobile apps ‘madware.’ ”
• Shopping information stored inside a mobile device also can be compromised. Merritt recommends using complex passwords to protect data “from cybercriminals or even a snooping kid who is curious about what you’ve bought them this year.”

• After losing out in a flash sale or online auction, a red flag that you have been conned is a follow-up message from the vendor. “If someone tries to contact you after you fail to win an auction saying they have another of the same item or the original buyer backed out, don’t fall for it,” Merritt says.

The U.S. Computer Emergency Readiness Team has republished a 2011 advisory on seasonal computer infections. The alert focuses on scams instigated by email, such as virus-laden season’s greetings e-cards and requests for end-of-year donations from shady charities: 

• The specialists at U.S. CERT, a Homeland Security unit, say do not follow links in emails that you did not ask for.

• Check the integrity of the philanthropic organization on the Better Business Bureau's National Charity Report Index, officials recommend. (Editor’s note: GuideStar also is a good resource for researching the financial status and relative efficiency of foundations. However, registration is required for accessing certain data.)