December 3, 2025 • 22 mins
We break down the most common holiday scams and show how small choices—slowing down, going direct, and verifying—protect your money and your identity. Russell Barger, VP of Information Security, shares simple rules that stop most attacks at home and at work.
• seasonal lures through fake deals, social posts and tracking links
• warning signs: urgency, odd senders, spoofed domains, impersonal tone
• safer shopping by navigating directly to trusted sites
• workplace risks from HR and payroll phishing during year end
• how to verify without clicking and use second channels
• what to do after a risky click and quick password resets
• saving cards on big retailers versus small shops
• gift card scams: tampering checks and “boss” requests
• social engineering spikes and holistic message evaluation
• two golden rules: don’t click and were you expecting this
Subscribe to the Money Matters Podcast
Have an idea for a show or a question for Kim? Send us a text message
Welcome to Money Matters, the podcast that focuses on how to use the money you have, make the money you need and save the money you want – brought to you by Neighbors Federal Credit Union.
The information, opinions, and recommendations presented in this Podcast are for general information only and any reliance on the information provided in this Podcast is done at your own risk. This Podcast should not be considered professional advice.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_01 (00:02):
Welcome to Money Matters, the podcast that
focuses on how to use the moneyyou have, make the money you
need, and save the money youwant.
Now, here is your host, Ms.
Kim Chapman.
SPEAKER_02 (00:14):
Welcome to another edition of Money Matters.
Guess what?
The holiday season is here, andwhat should be the happiest time
of the year where we spend lotsof time with family, and of
course we spend money becauseit's gonna be Christmas.
But guess what?
It's also the busiest time ofthe year for scam artists,
people that are looking to stealyour assets.
(00:34):
So we want to make sure that youstay safe during the holiday
system.
So, during the holiday season.
So, with me today, actuallyreturning, is the VP of
Information Security, Mr.
Russell Barger.
SPEAKER_00 (00:46):
Thanks for having me.
SPEAKER_02 (00:47):
Thank you for coming back.
We definitely are gonna needyour expertise so that we can
stay safe.
You know, we want to be able toshop.
Shopping online is so, soconvenient, but at the same
time, it's a little scary.
It's a little dangerous becausethe scammers are out there and
they're looking for thosevulnerable moments so that they
can take advantage.
(01:07):
So, what are you seeing in someof the biggest crimes, cyber
crimes that are coming out,especially for the holiday
season?
SPEAKER_00 (01:14):
So, Kim, the the trick with the holiday season is
how does our behavior change?
So we're shopping more, we'regoing to more sites, we're
getting more things delivered tous, so we're getting tracking
notifications, we're looking fordeals, or we're looking for that
special it gift that you have tohave this year.
And all of those things makevery predictable behavior that
(01:35):
the bad guys know.
And if they know what thebehavior is, they can find ways
to exploit it.
So, you know, when you talkabout uh sites, you might get an
ad pop-up that says, ooh, cometo our site.
We have everything 50% off.
Come shop with us when the wholething is a scam.
Uh, you might get social mediaposts where people are selling
(01:57):
something, they're selling thatit item and they're selling it
super cheap.
And you're like, ooh, that's adeal.
Let me grab that.
Once again, probably a scam.
Uh, and then you get we getthese all year round, but what
about the tracking notificationsthat you get?
Click this link to track yourpackage, or there's a delivery
problem and say you're waitingon something because you're you
have to take this.
(02:17):
You have to take it.
SPEAKER_02 (02:17):
And who isn't waiting on something?
SPEAKER_00 (02:19):
Right.
So are you more likely to clickon that during the holiday
season than you would at anothertime?
Absolutely.
So all of those things are sortof the common uh gotchas during
Christmas because of thebehavior, because they know what
you're trying to do right nowand they know what you're
interested in.
SPEAKER_02 (02:36):
Yeah, I have to say, I think the delivery one has to
be one of the most clever scamsthat I think is around.
Because again, if I were tosurvey, you know, who's not
waiting for a package fromAmazon, from Sheen, and all
these other online things.
So, what are some of the warningsigns?
So when we get that, because Iremember one morning, it was
like six o'clock in the morning,I received one of those emails
(02:58):
or texts saying that, hey, thatthere's a problem with my
delivery.
And to be honest, I'd had adelivery I was expecting, and I
think I had actually received alegitimate email saying that it
was delayed, and then I receivedthis one.
For me, I think what caught myattention was that it was from
Amazon at Feliciasmith.com.
(03:18):
And I'm like, who's Felicia?
So, what are some of the warningsigns that we could look for
that it's a scam?
SPEAKER_00 (03:25):
So the warning signs um for the holiday season really
are the all all the same warningsigns that you do with all the
time throughout the year.
Who is it that this is comingfrom?
Is this an unexpected number?
Is this an unexpected email?
Is the information have a senseof urgency to it?
You know, you need to do thisnow, you need to click this.
(03:45):
Somebody got into your account.
All of those things are used toelicit a response instead of
stopping and thinking about whatthis is or who it's from or
looking into the details of whatit is that you're being sent.
So, you know, that's the thetricky part of the psychological
game that the bad guys play isthey don't want you to stop and
think.
They just want you to react.
(04:06):
Right.
Oh, my package is running late.
Well, I need that.
Let me click and see what theproblem is or where it's stuck
or how long it's gonna be.
Um, here's this thing that's 50%off that I really want.
Well, I can go over here and getit on this legit site that I
know is safe, but it costs$20more there.
That risky click of going overto the cheap site may just
(04:30):
result in you losing access toyour bank account, losing access
to money, identity theft, andyou know, name it.
Any of those bad things canhappen.
So um it's a lot of those sameidentifiers.
Were you expecting this?
And we don't always, forinstance, with those emails of,
hey, something's running late.
