Money Matters

The podcast that focuses on how to use the money you have, make the money you need and save the money you want. Host Kim Chapman, Financial Wellness Director for Neighbors Federal Credit Union, explores the issues that can affect your financial well-being and discusses ways for you to enjoy the financial freedom you've been looking for.

All Episodes

Money Matters

Holiday Scams And Safe Shopping

December 03, 2025 • Brought to you by Neighbors Federal Credit Union • Episode 95

We break down the most common holiday scams and show how small choices—slowing down, going direct, and verifying—protect your money and your identity. Russell Barger, VP of Information Security, shares simple rules that stop most attacks at home and at work.

• seasonal lures through fake deals, social posts and tracking links
• warning signs: urgency, odd senders, spoofed domains, impersonal tone
• safer shopping by navigating directly to trusted sites
• workplace risks from HR and payroll phishing during year end
• how to verify without clicking and use second channels
• what to do after a risky click and quick password resets
• saving cards on big retailers versus small shops
• gift card scams: tampering checks and “boss” requests
• social engineering spikes and holistic message evaluation
• two golden rules: don’t click and were you expecting this

Subscribe to the Money Matters Podcast

Have an idea for a show or a question for Kim? Send us a text message

Support the show

Welcome to Money Matters, the podcast that focuses on how to use the money you have, make the money you need and save the money you want – brought to you by Neighbors Federal Credit Union.

The information, opinions, and recommendations presented in this Podcast are for general information only and any reliance on the information provided in this Podcast is done at your own risk. This Podcast should not be considered professional advice.

SPEAKER_01: 0:02

Welcome to Money Matters, the podcast that focuses on how to use the money you have, make the money you need, and save the money you want. Now, here is your host, Ms. Kim Chapman.

SPEAKER_02: 0:14

Welcome to another edition of Money Matters. Guess what? The holiday season is here, and what should be the happiest time of the year where we spend lots of time with family, and of course we spend money because it's gonna be Christmas. But guess what? It's also the busiest time of the year for scam artists, people that are looking to steal your assets. So we want to make sure that you stay safe during the holiday system. So, during the holiday season. So, with me today, actually returning, is the VP of Information Security, Mr. Russell Barger.

SPEAKER_00: 0:46

Thanks for having me.

SPEAKER_02: 0:47

Thank you for coming back. We definitely are gonna need your expertise so that we can stay safe. You know, we want to be able to shop. Shopping online is so, so convenient, but at the same time, it's a little scary. It's a little dangerous because the scammers are out there and they're looking for those vulnerable moments so that they can take advantage. So, what are you seeing in some of the biggest crimes, cyber crimes that are coming out, especially for the holiday season?

SPEAKER_00: 1:14

So, Kim, the the trick with the holiday season is how does our behavior change? So we're shopping more, we're going to more sites, we're getting more things delivered to us, so we're getting tracking notifications, we're looking for deals, or we're looking for that special it gift that you have to have this year. And all of those things make very predictable behavior that the bad guys know. And if they know what the behavior is, they can find ways to exploit it. So, you know, when you talk about uh sites, you might get an ad pop-up that says, ooh, come to our site. We have everything 50% off. Come shop with us when the whole thing is a scam. Uh, you might get social media posts where people are selling something, they're selling that it item and they're selling it super cheap. And you're like, ooh, that's a deal. Let me grab that. Once again, probably a scam. Uh, and then you get we get these all year round, but what about the tracking notifications that you get? Click this link to track your package, or there's a delivery problem and say you're waiting on something because you're you have to take this. You have to take it.

SPEAKER_02: 2:17

And who isn't waiting on something?

SPEAKER_00: 2:19

Right. So are you more likely to click on that during the holiday season than you would at another time? Absolutely. So all of those things are sort of the common uh gotchas during Christmas because of the behavior, because they know what you're trying to do right now and they know what you're interested in.

SPEAKER_02: 2:36

Yeah, I have to say, I think the delivery one has to be one of the most clever scams that I think is around. Because again, if I were to survey, you know, who's not waiting for a package from Amazon, from Sheen, and all these other online things. So, what are some of the warning signs? So when we get that, because I remember one morning, it was like six o'clock in the morning, I received one of those emails or texts saying that, hey, that there's a problem with my delivery. And to be honest, I'd had a delivery I was expecting, and I think I had actually received a legitimate email saying that it was delayed, and then I received this one. For me, I think what caught my attention was that it was from Amazon at Feliciasmith.com. And I'm like, who's Felicia? So, what are some of the warning signs that we could look for that it's a scam?

