What is skimming and smishing? Avoid scams this holiday season

While people may be delaying their holiday shopping this season, that doesn’t mean they shouldn’t be on the lookout for where and how they shop.

While people are shopping for their loved ones, scammers tries to steal your valuable information.

Some scams are done through hardware while others can be done online.

Here are some nefarious activities you should be aware of, especially during the holiday season.

What is a credit card skimmer?

right FBIskimming involves illegally installing devices on or inside ATMs, point-of-sale (POS) terminals or fuel pumps to capture card data and record cardholders’ PIN entries.

Criminals then use this data to create fake payment cards, allowing them to make unauthorized purchases or withdraw funds from victims’ accounts.

How can you find a skimming device?

While credit card skimmers are meant to go unnoticed, there are ways to detect them to protect your credit card information and help prevent identity theft. An effective strategy, according to LifeLock, is the SCAN method, which guides you through what to check when using an ATM or other unattended POS terminals.

scans the area for hidden cameras pointed directly at the keyboard. ATMs often have cameras for security, so don’t immediately panic if you see one in the area – make sure you cover your hand while entering your PIN.
Comparison card reader and keyboard to the rest of the device. Colors and styles should match, and graphics should be aligned and not hidden.
Evaluate for obvious signs of handling. Panels may be torn or damaged, or a security seal may be broken.
Nudge card reader and keyboard. Card skimmers and fake keypads are meant to be removed, so if they feel loose, you may have spotted a skimmer.

If the machine looks suspicious, report it to an available clerk if one is nearby and find another location to use.

What is a smishing scam?

If you’re getting strange text messages and phone calls and phone numbers you don’t recognize, there might be smishing attempts to cheat you.

Smishing is a form of phishing, the fraudulent practice of sending messages disguised as a reputable source to get people to reveal personal and/or financial information, such as social security numbers, credit and debit card numbers, and passwords account.

Smishing, in particular, is done via text messages.

A smishing victim typically receives a fraudulent text message from a scammer pretending to be a government agency, bank, or other institution, such as the USPS.

What should you do if you get a crush message?

If you believe you have received a fraudulent message from a sender masquerading as USPS, report the message by email to [email protected]. Follow these steps to submit a report:

Without clicking the link, copy the message body and paste it into a new email.
Attach a screenshot of the text message showing the sender’s phone number and the date the message was sent.
Include your first and last name. in the email.
Include any other relevant details. For example, if you clicked on the link and provided personal or financial information or lost money, share those details.
Forward the text message to 7726 (SPAM).

The US Postal Inspection Service will contact you if additional information is needed.

If you receive a message that is not USPS related, text the message to 7726 and submit a report to Federal Trade Commission or from the FBI Internet Crime Complaint Center.

Does USPS send tracking text messages?

Yes, the USPS offers package tracking via text message, but customers must register to initiate the service. USPS does notdon’t send follow-up texts or emails without a customer requesting them, states the US Postal Inspection Service.

What does a package tracking text from USPS look like?

Depending on the information requested, USPS tracking texts may vary, but generally all texts include the following:

Tracking number
Package status
Date, time and location
Instructions to stop receiving messages

According to the USPS, an example text message for an estimated delivery might look like this:

USPS 01123456789123456789, Estimated Delivery By: Monday, September 11, 2017. Reply STOP to cancel.

USPS tracking texts never include clickable links.

How do you request text tracking from USPS?

People can request text message tracking by sending their package tracking number to 28777 (2USPS). The reply will contain the latest tracking update.

People looking for more specific tracking information should text the package tracking number to 28777 along with one of the USPS keywords. Keywords tell the USPS what information a person is looking for, such as expected delivery, when and where a package is available for pickup, and any past activity related to the package.

A list of keywords is available on the USPS website at usps.com/text-tracking/welcome.htm.

What other types of mail fraud should you be aware of?

Brushing is another type of fraud that scammers can use during the holiday season.

Brushing is when a person receives a package that contains items not ordered or requested by the recipient. While the package may be addressed to the recipient, the package often does not include a return address. The intent of the brush is to give the impression that the recipient is a verified buyer who has written positive reviews online. Therefore, the scammer writes fake reviews on your behalf. Fake reviews help increase product sales.

While swiping may seem like a victimless crime, the reality is that the recipient’s personal information could have been stolen. A fake review can also encourage others to buy items that don’t deserve a glowing rating.

If you think you might be a victim of brushing, there are several steps you can take. If you haven’t opened the package, write “RETURN TO SENDER” on the box and the USPS will handle it at no charge. You can also throw the package away, or if you like what’s inside, you can keep it. It is legal to keep unsolicited goods.

But perhaps most importantly, change account passwords, closely monitor accounts for unexpected activity, and notify authorities.