You're not expecting thatbecause you don't want it to run
late, right?
(04:50):
But that doesn't mean youautomatically trust it.
If especially if you weren'texpecting it, be very wary.
But I tell people in this dayand age, with the amount of
things going on, the scams, thebad guys doing things, really,
you need to have your thinkingcap on all the time.
Don't let things pressure youand pay attention to all the
(05:12):
details.
Sometimes you may get a legitemail that says something's
running late.
Does that mean you have to clickon that link?
Okay, it's running late.
You can't do anything about it.
SPEAKER_02 (05:20):
No, I need my package today.
You said 24 hours.
SPEAKER_00 (05:23):
But clicking that link doesn't make it come any
faster.
So um I I've run into thatbefore where you get something
and you're just not sure, andyou're like, this is not gonna
be the risky click of the dayfor me.
I'm not gonna do it.
So I'm just gonna wait and it'llget here when it gets here.
SPEAKER_02 (05:37):
If only we could be that patient.
So, like I said, shopping onlineseems to be the wave.
I can remember 10 years ago,what the heck was Cyber Monday?
It's like, I'm not shoppingonline, I'm gonna go to the
store.
But so many people are doingonline.
And of course, there are peoplethat are a little bit hesitant.
You know, taking the hustle andbustle away, if I want to sit
(05:57):
down, focused, and do someshopping online, what are some
good practices?
What are some things that allpeople should do before they
even start clicking to just kindof minimize their risk?
SPEAKER_00 (06:08):
So, really, you don't want to click.
If Amazon sends you somethingthat says, hey, we've got this
item, click this link to getthere.
The correct course of action isjust go to Amazon.com and go
find the item.
You know how to get there.
It doesn't require you clickingon anything that might, maybe
not, but might get you introuble, right?
(06:29):
Those links, they're nice,they're quick, but they're also
a great delivery mechanism forthe bad guys to install things,
have you give information,anything else.
If you know this is at Amazon,go look at Amazon and just you
know, go hunt for it.
Same thing.
Stick with your trustedwebsites.
Um, you know, we shop at Amazon,we shop at Walmart, we shop at
(06:51):
Target, all these dot coms thatwe're very familiar with.
We know how to get there, weknow how to use it.
None of those require using alink or a shortcut to get me
there that may redirect mesomewhere else.
SPEAKER_02 (07:05):
So take the extra minute to save the dollar and
you may save it.
SPEAKER_00 (07:08):
Absolutely.
That's a better safe than sorrything.
Yes, that clicking that linkmaybe get me to that exact item,
or it may get me to a site thatisn't even Amazon.
SPEAKER_02 (07:17):
And of course, obviously I would imagine for
our personal lives we click alot more than professional, but
of course, you know, criminalsare out to do, you know, scams
professionally well.
So how can we protect ourselvesin terms of the workplace?
SPEAKER_00 (07:32):
So in the workplace, you're gonna have a couple of
big scams that come out duringthis time of season.
You're gonna have HR and you'regonna have payroll.
The HR ones are great becausewhat do people do during the
holiday season?
They take time off, right?
Of course.
Um, I actually ran a fish teston in a previous organization
around Christmas time and said,ooh, a vacation policy change.
(07:56):
Click the link to see what itis.
The most clicks I've ever had inany fish test I've ever seen
because it was very timely,right?
And that's part of thatbehavior.
They want to know, okay, it'sthis season, that means this
behavior, that means I use thistype of attack.
And so you got HR warnings,you've got, hey, this is
changing, pay attention.
(08:16):
And what's your brain on?
Your brain's on how do I safelyshop at Amazon, right?
How do I get what I need to get?
You know, it's not on that.
And you see, oh, what are theychanging now?
Let me click on this and seewhat I need to do.
And you don't stop and thinkabout it.
Um, payroll is the same thing.
They're they're looking for youto be distracted during the
season because we aredistracted.
There's a lot going on.
(08:36):
We're way busier than wenormally are personally.
Um, you may have family cominginto town, you're worried about
what to get people, you'reworried about this, that, and
the other.
And all of that distraction setsyou up to be more likely to
click on something or not payattention to something that
normally you would.
SPEAKER_02 (08:54):
Are there ways, you know, when I think back to days
when I worked in Branch, if youthought a check was fake, you
could bring it to your tellerand they could maybe run it and
see if it was legitimate.
Are there a test that we coulddo if we see a link that we want
to click on, if we see aspecial?
Are there things that we can doto verify it before clicking on
the link, other than maybe justgoing to that actual website?
SPEAKER_00 (09:18):
Sort of.
You can definitely mouse overthe link, just hover over it and
see where it goes.
Okay.
But that's not always aguarantee.
Okay.
And that's why I say, you know,don't click unless you have to.
Go directly to Amazon and golook for it, because they can
get really tricky, even with thefonts that you use.
(09:38):
An I in one font and an I inanother font may send you to two
different sites.
Or you'll see, say, like aMicrosoft.com.
Instead of using an M, you canuse an R and an N.
And those together look like anM.
And there's all kinds of littletricks like that that you can
use to make it look like you'regoing somewhere that you're
actually not.
So best advice, don't click onany link.
(10:02):
You don't have to.
If you know that you can getthere another way, you know how
to get to the site, do it likethat.
Don't click on the link.
SPEAKER_02 (10:10):
So it kind of sounds like the best advice is just to
slow down, take your time.
The long way might be the bestway.
SPEAKER_00 (10:16):
When I teach security classes, I usually sum
them up to the end in two words,is don't click.
Because that really is howthey're going to get you if
they're going to get you, is byclicking on it.
SPEAKER_02 (10:27):
Sounds like a caption for a billboard.