SPEAKER_00: 3:25

So the warning signs um for the holiday season really are the all all the same warning signs that you do with all the time throughout the year. Who is it that this is coming from? Is this an unexpected number? Is this an unexpected email? Is the information have a sense of urgency to it? You know, you need to do this now, you need to click this. Somebody got into your account. All of those things are used to elicit a response instead of stopping and thinking about what this is or who it's from or looking into the details of what it is that you're being sent. So, you know, that's the the tricky part of the psychological game that the bad guys play is they don't want you to stop and think. They just want you to react. Right. Oh, my package is running late. Well, I need that. Let me click and see what the problem is or where it's stuck or how long it's gonna be. Um, here's this thing that's 50% off that I really want. Well, I can go over here and get it on this legit site that I know is safe, but it costs$20 more there. That risky click of going over to the cheap site may just result in you losing access to your bank account, losing access to money, identity theft, and you know, name it. Any of those bad things can happen. So um it's a lot of those same identifiers. Were you expecting this? And we don't always, for instance, with those emails of, hey, something's running late. You're not expecting that because you don't want it to run late, right? But that doesn't mean you automatically trust it. If especially if you weren't expecting it, be very wary. But I tell people in this day and age, with the amount of things going on, the scams, the bad guys doing things, really, you need to have your thinking cap on all the time. Don't let things pressure you and pay attention to all the details. Sometimes you may get a legit email that says something's running late. Does that mean you have to click on that link? Okay, it's running late. You can't do anything about it.

SPEAKER_02: 5:20

No, I need my package today. You said 24 hours.

SPEAKER_00: 5:23

But clicking that link doesn't make it come any faster. So um I I've run into that before where you get something and you're just not sure, and you're like, this is not gonna be the risky click of the day for me. I'm not gonna do it. So I'm just gonna wait and it'll get here when it gets here.

SPEAKER_02: 5:37

If only we could be that patient. So, like I said, shopping online seems to be the wave. I can remember 10 years ago, what the heck was Cyber Monday? It's like, I'm not shopping online, I'm gonna go to the store. But so many people are doing online. And of course, there are people that are a little bit hesitant. You know, taking the hustle and bustle away, if I want to sit down, focused, and do some shopping online, what are some good practices? What are some things that all people should do before they even start clicking to just kind of minimize their risk?

SPEAKER_00: 6:08

So, really, you don't want to click. If Amazon sends you something that says, hey, we've got this item, click this link to get there. The correct course of action is just go to Amazon.com and go find the item. You know how to get there. It doesn't require you clicking on anything that might, maybe not, but might get you in trouble, right? Those links, they're nice, they're quick, but they're also a great delivery mechanism for the bad guys to install things, have you give information, anything else. If you know this is at Amazon, go look at Amazon and just you know, go hunt for it. Same thing. Stick with your trusted websites. Um, you know, we shop at Amazon, we shop at Walmart, we shop at Target, all these dot coms that we're very familiar with. We know how to get there, we know how to use it. None of those require using a link or a shortcut to get me there that may redirect me somewhere else.

SPEAKER_02: 7:05

So take the extra minute to save the dollar and you may save it.

SPEAKER_00: 7:08

Absolutely. That's a better safe than sorry thing. Yes, that clicking that link maybe get me to that exact item, or it may get me to a site that isn't even Amazon.

SPEAKER_02: 7:17

And of course, obviously I would imagine for our personal lives we click a lot more than professional, but of course, you know, criminals are out to do, you know, scams professionally well. So how can we protect ourselves in terms of the workplace?

SPEAKER_00: 7:32

So in the workplace, you're gonna have a couple of big scams that come out during this time of season. You're gonna have HR and you're gonna have payroll. The HR ones are great because what do people do during the holiday season? They take time off, right? Of course. Um, I actually ran a fish test on in a previous organization around Christmas time and said, ooh, a vacation policy change. Click the link to see what it is. The most clicks I've ever had in any fish test I've ever seen because it was very timely, right? And that's part of that behavior. They want to know, okay, it's this season, that means this behavior, that means I use this type of attack. And so you got HR warnings, you've got, hey, this is changing, pay attention. And what's your brain on? Your brain's on how do I safely shop at Amazon, right? How do I get what I need to get? You know, it's not on that. And you see, oh, what are they changing now? Let me click on this and see what I need to do. And you don't stop and think about it. Um, payroll is the same thing. They're they're looking for you to be distracted during the season because we are distracted. There's a lot going on. We're way busier than we normally are personally. Um, you may have family coming into town, you're worried about what to get people, you're worried about this, that, and the other. And all of that distraction sets you up to be more likely to click on something or not pay attention to something that normally you would.

SPEAKER_02: 8:54

Are there ways, you know, when I think back to days when I worked in Branch, if you thought a check was fake, you could bring it to your teller and they could maybe run it and see if it was legitimate. Are there a test that we could do if we see a link that we want to click on, if we see a special? Are there things that we can do to verify it before clicking on the link, other than maybe just going to that actual website?

