Established charitable organizations like the American Red Cross have made it easy and convenient to contribute to victims of natural disasters like Hurricane Ian, with property damage estimates ranging from $41-$70 billion. However, imposters circulating similar-sounding names like the U.S. Red Cross are also trying to collect money—but for fraud and theft purposes.
A similar phenomenon occurred in 2020 and 2021, when the COVID-19 pandemic, wildfires and other natural disasters encouraged many Americans to increase their charitable giving—but this generosity also led to an uptick in scammer behavior. As a result, there were 2.8 million reports of fraud totaling $5.8 billion in 2021, up more than 70% from 2020.
And now, more dangers are lurking with the upcoming holidays, when generosity is top of mind. With so much digital gifting and giving this time of year, it's important to take precautions to help safeguard personal data, said Krista Taylor, information security program consultant at BOK Financial®. Fortunately, even as fraudster tactics are ever-changing, the best ways to avoid them remain fairly consistent.
Think of passwords as your front door
Many digital relationships have a username—usually an email address—and password combination. Remember when a password was something you whispered to a friend on a playground? Ironically, it was likely more secure then than now.
Passwords have proliferated in the digital age, with studies showing an average user to have 100 or more, up from 70-80 as recently as 2019. Many are still common and unsecure, like 123456 or a birthdate, that can be easily discovered.
Taylor recommends these tips for stronger password security:
- Avoid creating passwords using your personal information (names, dates, etc.) that can be found online.
- Use unique, strong passwords or passphrases (16 or more characters if possible) that you can easily remember but are hard for systems to crack.
- Create a unique password for each account and avoid repeats or similar patterns that can be easily detected by computer algorithms.
- Set up security questions with answers that cannot be found online or easily guessed.
- Avoid saving passwords or login credentials to your browser.
- When using a public or shared computer, or public Wi-Fi, avoid entering your passwords and always use a personal hotspot or a virtual private network (VPN) before accessing any sensitive data or accounts.
- Use multi-factor authentication, whenever possible, which requires two or more authentication methods to confirm your identity.
Password managers are your online safe-deposit box
Available by subscription and usually with a free trial period, online password managers act like a "digital vault," securely creating, encrypting and storing unique, complex passwords for every account.
"Many proven products are on the market today. Users considering a purchase should consult trusted sourced for options and seek a service with many strong reviews," said Taylor.
- Creating a very strong master password that you can easily remember.
- Taking heed if and when your password manager alerts that your chosen master password is weak, re-used or has been involved in a breach.
- Only using an official, trusted password manager with the latest available security options that works with all your devices.
- Using multi-factor authentication to protect your password manager.
Protect your data further through scam avoidance
Although protecting your passwords is a key component of protecting yourself from scams, it's not the only step you must take, Taylor said. "We're all getting approached by devious emails, phone calls, text messages or fake websites. It's crucial to be diligent in checking for validity before responding to any unexpected request."
To protect yourself, she cautions:
- Do not click on unknown links or attachments and never enter your login information into unknown or unexpected prompts.
- Do not reply to suspicious emails or text messages; hang up on suspicious callers.
- Use your phone app or go directly to the official website to verify any account in question; do not trust links or directives from suspicious sources.
- Be wary of unusual requests for cash, money transfers, prepaid credit cards, gift card purchases or even cryptocurrency.
'Tis the season
"Cybercriminals keep their scams up to date with the latest influencers," Taylor said. "And scammers thrive on timeliness and emotion to catch people off guard. Be aware of what may be coming around the corner."
For instance, in an election year, be aware of scams that include voting or voter registration using fake political websites, text or phone methods. Instead, only vote or register at an official location.
And when considering disaster recovery donations, verify the remit-to organization and resist giving to fringe-sounding entities that promote ancillary services offering temporary housing or employment.
Holiday season scams involving gift card purchases, donations, package delivery, gift exchanges or short-term jobs are designed to exploit targets' inattention or good nature. Before acting or buying, contact the Better Business Bureau or Federal Trade Commission to verify or report any suspicions.
Through proactive planning and vigilance, consumers can protect their identities and assets, and deliver on their intended generosity.
Learn more about BOK Financial's online security or call 844-517-3308 to report suspicious activity on BOK Financial-related accounts. The Cybersecurity and Infrastructure Security Agency also keeps an up-to-date list of current threats.