Now, of course, we know noteverybody's gonna listen, or for
some people, it might be just aday late and a dollar short for
this information.
So if you've clicked onsomething and you fear that
you've been scammed, or maybeyou've exposed your information,
what are some common immediatethings that someone should do?
SPEAKER_00 (10:46):
So depending on what information that you've done or
what you've clicked on, there'sa few different avenues here.
Number one, if you clicked andit opened up a page that if you
put in your credentials into, soyou're using my password for
like an Amazon or something likethat, and you immediately have
that instant regret of wait aminute, I'm not sure I should
have done that.
(11:07):
Your first move is always to gochange your password as quickly
as possible.
When in doubt, go change yourpassword.
It's annoying.
Yes, you have to remember a newpassword.
However, you're doing that, Irecommend password managers.
But however you're doing that,that is the safest thing you can
do because the quicker you cando that, the more likely if they
did get your information, theycan't use it.
(11:29):
Uh, if you've clicked onsomething and it tried to
install something, that's whereit gets a little hairier.
Uh you can try and stop that,but that may or may not work,
and you may have already uhhopefully you're backing up your
information on to onto somethingelse because that's when it
really gets scary when thingsget installed because you don't
(11:51):
know what that's doing and andwhat it's gonna impact.
So um credential-wise, alwaysdefault to change the password
quick.
SPEAKER_02 (12:00):
Okay.
So changing your passwords, youknow, doing all things are
great.
We love the convenience.
We love the convenience of whenwe buy something online and it
says, Would you like to saveyour credit card number?
Would you like us to save yourdebit card number?
How dangerous is that?
Is that something that everyperson listening should go in
(12:21):
and remove that, or is it onlyif we're still clicking on
unknown links?
SPEAKER_00 (12:29):
No perfect answer to that one.
SPEAKER_02 (12:31):
Okay.
SPEAKER_00 (12:31):
Um, even me, do I have my say my credit card saved
on Amazon?
I do.
SPEAKER_02 (12:38):
I feel better.
SPEAKER_00 (12:39):
But on a lot of other sites, on on less
well-known sites that I've stilldone business with, no, I do
not.
And the reason behind that isyou have to kind of look at the
company that you're doingbusiness with.
And in my brain, I go, what'sthe likelihood of them getting
hacked and some hacker gettingaccess to my credit card
(13:00):
information that they'restoring?
Well, when it's a smaller shop,you have to say that probability
goes up versus an Amazon.
Amazon's got an army of securitypeople.
This small shop does not.
And we don't know how they'redoing business in the
background.
So when it's a kind of smallershop type of thing, or maybe,
you know, even like an Etsy orsomething like that, I do not
(13:22):
save my credit card informationin those.
The bigger shops, yeah, theWalmarts and Amazons of the
world.
Um, are they perfect?
No.
Do they get hacked?
Yes, but they've got a lot moremoney invested in protecting
that information than, say,these others.
SPEAKER_02 (13:38):
All right, I'll sleep a little bit better
knowing that we're doing we'reon the same page with that.
Now, cybercrime is not alwayslimited to just being online.
I want to just take a minute andtalk about some of the other, I
guess, digital crimes, forexample, gift cards.
You know, this is the time ofthe year where people buy those,
you know, now more than ever.
And you see now you have toworry about that somebody go in
(14:00):
the store, that they steal thenumber and go online and do it.
I remember literally readingthat you buy them from a store
where the cards are literally infront of the register because
it's less likely somebody willcome in and take those, you
know, take those cards anddamage them.
What information can you share,if anything, to kind of help us
keep safe with buying giftcards?
SPEAKER_00 (14:22):
So really there's there's two sides of the gift
card business when it comes tosecurity.
Um you'll see it from the sideyou're talking about where you
want to go buy one, but you'reafraid that it's been, you know,
it's already been scratched off,it's been accessed, however you
want to say it.
Um that's true, but that's alsonot as common.
(14:45):
Um does it happen?
Yes.
Is it a big, big concern?
Not usually, because you cantell if the package has been
tampered with in a lot of cases.
So my advice with those is checkover the package, make sure it
looks like this is, you know,it's still stuck down, the the
case is still around it.
Uh depending on where you shopat, kind of depends on what that
looks like.
But what I would actually liketo point out about gift cards is
(15:08):
be very aware and careful ofsomeone soliciting you to buy a
gift card.
That's actually a much morecommon attack, is like your boss
sends you an email and says,Hey, I need you to go buy$400
worth of gift cards for thismeeting that I'm in for these
people for Christmas orsomething like that.
Gift cards become um a much morecommon currency during the
(15:30):
holiday season than they do,say, in the middle of June.
It might stick out to you inJune, where in December they're
going, oh, this is for This is acommon practice.
Yeah, this is for all thevendors that just came in.
We want to do this or ouremployee.
We've got special people herethat are and we want to do this.
So it it kind of clicks in thebrain of, oh, this is probably
more okay than it would be inJune.
(15:51):
And you have to stop and look atthat and really decide, is this
legit?
Maybe you contact that person ina different way, not don't reply
to the email because their emailmay be compromised at that
point.
But say you give them a call andyou go, hey, Bob, did you send
me this email about getting giftcards for the people?
And he's like, I don't know whatyou're talking about.
So um, yeah, gift cards as acurrency during the holiday
(16:11):
season is definitely more of athing than it is at other times.
SPEAKER_02 (16:14):
So, any other maybe non-online or digital areas we
should be looking for wherepeople are easily scammed more
so during the holiday time?
SPEAKER_00 (16:25):
So you do see an uptick in social engineering
attacks during the holidayseason.
Once again, go back to that ideaof we're all busy, we're all
distracted, we're all doingother things, thinking about
other things.
It makes us more susceptible tobeing attacked.
