A Scammer’s Guide to Holiday Shopping Fraud in 2020

BlurHacks and Data BreachesPrivacy

Written by:

Guest Post by The Apocryphal Hacker (Note: For consumers looking to PROTECT themselves from scams and fraud, see Abine’s alternative guide on staying safe this holiday season).

Let’s be real here, for scammers like us, COVID-19 hasn’t been so bad. In fact, you could say it’s been great. The boom in e-commerce transactions has meant that this year, we’ve had the chance to scam all kinds of people, many for the first time. From grandparents trying out grocery shopping online to kids attending virtual classrooms, the sheer diversity of opportunity will make this year one to remember for holiday shopping fraud.

However, as you know well, the fun is far from over, and our busiest time is fast approaching — the holiday season. Whatever your religious affiliation, the 40% growth in holiday spending forecast this year is bound to make even the most hard-hearted scammer feel that something magical is in the air. With Santa likely to give us an almost $1 billion cut as we mop up at least 1% of all transactions, this truly is the most wonderful time of the year.

But even though times are undoubtedly good for scammers, it’s worth revisiting how we do business. As we approach peak scam season, are we using the best techniques for the job? Now, don’t get me wrong. Holiday shopping fraud like phishing, form-jacking, and taking over accounts by exploiting saved payment details aren’t going anywhere. These kinds of traditional, well-proven tricks and schemes will remain stalwarts for ripping off less-savvy online shoppers for a long time to come.

But for forward-thinking fraudsters, there is still some catching up to do. So to help you get up to speed, we want to highlight a few novel growth areas to consider adding to your scam list this year. That said, we also want to warn you about a worrying development we see within the scammer opportunity landscape — the growth of card-masking. Read on to see three top scam tips for this year, as well as one critical threat to keep an eye on.

Our favorite Holiday Shopping Fraud Methods for Holiday Season 2020

scammers are getting good at holiday shopping fraud
Photo by Clint Patterson on Unsplash

Here are three hacks you may want to try out this holiday season and beyond.

Younger consumers: suckers for digital gift cards

With in-store spending plummeting, it’s no surprise that online gift card sales have exploded this year. As consumers are placing too much trust in gift card vendors for their own good, this trend has been a present for scammers, too.

It turns out that it’s the supposedly “digitally native” 18 to 24-year-old consumers who are the worst offenders when it comes to overconfidence when shopping online. Over 70% of shoppers in this age group complete purchases without checking if the seller is legitimate. Even better, only half of them are likely to verify the authenticity of offers being made via text message.

Scammers take note, regardless of what you might have heard about technology use, it’s far easier to scam today’s kids compared to their parents.

Buy Online, Pick Up in Store (BOPIS) transactions

Even though it was already a growing fad in 2019, COVID-19 has turned BOPIS into one of the most straightforward scams out there. Whether through fraudulent chargebacks (shoppers pretending they never meant to make a purchase in the first place and requesting their money back) or hacked accounts, this kind of fraud puts the burden of responsibility directly onto the retailer. 

With so many brick-and-mortar retailers under immense pressure right now, in-store security standards have gotten a lot weaker, making our job much simpler. By 2025, over 10% of all retail sales are likely to be BOPIS. So even when the pandemic eventually recedes, the chance to scam BOPIS transactions won’t be going anywhere. For scammers that want long-term success, early adoption of this type of fraud will pay dividends.

Steal people’s information with fake delivery confirmation SMS messages

As every scammer knows, the key to scamming someone through a text message is imitating someone they trust. This holiday season, with everyone ordering online, the fastest way to do this is to pretend to be part of their gift supply chain.

Think about it. With consumers receiving a glut of SMS-based package-tracking updates from USPS, UPS, and FedEx, it’s easy for a scammer to convince targets that a package has ‘missed delivery’ by pretending to be from a courier or postal service. Then, once you have your target’s attention, you can ask them for “more information” or even an extra “delivery fee” in order to ensure it reaches its destination. A pro tip to make this even easier is to imply that the missed delivery is a gift intended for them and simply lacks sufficient postage.

Online food/grocery delivery payments

Photo by Robert Anasch on Unsplash

Online grocery delivery is excellent for avoiding queues at the store or in a restaurant, but it’s even better for hard-working scammers. Due to social distancing and indoor dining restrictions, more people are turning to online food delivery apps to bring the dining out experience home. In response, thousands of foodservice vendors have ventured into delivery for the first time and created their first one-click payments systems. 

Luckily for us, many of these vendors want to make transactions as fast and painless as possible and have almost no real security measures in place. For scammers, the key here is volume. Even though robbing someone of the price of a pizza might not whet your appetite, run this scam a few thousand times across different metro areas, and you certainly won’t be left hungry. 

Loyalty points/benefits programs

Use customer loyalty to your benefit. Accruable points are now being offered by a whole host of retailers and services to online shoppers as a way of keeping them coming back. What makes these sorts of programs ideal for scams is that they’re often protected by nothing except the customer’s email address or phone number. 

With loyalty points from airlines, hotels, and retailers easily convertible into cash by bundling them into other transactions, scammers shouldn’t sleep on this one.

Be Warned: Consumers Are Wising up with Masked Cards and Credentials

Even as we feast on increased transactions this holiday season, scammers need to beware; customers are starting to wise up. Much to the dismay of the scammer community, masked credentials are starting to become more popular. 

By allowing customers to mask their real card details by creating fake “burner cards” for every transaction they make, card masking makes hacked card data redundant and seriously threatens our industry. With data protection firm Abine estimating that over 10 million people in the US are using Masked Cards, scammers need to be careful not to rely on credit card fraud — unless they want to go out of business, that is.

Credit card fraud and masked cards protect people from identity theft, which, with the average theft netting us nearly ten thousand dollars, could be devastating for our livelihoods. So, watch out for this next time you open up a new trove of breached card data.


Photo by Erik Mclean on Unsplash

It’s not a bad time for scammers to be in business, but there are some darker clouds on the horizon. It’s undoubtedly true that the digital transformation following COVID-19 made our jobs more comfortable. Still, it was only ever going to be a matter of time before our victims started to take responsibility for their security. 

While scamming the unsuspecting will always be easy to do, the rise in fake cards and masked credentials shouldn’t be underestimated. If masked cards catch on, we might have a few leaner years ahead, so savvy scammers should stock up on fraud now before it’s too late.

Leave a Reply