Consumers know to avoid the mostcommon scams and security pitfalls, but their defenses may be downduring the holidays. Schedules are tight, there's a lot to be donein very little time, and Internet use is up as people research giftideas to buy the perfect item for everyone on their list.

Thieves know this is a good time of year to strike. There's lessbrowsing and more buying, and shoppers are whipping out theircredit cards both online and at the local mall. Fortunately, a bitof education can go a long way toward helping members stay safe nomatter where their holiday activities take them.

Go Phish

Phishing continues to be popular and thieves are adding newtricks every day. Email phishing—where incoming emails appear to befrom a trustworthy source but actually contain harmful links orattachments—hasn't lost its appeal. In fact, Facebook, Instagramand Twitter are increasingly used to deliver malicious links.

Slightly less prominent but just as dangerous, SMS phishingaccomplishes the same goal via text messaging. In both cases,thieves provide bogus callback numbers or a link to a website inthe message with the hope that members will click on the link orcall the phone number and divulge personal information.

Vishing works in a similar way. Criminals contact members byphone, either through a live person or an automated “robocall”system, with a warning that the member's account has beencompromised. Members are then asked to provide sensitive financialdata—account numbers, answers to security challenge questions,credit or debit card numbers, etc.—to “verify their identity.”Vishing thieves may pose as employees of your credit union, as lawenforcement fraud investigators, or even as merchants who claim tohave caught someone fraudulently using the member's card.

To combat phishing schemes, reinforce among your membership howyour credit union handles legitimate communications such asmessages and phone calls. Provide them with one or two fail-safemethods for verifying a caller's identity, and ensure they knowwhom to contact if they receive a suspicious message.

Safety Net!

The holidays are a perfect time for thieves to set up shop onthe Internet, because that's where the consumers are. Website“spoofing” is an increasingly popular way for thieves to stealfinancial and other data. Essentially, spoofing involves a sitethat looks very similar to a legitimate site but is actuallyfake.

The fake site will ask for your login ID and password, or evensensitive financial or personal information that the thieves lateruse to break into your real accounts. Spoofing schemes ofteninvolve only the purchase portion of the transaction, allowingvisitors to browse and select items on the real website but thenfunneling them through a counterfeit page when it comes time toenter their credit card number. The thieves get your credit cardnumber before passing you onto the real website to finish yourpurchase.

As the buying season gets into full swing, remind members aboutsafe browsing habits. Prior to entering payment information,shoppers should check that the website is secured with https andthat the page does not contain other suspicious items. Spoofedsites often get a few details wrong—an absence of ads, a logothat's slightly off. Sometimes the fake site's actual address willeven appear in the browser's address bar. Members should bereminded to not ignore a “security certificate” warning.

The device members use to shop online is the other half of thesecurity equation. Now is a good time to educate members about theneed for robust protection on their home computers and mobiledevices. Anti-virus software should be installed and up to date,and a firewall (either included in the operating system or part ofthe anti-virus package) should be active.

Next Page: Skimmer and Surfers

Skimmers and Surfers

Brick-and-mortar shopping also poses risks for members. Today'sskimming devices installed on ATMs and POS machines are small, andthieves can install and remove them rather quickly, sometimeshitting a machine for only part of a day before moving on toanother location. And with the increasing presence of stand-alone,gas station-type POS terminals, access to the device is no longer abarrier.

Advise members on the dangers of skimmers, and teach them how tospot potentially compromised machines. Additional equipment thatdoesn't quite fit or looks unusual, damaged or missing faceplates,and anyone hanging around the machine without a clear reason to doso are all red flags that should prompt members to question if thedevice is safe to use.

Criminals can still steal payment card data without a skimmer.Shoulder-surfing, when thieves simply look over a member's shoulderto see a card number or watch a PIN get entered, continues to be aproblem. The ubiquitous nature of cell phones doesn't make thingsany easier, as thieves are now snapping quick photos of exposedcredit cards for later use.

Remind members to be watchful of who's around them any time theyhave their card out or are typing their PIN into a device. Advisethem to cover keypads with their hand or block the view with theirbody, and also to keep cards hidden until the purchase is ready tobe finalized.

Use That Report!

Even the best security habits aren't always enough to preventfraud. Encourage members to review their credit reports regularly,and to be watchful for any unexpected or unauthorizedactivity.

Members may already have identity theft coverage included intheir homeowners, auto or other insurance or through their creditunion membership. Encourage members to check to see if theyare already covered so they can actively monitor their credit andprotect their identity.

Deena Coffman isCEO at IDT 911Consulting in Scottsdale, Ariz.