And when I say socialengineering, that's the phone
calls, that's these randomtexts.
I don't know if everybody elseis getting them, but I'm getting
it.
(16:47):
Or hey, we just had a meetingabout such and such, and you
know, call me about this.
And there may not even be a linkinvolved that they want you to
click on.
Sometimes there is, andsometimes there isn't.
But con men or scammers in thiscase, they just want to start a
conversation.
And whatever they need to do tostart that conversation, they're
gonna say.
And if they throw enough hooksout there, sooner or later they
(17:08):
get a bite.
So with you, it might be theytry this angle, they try that
angle, and none of those work,but they they hit you one time
and you're not paying attention,and it's late at night and
you're tired, and this one lookyou're like, oh, uh, yeah, I
need to respond to that.
And you send them your your cellphone number.
So now they know that that'skind of like blood on the water,
(17:30):
is oh, they they fell for it.
Let me keep going and let mekeep going.
So um the social engineeringdefinitely shows an uptick
during the holiday season.
It's always a thing, but again,we're distracted, we're busy.
SPEAKER_02 (17:42):
Is there any foolproof way to detect
spoofing, you know, because thatseems to be a big thing.
It says Regents Bank, it saysneighbors federal credit union,
and it's really not.
Is there any thing that we canclue in on that says, yeah, I
know it says neighbors, but Iknow it's not?
SPEAKER_00 (17:59):
So you have to take the, let's say we're talking
about an email or a text, youhave to take the whole message
and kind of evaluate it insteadof immediately looking at that
email address and going, this islegit, and then continuing, you
have to take it holistically andlook at, okay, it says it's from
this person, but it's telling methese weird things that I've
(18:20):
never seen before and I'm notsure about this.
So even though I kind of trustmaybe that who that source is,
who that from address is, themessage doesn't sit right.
So you have to look at all theindividual little pieces.
And you know, when we talk aboutphishing emails, you're you're
looking at things like who isthe address that it says it's
coming from, which can bespoofed.
(18:40):
You can fake that.
What's the subject say?
Is it is it kind of weird?
Do you not normally see subjectslike this from that kind of
vendor?
Um, is the the two veryimpersonal, you know, dear,
whomever, or or you know,however they want to say it,
does it normally come like that?
Or is it always personalized?
(19:01):
Then the message is it, does itmake sense?
Is it broken English?
That they've really that's kindof a an old idea, yeah.
Because AI makes it so easy towrite a solid email.
Now it's not hard for somebodywho doesn't even speak English
to write an English email thatmakes complete sense.
But you're looking for thatoverall context of what the
(19:21):
message is, not just trusting,oh, because it says this is from
this person, it's legit.
It's not necessarily true.
SPEAKER_02 (19:28):
So now that we've kind of scared anybody,
everybody to stay home and dohomemade gifts, definitely save
you a lot of money.
Is there any one golden rulethat you think everybody
listening should kind of abideby, whether it's the holiday
season or not, to avoid orminimize their chances of being
scammed?
SPEAKER_00 (19:46):
So the two big things going back to one earlier
is the the don't click.
If you can avoid clicking onthings, don't click.
Even if it's legit, go the otherway.
Do do do something to get aroundclicking on that if at all
possible.
If you can't and you have to,and you that's your risky click
of the day, and you know, you'rerolling the dice a little bit.
SPEAKER_02 (20:06):
Click at your own advice.
SPEAKER_00 (20:07):
But we all have to do that.
And the other thing I would say,um, kind of my other big
catchphrase is were youexpecting this?
Now in the holiday season, thatgets trickier, right?
Because 50% off of such and suchand so you weren't expecting
that, and you're happy about itand you're seeing it, but now
you have to evaluate that.
You have to stop and applyjudgment.
And that's really the exhaustingpart of being secure, is that
(20:30):
you have to spend a lot ofenergy stopping and looking and
saying, does this make sense?
We want to be on autopilot.
We just want to see and react,especially, oh, emotional
reaction, or there's a timeelement to it.
I got to act fast, or this isgonna go away.
SPEAKER_02 (20:44):
This is even, I've got 10 minutes left to get this
done.
SPEAKER_00 (20:46):
Right.
So it's harder during thatholiday season to say, were you
expecting this?
But it's still a nice goldenrule to kind of live by when you
get that email or when you getthat text, or you know, was I
expecting this UPS notification?
Yes, but that doesn't mean I'mgonna click on it.
You know, do I really need toknow where this is?
(21:07):
No, it's either gonna show up atmy door on time or it's not.
And clicking on that linkdoesn't make anything move very
fast.
SPEAKER_02 (21:14):
Well, you heard it here from the expert,
information, head of informationsecurity.
Don't click, take your time,read.
If it sounds too good to betrue, go to the actual website
instead of clicking on thoselinks.
That way you can enjoy this timeof the year without the fear of
having to become victim of ascam.
(21:34):
Thank you, Russell, for joiningus again.
Hopefully, this will help a lotof our listeners stay safe
during the holiday season.
SPEAKER_00 (21:42):
Thank you for having me.
SPEAKER_01 (21:46):
It's time for blueprint building blocks.
Small changes that lead to bigfinancial wins.
Let's stack up for success.
SPEAKER_02 (21:56):
Think before you click.
Scammers love the holidays.
Don't let them love your wallettoo.
Think before you click and shoponly from trusted sites.
Your money, your guard.
Keep your information safe thisseason.
Use strong passwords, avoidpublic Wi-Fi, and never share
your personal informationthrough email attacks.
(22:17):
Look, if it's a deal that soundstoo good to be true, it probably
is.
Verify before you buy, doublecheck links before entering your
payment information.
Look, cybercrimes don't stop athome.
Be cautious with emails andattachments at work too.
One wrong click can affect yourwhole system.