SPEAKER_00: 9:18

Sort of. You can definitely mouse over the link, just hover over it and see where it goes. Okay. But that's not always a guarantee. Okay. And that's why I say, you know, don't click unless you have to. Go directly to Amazon and go look for it, because they can get really tricky, even with the fonts that you use. An I in one font and an I in another font may send you to two different sites. Or you'll see, say, like a Microsoft.com. Instead of using an M, you can use an R and an N. And those together look like an M. And there's all kinds of little tricks like that that you can use to make it look like you're going somewhere that you're actually not. So best advice, don't click on any link. You don't have to. If you know that you can get there another way, you know how to get to the site, do it like that. Don't click on the link.

SPEAKER_02: 10:10

So it kind of sounds like the best advice is just to slow down, take your time. The long way might be the best way.

SPEAKER_00: 10:16

When I teach security classes, I usually sum them up to the end in two words, is don't click. Because that really is how they're going to get you if they're going to get you, is by clicking on it.

SPEAKER_02: 10:27

Sounds like a caption for a billboard. Now, of course, we know not everybody's gonna listen, or for some people, it might be just a day late and a dollar short for this information. So if you've clicked on something and you fear that you've been scammed, or maybe you've exposed your information, what are some common immediate things that someone should do?

SPEAKER_00: 10:46

So depending on what information that you've done or what you've clicked on, there's a few different avenues here. Number one, if you clicked and it opened up a page that if you put in your credentials into, so you're using my password for like an Amazon or something like that, and you immediately have that instant regret of wait a minute, I'm not sure I should have done that. Your first move is always to go change your password as quickly as possible. When in doubt, go change your password. It's annoying. Yes, you have to remember a new password. However, you're doing that, I recommend password managers. But however you're doing that, that is the safest thing you can do because the quicker you can do that, the more likely if they did get your information, they can't use it. Uh, if you've clicked on something and it tried to install something, that's where it gets a little hairier. Uh you can try and stop that, but that may or may not work, and you may have already uh hopefully you're backing up your information on to onto something else because that's when it really gets scary when things get installed because you don't know what that's doing and and what it's gonna impact. So um credential-wise, always default to change the password quick.

SPEAKER_02: 12:00

Okay. So changing your passwords, you know, doing all things are great. We love the convenience. We love the convenience of when we buy something online and it says, Would you like to save your credit card number? Would you like us to save your debit card number? How dangerous is that? Is that something that every person listening should go in and remove that, or is it only if we're still clicking on unknown links?

SPEAKER_00: 12:29

No perfect answer to that one.

SPEAKER_02: 12:31

Okay.

SPEAKER_00: 12:31

Um, even me, do I have my say my credit card saved on Amazon? I do.

SPEAKER_02: 12:38

I feel better.

SPEAKER_00: 12:39

But on a lot of other sites, on on less well-known sites that I've still done business with, no, I do not. And the reason behind that is you have to kind of look at the company that you're doing business with. And in my brain, I go, what's the likelihood of them getting hacked and some hacker getting access to my credit card information that they're storing? Well, when it's a smaller shop, you have to say that probability goes up versus an Amazon. Amazon's got an army of security people. This small shop does not. And we don't know how they're doing business in the background. So when it's a kind of smaller shop type of thing, or maybe, you know, even like an Etsy or something like that, I do not save my credit card information in those. The bigger shops, yeah, the Walmarts and Amazons of the world. Um, are they perfect? No. Do they get hacked? Yes, but they've got a lot more money invested in protecting that information than, say, these others.

SPEAKER_02: 13:38

All right, I'll sleep a little bit better knowing that we're doing we're on the same page with that. Now, cybercrime is not always limited to just being online. I want to just take a minute and talk about some of the other, I guess, digital crimes, for example, gift cards. You know, this is the time of the year where people buy those, you know, now more than ever. And you see now you have to worry about that somebody go in the store, that they steal the number and go online and do it. I remember literally reading that you buy them from a store where the cards are literally in front of the register because it's less likely somebody will come in and take those, you know, take those cards and damage them. What information can you share, if anything, to kind of help us keep safe with buying gift cards?

