6 holiday scams you need to know about

Whoa, we blinked and it’s mid-November! The days are shorter, your to-do list is longer, and scammers are ready to catch you off guard. Luckily, you’ve got me on your side with the top holiday scams.

📲 ‘Hi, I’m calling from Amazon’

Criminals and AI voice bots are calling, emailing and texting, claiming to be Amazon employees. Oh, no, your account is on hold! Or there’s been suspicious activity you need to deal with now. They’ll ask you for your payment info — that’s a glaring red flag.

Stay safe: Only put payment details for Amazon directly into the website or the official app. If you get one of those calls, hang up and Google the phone number. I bet you’ll see reports from others who got the same call.

💻 An offer you can’t refuse

There’s an email in your inbox from Macy’s, and whoa! Everything is 50% to 70% off! Click the link, head to the site and all looks normal. Once you check out, though, you’re in big trouble.

Scammers use real brand assets (like logos, fonts and photos) to make you think Macy’s or another big retailer is having a major holiday sale. Then, they direct you to a site that looks like the real thing … but it’s not.

Stay safe: Always, always triple-check the URL. If you’re not sure of a retailer’s website, search in your browser, but don’t click any sponsored results. Type in the address yourself if you know it.

📦 Your package can’t be delivered

You receive a text or email saying your order is stuck at a shipping center. With all the online shopping we do, you probably don’t remember every purchase. Click on the link they sent you and you’re well on your way to a phishing scam.

Stay safe: FedEx, UPS and the U.S. Postal Service will never text you from an unknown number. If you’re worried about a delivery, call the shipping company directly. In emails, watch out for any subtle misspellings in the email address or the sender’s name. Block and report anything fishy.

🤑 The fake seasonal job

Continue reading

$96 million, missing: Thousands of Americans lost their savings after fintech firm Synapse collapsed. Customers thought their money was government-backed, but now, banks are returning very little — or nothing at all. One family was offered $500 for their lost $280,000. This is your reminder to triple-check your money to make sure it’s in an FDIC-backed account.

🪪 Beyond the airport: Travel verification company Clear is working on facial recognition for everything: Replacing your wallet, driver’s license, passwords and even your house keys with a selfie. They say it’ll help prevent fraud and be more convenient. What happens if hackers steal your face when it’s your universal ID?

There’s no fun in these funerals: Scammers are creating 24/7 fake funeral livestreams on Facebook and tricking people into handing over their credit card info. They use real photos and details about a person who’s passed, then they ask for a card “to verify your location” and secretly set you up for recurring payments.

🚦 Cop-out behavior: Two Missouri police officers got busted using traffic stops as a way to see naked pics of women. One former officer reportedly searched 20 different phones last year. He told the victims he was looking at their phones for insurance info, then, if he found racy pics on their devices, he snapped photos of them with his own phone. He and another trooper pleaded not guilty.

Major lawsuit incoming: A student at a private school in Pennsylvania made AI-generated naked pics of 50 female classmates. It took nearly a year to arrest the creep. Jeez, almost a year … The head of the school and the board’s president resigned. They should’ve been fired.

📨 You’ve hit the scan-pot! Cybercriminals are sending paper letters to launch new phishing attacks. They’re including QR codes to download a weather app that — you guessed it — unleashes malware to steal sensitive data, like banking info. PSA: Don’t scan random QR codes.

Porch pirates are smarter than ever: Across the U.S., they’re stealing AT&T iPhones delivered by FedEx. They’re using tracking numbers to get real-time updates and swipe packages in seconds. Even worse? The info might be coming from rogue AT&T employees. Get a lockable porch box and a video doorbell.

We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.

I can bearly believe this story. Four dopes used a bear suit and fake claws to ruin a Rolls-Royce and claim the insurance money.

🦴 A robot dog is patrolling Trump’s Mar-a-Lago: “Spot” is unarmed and has a “Do not pet” sign on each leg. The Secret Service isn’t saying what it’s being used for, but with cameras, thermal sensors and a $75,000 price tag, surveillance to protect the President-elect is obvious — he needs it.

I had a joke, but someone stole it: I thought this was interesting. Radio-emitting threads could replace metal tags to stop shoplifters. A company called Myruns is behind the tech. The threads are five times thinner than a single human hair. Special ink inside the threads would transmit signals to set off alarms.

Oops, they did it again: First, Communist China copied the U.S. military’s F-35 jets using stolen drawings and secrets. Now, their military is ripping off our robot dogs, too. China’s “robo wolves” follow commands, like “sit,” “stand” and “move,” and they can do other tricks, like running, carrying supplies and firing rifles. Who needs spy movies when our military secrets are practically doing press tours?

Social Security recipients get a 2.5% raise in January: Scammers are on it. The increase will show up automatically in your bank account or as a check in the mail, no action needed. If anyone contacts you asking for “extra steps” to get your raise, it’s a scam. Report any suspected fraud.

Bad idea: Mozilla has collected more than 30,000 hours of voice recordings from volunteers worldwide. Its Common Voice project is a free public dataset anyone can use to train AI software in 180 languages. Here’s the catch: Mozilla won’t say how or who will use your voice. Don’t add yours.

Just say no: An Uber or Lyft driver might ask you to pay in cash so they can take home more money. They make as little as $9 an hour (paywall link) through the app, but a cash payment means no safety features like the emergency button, and you’ll get hit with cancellation fees.

🎣 Reeled in a big one: A 33-year-old Nigerian man was sentenced to 10 years for a phishing scam that stole $20 million in nest eggs from over 400 U.S. homebuyers. He sent phishing emails to real estate professionals, tricking them into providing their login credentials. Using those, he redirected home purchase payments to compromised accounts and laundered the money into bitcoin via Coinbase, according to the DOJ.

Pass on this NAS: Over 60,000 D-Link network-attached storage (NAS) devices let hackers slip in data-stealing code. Affected models include the DNS-320 Version 1.00, DNS-320LW Version 1.01.0914.2012, DNS-325 versions 1.01 and 1.02, and the DNS-340L Version 1.08. D-Link’s advice? Replace it. Here’s an alternative.

We may receive a commission when you buy through our links, but our reporting and recommendations are always independent and objective.

🚨 North Korean hackers are targeting Macs: It starts with an email containing a fake crypto news headline, like “Hidden Risk Behind New Surge of Bitcoin Price,” and includes a link to a PDF. The link actually leads to a malicious app that lets the sender take control of your system. If you’ve clicked on a random PDF link recently, scan for malware ASAP.

😤 Hackers are breaking into Ticketmaster accounts: They’re stealing tickets to resell. Just ask Mika, who changed her Ticketmaster password but was still scammed out of $400 worth of tickets. Live Nation, Ticketmaster’s parent company, controls around 80% of concert ticket sales and says they can’t fix this problem.

Working the system: Cybercriminals are using hacked government and law enforcement email addresses to request customer data from Big Tech companies. Police usually need a search warrant for files and messages, but for basic details like phone numbers, login credentials and approximate locations, a request is all it takes.