(22:38):
Be safe through the holidays,enjoy them, but just use a
little bit of common sense.
SPEAKER_01 (22:44):
That's a wrap on today's Blueprint Building
Blocks.
Stay on track with yourfinancial journey.
Subscribe to the Money MattersPodcast.
Welcome to Money Matters, the podcast that
focuses on how to use the moneyyou have, make the money you
need, and save the money youwant.
Now, here is your host, Ms.
Kim Chapman.
SPEAKER_02 (00:14):
Welcome to another edition of Money Matters.
Guess what?
The holiday season is here, andwhat should be the happiest time
of the year where we spend lotsof time with family, and of
course we spend money becauseit's gonna be Christmas.
But guess what?
It's also the busiest time ofthe year for scam artists,
people that are looking to stealyour assets.
(00:34):
So we want to make sure that youstay safe during the holiday
system.
So, during the holiday season.
So, with me today, actuallyreturning, is the VP of
Information Security, Mr.
Russell Barger.
SPEAKER_00 (00:46):
Thanks for having me.
SPEAKER_02 (00:47):
Thank you for coming back.
We definitely are gonna needyour expertise so that we can
stay safe.
You know, we want to be able toshop.
Shopping online is so, soconvenient, but at the same
time, it's a little scary.
It's a little dangerous becausethe scammers are out there and
they're looking for thosevulnerable moments so that they
can take advantage.
(01:07):
So, what are you seeing in someof the biggest crimes, cyber
crimes that are coming out,especially for the holiday
season?
SPEAKER_00 (01:14):
So, Kim, the the trick with the holiday season is
how does our behavior change?
So we're shopping more, we'regoing to more sites, we're
getting more things delivered tous, so we're getting tracking
notifications, we're looking fordeals, or we're looking for that
special it gift that you have tohave this year.
And all of those things makevery predictable behavior that
(01:35):
the bad guys know.
And if they know what thebehavior is, they can find ways
to exploit it.
So, you know, when you talkabout uh sites, you might get an
ad pop-up that says, ooh, cometo our site.
We have everything 50% off.
Come shop with us when the wholething is a scam.
Uh, you might get social mediaposts where people are selling
(01:57):
something, they're selling thatit item and they're selling it
super cheap.
And you're like, ooh, that's adeal.
Let me grab that.
Once again, probably a scam.
Uh, and then you get we getthese all year round, but what
about the tracking notificationsthat you get?
Click this link to track yourpackage, or there's a delivery
problem and say you're waitingon something because you're you
have to take this.
(02:17):
You have to take it.
SPEAKER_02 (02:17):
And who isn't waiting on something?
SPEAKER_00 (02:19):
Right.
So are you more likely to clickon that during the holiday
season than you would at anothertime?
Absolutely.
So all of those things are sortof the common uh gotchas during
Christmas because of thebehavior, because they know what
you're trying to do right nowand they know what you're
interested in.
SPEAKER_02 (02:36):
Yeah, I have to say, I think the delivery one has to
be one of the most clever scamsthat I think is around.
Because again, if I were tosurvey, you know, who's not
waiting for a package fromAmazon, from Sheen, and all
these other online things.
So, what are some of the warningsigns?
So when we get that, because Iremember one morning, it was
like six o'clock in the morning,I received one of those emails
(02:58):
or texts saying that, hey, thatthere's a problem with my
delivery.
And to be honest, I'd had adelivery I was expecting, and I
think I had actually received alegitimate email saying that it
was delayed, and then I receivedthis one.
For me, I think what caught myattention was that it was from
Amazon at Feliciasmith.com.
(03:18):
And I'm like, who's Felicia?
So, what are some of the warningsigns that we could look for
that it's a scam?
SPEAKER_00 (03:25):
So the warning signs um for the holiday season really
are the all all the same warningsigns that you do with all the
time throughout the year.
Who is it that this is comingfrom?
Is this an unexpected number?
Is this an unexpected email?
Is the information have a senseof urgency to it?
You know, you need to do thisnow, you need to click this.
(03:45):
Somebody got into your account.
All of those things are used toelicit a response instead of
stopping and thinking about whatthis is or who it's from or
looking into the details of whatit is that you're being sent.
So, you know, that's the thetricky part of the psychological
game that the bad guys play isthey don't want you to stop and
think.
They just want you to react.
(04:06):
Right.
Oh, my package is running late.
Well, I need that.
Let me click and see what theproblem is or where it's stuck
or how long it's gonna be.
Um, here's this thing that's 50%off that I really want.
Well, I can go over here and getit on this legit site that I
know is safe, but it costs$20more there.
That risky click of going overto the cheap site may just
(04:30):
result in you losing access toyour bank account, losing access
to money, identity theft, andyou know, name it.
Any of those bad things canhappen.
So um it's a lot of those sameidentifiers.
Were you expecting this?
And we don't always, forinstance, with those emails of,
hey, something's running late.
You're not expecting thatbecause you don't want it to run
late, right?
(04:50):
But that doesn't mean youautomatically trust it.
If especially if you weren'texpecting it, be very wary.
But I tell people in this dayand age, with the amount of
things going on, the scams, thebad guys doing things, really,
you need to have your thinkingcap on all the time.
Don't let things pressure youand pay attention to all the
(05:12):
details.
Sometimes you may get a legitemail that says something's
running late.
Does that mean you have to clickon that link?
Okay, it's running late.
You can't do anything about it.
SPEAKER_02 (05:20):
No, I need my package today.
You said 24 hours.
SPEAKER_00 (05:23):
But clicking that link doesn't make it come any
faster.
So um I I've run into thatbefore where you get something
and you're just not sure, andyou're like, this is not gonna
be the risky click of the dayfor me.
I'm not gonna do it.
