Holiday Scam Warnings for Physicians

December 2, 2014

Good asset protection goes far beyond mitigating malpractice risks. Some exposures, like financial fraud and identity theft, peak during the holidays.

Last Sunday's episode of 60 Minutes reported on a story about credit-card theft, which has reached global proportions - retailers like Target, Home Depot, and even Chase Bank have suffered security breaches in 2014 involving tens of millions of credit-card numbers. The warnings provided in the story echoed many of the same lessons I've shared with my clients and readers over the last several years: including specific, but simple, computer-related security tips to implement before shopping online during the holiday season.

Be aware of increased financial exposure

Scammers know that you'll be spending unusual amounts of money in unusual places during the holiday season; that you're busy; and that you'll have a much higher than average volume of transactions. This makes slipping in a few extra transactions for themselves easier. It's important that you keep receipts, read your credit-card and bank statements carefully, and consider using credit cards with limited credit-line exposure, as opposed to a debit card linked directly to a bank account.

It's also a good time to do an inventory; do you even know how many credit and bank cards you are carrying in your wallet or purse? Many people don't, so make sure you know what's in your wallet, in case it's lost or stolen. Services like LifeLock and other credit-monitoring services have also saved my clients considerable time and stress, with a single phone call in these situations - instantly notifying all card issuers, shutting down any charges, and having new cards issued.

Another common scam is a "card-switch," where you provide a credit card when paying for a purchase, but, get a stolen or expired credit card back - always check to make sure you have the right card before leaving. I've previously provided some additional warnings on related fraud rackets, including those that target your smartphone, and people opening promotional credit-card accounts in your name as well, so consider that free credit report sooner rather than later.

Reviewing the basics

1. E-mail-based scams are still pervasive.

Stop giving the bad guys your passwords, just because they ask. Remember that criminals will often send you spoof e-mails that look like they are from your bank or credit card company, and direct you to "click this secure link" and "log in" so you can update your security settings, keep using your card, or some other urgent pressure tactic. Real merchants almost never do this and some of the e-mails can be spotted with a careful read; they have typos, blurry graphics, odd return addresses (for instance, an e-mail that's supposed to be from Wells Fargo should not have a return e-mail address that ends in @internet.cn. But others are nearly perfect.

If you get such an e-mail and can't determine if it is real, do not click on the links it contains, or call the number it provides. You should either directly log in to the merchant website the way you normally would, or call the 800 number on the back of your credit or bank card to see if there's a legitimate issue.

2. The telephone is still a threat, yes really.

People continue to be scammed by phone, perhaps because in the era of text messages and e-mails they feel that if someone actually calls them on the telephone it must be important. If you get a call that says something like, "Dr. Chen, I'm calling from (insert bank name) credit control. We have some concerns about your account, can you please verify that you have you have the credit card and read us the number to confirm that it's in your possession?", or some variation of that, just hang up.

Most merchants and banks say that they will not initiate calls and ask for your identifying information like your account number and social security number. They already have those. You may get calls or text messages (if you have those set up) informing you of a problem with an account or asking you to verify purchases. If that's the case it's important that you initiate contactwith the company through a phone number or website you trust.

Finally, watch your back, literally, not all the Grinches are on the Internet.