So I'm just gonna wait and it'llget here when it gets here.
SPEAKER_02 (05:37):
If only we could be that patient.
So, like I said, shopping onlineseems to be the wave.
I can remember 10 years ago,what the heck was Cyber Monday?
It's like, I'm not shoppingonline, I'm gonna go to the
store.
But so many people are doingonline.
And of course, there are peoplethat are a little bit hesitant.
You know, taking the hustle andbustle away, if I want to sit
(05:57):
down, focused, and do someshopping online, what are some
good practices?
What are some things that allpeople should do before they
even start clicking to just kindof minimize their risk?
SPEAKER_00 (06:08):
So, really, you don't want to click.
If Amazon sends you somethingthat says, hey, we've got this
item, click this link to getthere.
The correct course of action isjust go to Amazon.com and go
find the item.
You know how to get there.
It doesn't require you clickingon anything that might, maybe
not, but might get you introuble, right?
(06:29):
Those links, they're nice,they're quick, but they're also
a great delivery mechanism forthe bad guys to install things,
have you give information,anything else.
If you know this is at Amazon,go look at Amazon and just you
know, go hunt for it.
Same thing.
Stick with your trustedwebsites.
Um, you know, we shop at Amazon,we shop at Walmart, we shop at
(06:51):
Target, all these dot coms thatwe're very familiar with.
We know how to get there, weknow how to use it.
None of those require using alink or a shortcut to get me
there that may redirect mesomewhere else.
SPEAKER_02 (07:05):
So take the extra minute to save the dollar and
you may save it.
SPEAKER_00 (07:08):
Absolutely.
That's a better safe than sorrything.
Yes, that clicking that linkmaybe get me to that exact item,
or it may get me to a site thatisn't even Amazon.
SPEAKER_02 (07:17):
And of course, obviously I would imagine for
our personal lives we click alot more than professional, but
of course, you know, criminalsare out to do, you know, scams
professionally well.
So how can we protect ourselvesin terms of the workplace?
SPEAKER_00 (07:32):
So in the workplace, you're gonna have a couple of
big scams that come out duringthis time of season.
You're gonna have HR and you'regonna have payroll.
The HR ones are great becausewhat do people do during the
holiday season?
They take time off, right?
Of course.
Um, I actually ran a fish teston in a previous organization
around Christmas time and said,ooh, a vacation policy change.
(07:56):
Click the link to see what itis.
The most clicks I've ever had inany fish test I've ever seen
because it was very timely,right?
And that's part of thatbehavior.
They want to know, okay, it'sthis season, that means this
behavior, that means I use thistype of attack.
And so you got HR warnings,you've got, hey, this is
changing, pay attention.
(08:16):
And what's your brain on?
Your brain's on how do I safelyshop at Amazon, right?
How do I get what I need to get?
You know, it's not on that.
And you see, oh, what are theychanging now?
Let me click on this and seewhat I need to do.
And you don't stop and thinkabout it.
Um, payroll is the same thing.
They're they're looking for youto be distracted during the
season because we aredistracted.
There's a lot going on.
(08:36):
We're way busier than wenormally are personally.
Um, you may have family cominginto town, you're worried about
what to get people, you'reworried about this, that, and
the other.
And all of that distraction setsyou up to be more likely to
click on something or not payattention to something that
normally you would.
SPEAKER_02 (08:54):
Are there ways, you know, when I think back to days
when I worked in Branch, if youthought a check was fake, you
could bring it to your tellerand they could maybe run it and
see if it was legitimate.
Are there a test that we coulddo if we see a link that we want
to click on, if we see aspecial?
Are there things that we can doto verify it before clicking on
the link, other than maybe justgoing to that actual website?
SPEAKER_00 (09:18):
Sort of.
You can definitely mouse overthe link, just hover over it and
see where it goes.
Okay.
But that's not always aguarantee.
Okay.
And that's why I say, you know,don't click unless you have to.
Go directly to Amazon and golook for it, because they can
get really tricky, even with thefonts that you use.
(09:38):
An I in one font and an I inanother font may send you to two
different sites.
Or you'll see, say, like aMicrosoft.com.
Instead of using an M, you canuse an R and an N.
And those together look like anM.
And there's all kinds of littletricks like that that you can
use to make it look like you'regoing somewhere that you're
actually not.
So best advice, don't click onany link.
(10:02):
You don't have to.
If you know that you can getthere another way, you know how
to get to the site, do it likethat.
Don't click on the link.
SPEAKER_02 (10:10):
So it kind of sounds like the best advice is just to
slow down, take your time.
The long way might be the bestway.
SPEAKER_00 (10:16):
When I teach security classes, I usually sum
them up to the end in two words,is don't click.
Because that really is howthey're going to get you if
they're going to get you, is byclicking on it.
SPEAKER_02 (10:27):
Sounds like a caption for a billboard.
Now, of course, we know noteverybody's gonna listen, or for
some people, it might be just aday late and a dollar short for
this information.
So if you've clicked onsomething and you fear that
you've been scammed, or maybeyou've exposed your information,
what are some common immediatethings that someone should do?
SPEAKER_00 (10:46):
So depending on what information that you've done or
what you've clicked on, there'sa few different avenues here.
Number one, if you clicked andit opened up a page that if you
put in your credentials into, soyou're using my password for
like an Amazon or something likethat, and you immediately have
that instant regret of wait aminute, I'm not sure I should
have done that.
(11:07):
Your first move is always to gochange your password as quickly
as possible.
When in doubt, go change yourpassword.
It's annoying.
Yes, you have to remember a newpassword.
However, you're doing that, Irecommend password managers.
But however you're doing that,that is the safest thing you can
do because the quicker you cando that, the more likely if they
did get your information, theycan't use it.
(11:29):
Uh, if you've clicked onsomething and it tried to
install something, that's whereit gets a little hairier.
Uh you can try and stop that,but that may or may not work,
and you may have already uhhopefully you're backing up your
information on to onto somethingelse because that's when it
really gets scary when thingsget installed because you don't
(11:51):
know what that's doing and andwhat it's gonna impact.
So um credential-wise, alwaysdefault to change the password
quick.
SPEAKER_02 (12:00):
Okay.
So changing your passwords, youknow, doing all things are
great.
We love the convenience.
We love the convenience of whenwe buy something online and it
says, Would you like to saveyour credit card number?
Would you like us to save yourdebit card number?
How dangerous is that?
Is that something that everyperson listening should go in
(12:21):
and remove that, or is it onlyif we're still clicking on
unknown links?
SPEAKER_00 (12:29):
No perfect answer to that one.
SPEAKER_02 (12:31):
Okay.
SPEAKER_00 (12:31):
Um, even me, do I have my say my credit card saved
on Amazon?
I do.
SPEAKER_02 (12:38):
I feel better.
SPEAKER_00 (12:39):
But on a lot of other sites, on on less
well-known sites that I've stilldone business with, no, I do
not.
And the reason behind that isyou have to kind of look at the
company that you're doingbusiness with.
And in my brain, I go, what'sthe likelihood of them getting
hacked and some hacker gettingaccess to my credit card
(13:00):
information that they'restoring?
Well, when it's a smaller shop,you have to say that probability
goes up versus an Amazon.
Amazon's got an army of securitypeople.
This small shop does not.
And we don't know how they'redoing business in the
background.
So when it's a kind of smallershop type of thing, or maybe,
you know, even like an Etsy orsomething like that, I do not
(13:22):
save my credit card informationin those.
The bigger shops, yeah, theWalmarts and Amazons of the
world.
Um, are they perfect?
No.
Do they get hacked?
Yes, but they've got a lot moremoney invested in protecting
that information than, say,these others.
SPEAKER_02 (13:38):
All right, I'll sleep a little bit better
knowing that we're doing we'reon the same page with that.
Now, cybercrime is not alwayslimited to just being online.
I want to just take a minute andtalk about some of the other, I
guess, digital crimes, forexample, gift cards.
You know, this is the time ofthe year where people buy those,
you know, now more than ever.
And you see now you have toworry about that somebody go in
(14:00):
the store, that they steal thenumber and go online and do it.
I remember literally readingthat you buy them from a store
where the cards are literally infront of the register because
it's less likely somebody willcome in and take those, you
know, take those cards anddamage them.
What information can you share,if anything, to kind of help us
keep safe with buying giftcards?
SPEAKER_00 (14:22):
So really there's there's two sides of the gift
card business when it comes tosecurity.
Um you'll see it from the sideyou're talking about where you
want to go buy one, but you'reafraid that it's been, you know,
it's already been scratched off,it's been accessed, however you
want to say it.
Um that's true, but that's alsonot as common.
(14:45):
Um does it happen?
Yes.
Is it a big, big concern?
Not usually, because you cantell if the package has been
tampered with in a lot of cases.
So my advice with those is checkover the package, make sure it
looks like this is, you know,it's still stuck down, the the
case is still around it.
Uh depending on where you shopat, kind of depends on what that
looks like.
But what I would actually liketo point out about gift cards is
(15:08):
be very aware and careful ofsomeone soliciting you to buy a
gift card.
That's actually a much morecommon attack, is like your boss
sends you an email and says,Hey, I need you to go buy$400
worth of gift cards for thismeeting that I'm in for these
people for Christmas orsomething like that.
Gift cards become um a much morecommon currency during the
(15:30):
holiday season than they do,say, in the middle of June.
It might stick out to you inJune, where in December they're
going, oh, this is for This is acommon practice.
Yeah, this is for all thevendors that just came in.
We want to do this or ouremployee.
We've got special people herethat are and we want to do this.
So it it kind of clicks in thebrain of, oh, this is probably
more okay than it would be inJune.
(15:51):
And you have to stop and look atthat and really decide, is this
legit?
Maybe you contact that person ina different way, not don't reply
to the email because their emailmay be compromised at that
point.
But say you give them a call andyou go, hey, Bob, did you send
me this email about getting giftcards for the people?
And he's like, I don't know whatyou're talking about.
So um, yeah, gift cards as acurrency during the holiday
(16:11):
season is definitely more of athing than it is at other times.
SPEAKER_02 (16:14):
So, any other maybe non-online or digital areas we
should be looking for wherepeople are easily scammed more
so during the holiday time?
SPEAKER_00 (16:25):
So you do see an uptick in social engineering
attacks during the holidayseason.
Once again, go back to that ideaof we're all busy, we're all
distracted, we're all doingother things, thinking about
other things.
It makes us more susceptible tobeing attacked.
And when I say socialengineering, that's the phone
calls, that's these randomtexts.
I don't know if everybody elseis getting them, but I'm getting
it.
(16:47):
Or hey, we just had a meetingabout such and such, and you
know, call me about this.
And there may not even be a linkinvolved that they want you to
click on.
Sometimes there is, andsometimes there isn't.
But con men or scammers in thiscase, they just want to start a
conversation.
And whatever they need to do tostart that conversation, they're
gonna say.
And if they throw enough hooksout there, sooner or later they
(17:08):
get a bite.
So with you, it might be theytry this angle, they try that
angle, and none of those work,but they they hit you one time
and you're not paying attention,and it's late at night and
you're tired, and this one lookyou're like, oh, uh, yeah, I
need to respond to that.
And you send them your your cellphone number.
So now they know that that'skind of like blood on the water,
(17:30):
is oh, they they fell for it.
Let me keep going and let mekeep going.
So um the social engineeringdefinitely shows an uptick
during the holiday season.
It's always a thing, but again,we're distracted, we're busy.
SPEAKER_02 (17:42):
Is there any foolproof way to detect
spoofing, you know, because thatseems to be a big thing.
It says Regents Bank, it saysneighbors federal credit union,
and it's really not.
Is there any thing that we canclue in on that says, yeah, I
know it says neighbors, but Iknow it's not?
SPEAKER_00 (17:59):
So you have to take the, let's say we're talking
about an email or a text, youhave to take the whole message
and kind of evaluate it insteadof immediately looking at that
email address and going, this islegit, and then continuing, you
have to take it holistically andlook at, okay, it says it's from
this person, but it's telling methese weird things that I've
(18:20):
never seen before and I'm notsure about this.
So even though I kind of trustmaybe that who that source is,
who that from address is, themessage doesn't sit right.
So you have to look at all theindividual little pieces.
And you know, when we talk aboutphishing emails, you're you're
looking at things like who isthe address that it says it's
coming from, which can bespoofed.
(18:40):
You can fake that.
What's the subject say?
Is it is it kind of weird?
Do you not normally see subjectslike this from that kind of
vendor?
Um, is the the two veryimpersonal, you know, dear,
whomever, or or you know,however they want to say it,
does it normally come like that?
Or is it always personalized?
(19:01):
Then the message is it, does itmake sense?
Is it broken English?
That they've really that's kindof a an old idea, yeah.
Because AI makes it so easy towrite a solid email.
Now it's not hard for somebodywho doesn't even speak English
to write an English email thatmakes complete sense.
But you're looking for thatoverall context of what the
(19:21):
message is, not just trusting,oh, because it says this is from
this person, it's legit.
It's not necessarily true.
SPEAKER_02 (19:28):
So now that we've kind of scared anybody,
everybody to stay home and dohomemade gifts, definitely save
you a lot of money.
Is there any one golden rulethat you think everybody
listening should kind of abideby, whether it's the holiday
season or not, to avoid orminimize their chances of being
scammed?
SPEAKER_00 (19:46):
So the two big things going back to one earlier
is the the don't click.
If you can avoid clicking onthings, don't click.
Even if it's legit, go the otherway.
Do do do something to get aroundclicking on that if at all
possible.
If you can't and you have to,and you that's your risky click
of the day, and you know, you'rerolling the dice a little bit.
SPEAKER_02 (20:06):
Click at your own advice.
SPEAKER_00 (20:07):
But we all have to do that.
And the other thing I would say,um, kind of my other big
catchphrase is were youexpecting this?
Now in the holiday season, thatgets trickier, right?
Because 50% off of such and suchand so you weren't expecting
that, and you're happy about itand you're seeing it, but now
you have to evaluate that.
You have to stop and applyjudgment.
And that's really the exhaustingpart of being secure, is that
(20:30):
you have to spend a lot ofenergy stopping and looking and
saying, does this make sense?
We want to be on autopilot.
We just want to see and react,especially, oh, emotional
reaction, or there's a timeelement to it.
I got to act fast, or this isgonna go away.
SPEAKER_02 (20:44):
This is even, I've got 10 minutes left to get this
done.
SPEAKER_00 (20:46):
Right.
So it's harder during thatholiday season to say, were you
expecting this?
But it's still a nice goldenrule to kind of live by when you
get that email or when you getthat text, or you know, was I
expecting this UPS notification?
Yes, but that doesn't mean I'mgonna click on it.
You know, do I really need toknow where this is?
(21:07):
No, it's either gonna show up atmy door on time or it's not.
And clicking on that linkdoesn't make anything move very
fast.
SPEAKER_02 (21:14):
Well, you heard it here from the expert,
information, head of informationsecurity.
Don't click, take your time,read.
If it sounds too good to betrue, go to the actual website
instead of clicking on thoselinks.
That way you can enjoy this timeof the year without the fear of
having to become victim of ascam.
(21:34):
Thank you, Russell, for joiningus again.
Hopefully, this will help a lotof our listeners stay safe
during the holiday season.
SPEAKER_00 (21:42):
Thank you for having me.
SPEAKER_01 (21:46):
It's time for blueprint building blocks.
Small changes that lead to bigfinancial wins.
Let's stack up for success.
SPEAKER_02 (21:56):
Think before you click.
Scammers love the holidays.
Don't let them love your wallettoo.
Think before you click and shoponly from trusted sites.
Your money, your guard.
Keep your information safe thisseason.
Use strong passwords, avoidpublic Wi-Fi, and never share
your personal informationthrough email attacks.
(22:17):
Look, if it's a deal that soundstoo good to be true, it probably
is.
Verify before you buy, doublecheck links before entering your
payment information.
Look, cybercrimes don't stop athome.
Be cautious with emails andattachments at work too.
One wrong click can affect yourwhole system.
(22:38):
Be safe through the holidays,enjoy them, but just use a
little bit of common sense.
SPEAKER_01 (22:44):
That's a wrap on today's Blueprint Building
Blocks.
Stay on track with yourfinancial journey.
Subscribe to the Money MattersPodcast.
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Brothers Ortiz
The Brothers Ortiz is the story of two brothers–both successful, but in very different ways. Gabe Ortiz becomes a third-highest ranking officer in all of Texas while his younger brother Larry climbs the ranks in Puro Tango Blast, a notorious Texas Prison gang. Gabe doesn’t know all the details of his brother’s nefarious dealings, and he’s made a point not to ask, to protect their relationship. But when Larry is murdered during a home invasion in a rented beach house, Gabe has no choice but to look into what happened that night. To solve Larry’s murder, Gabe, and the whole Ortiz family, must ask each other tough questions.