SPEAKER_00: 14:22

So really there's there's two sides of the gift card business when it comes to security. Um you'll see it from the side you're talking about where you want to go buy one, but you're afraid that it's been, you know, it's already been scratched off, it's been accessed, however you want to say it. Um that's true, but that's also not as common. Um does it happen? Yes. Is it a big, big concern? Not usually, because you can tell if the package has been tampered with in a lot of cases. So my advice with those is check over the package, make sure it looks like this is, you know, it's still stuck down, the the case is still around it. Uh depending on where you shop at, kind of depends on what that looks like. But what I would actually like to point out about gift cards is be very aware and careful of someone soliciting you to buy a gift card. That's actually a much more common attack, is like your boss sends you an email and says, Hey, I need you to go buy$400 worth of gift cards for this meeting that I'm in for these people for Christmas or something like that. Gift cards become um a much more common currency during the holiday season than they do, say, in the middle of June. It might stick out to you in June, where in December they're going, oh, this is for This is a common practice. Yeah, this is for all the vendors that just came in. We want to do this or our employee. We've got special people here that are and we want to do this. So it it kind of clicks in the brain of, oh, this is probably more okay than it would be in June. And you have to stop and look at that and really decide, is this legit? Maybe you contact that person in a different way, not don't reply to the email because their email may be compromised at that point. But say you give them a call and you go, hey, Bob, did you send me this email about getting gift cards for the people? And he's like, I don't know what you're talking about. So um, yeah, gift cards as a currency during the holiday season is definitely more of a thing than it is at other times.

SPEAKER_02: 16:14

So, any other maybe non-online or digital areas we should be looking for where people are easily scammed more so during the holiday time?

SPEAKER_00: 16:25

So you do see an uptick in social engineering attacks during the holiday season. Once again, go back to that idea of we're all busy, we're all distracted, we're all doing other things, thinking about other things. It makes us more susceptible to being attacked. And when I say social engineering, that's the phone calls, that's these random texts. I don't know if everybody else is getting them, but I'm getting it. Or hey, we just had a meeting about such and such, and you know, call me about this. And there may not even be a link involved that they want you to click on. Sometimes there is, and sometimes there isn't. But con men or scammers in this case, they just want to start a conversation. And whatever they need to do to start that conversation, they're gonna say. And if they throw enough hooks out there, sooner or later they get a bite. So with you, it might be they try this angle, they try that angle, and none of those work, but they they hit you one time and you're not paying attention, and it's late at night and you're tired, and this one look you're like, oh, uh, yeah, I need to respond to that. And you send them your your cell phone number. So now they know that that's kind of like blood on the water, is oh, they they fell for it. Let me keep going and let me keep going. So um the social engineering definitely shows an uptick during the holiday season. It's always a thing, but again, we're distracted, we're busy.

SPEAKER_02: 17:42

Is there any foolproof way to detect spoofing, you know, because that seems to be a big thing. It says Regents Bank, it says neighbors federal credit union, and it's really not. Is there any thing that we can clue in on that says, yeah, I know it says neighbors, but I know it's not?

SPEAKER_00: 17:59

So you have to take the, let's say we're talking about an email or a text, you have to take the whole message and kind of evaluate it instead of immediately looking at that email address and going, this is legit, and then continuing, you have to take it holistically and look at, okay, it says it's from this person, but it's telling me these weird things that I've never seen before and I'm not sure about this. So even though I kind of trust maybe that who that source is, who that from address is, the message doesn't sit right. So you have to look at all the individual little pieces. And you know, when we talk about phishing emails, you're you're looking at things like who is the address that it says it's coming from, which can be spoofed. You can fake that. What's the subject say? Is it is it kind of weird? Do you not normally see subjects like this from that kind of vendor? Um, is the the two very impersonal, you know, dear, whomever, or or you know, however they want to say it, does it normally come like that? Or is it always personalized? Then the message is it, does it make sense? Is it broken English? That they've really that's kind of a an old idea, yeah. Because AI makes it so easy to write a solid email. Now it's not hard for somebody who doesn't even speak English to write an English email that makes complete sense. But you're looking for that overall context of what the message is, not just trusting, oh, because it says this is from this person, it's legit. It's not necessarily true.

SPEAKER_02: 19:28

So now that we've kind of scared anybody, everybody to stay home and do homemade gifts, definitely save you a lot of money. Is there any one golden rule that you think everybody listening should kind of abide by, whether it's the holiday season or not, to avoid or minimize their chances of being scammed?

SPEAKER_00: 19:46

So the two big things going back to one earlier is the the don't click. If you can avoid clicking on things, don't click. Even if it's legit, go the other way. Do do do something to get around clicking on that if at all possible. If you can't and you have to, and you that's your risky click of the day, and you know, you're rolling the dice a little bit.

SPEAKER_02: 20:06

Click at your own advice.

SPEAKER_00: 20:07

But we all have to do that. And the other thing I would say, um, kind of my other big catchphrase is were you expecting this? Now in the holiday season, that gets trickier, right? Because 50% off of such and such and so you weren't expecting that, and you're happy about it and you're seeing it, but now you have to evaluate that. You have to stop and apply judgment. And that's really the exhausting part of being secure, is that you have to spend a lot of energy stopping and looking and saying, does this make sense? We want to be on autopilot. We just want to see and react, especially, oh, emotional reaction, or there's a time element to it. I got to act fast, or this is gonna go away.

SPEAKER_02: 20:44

This is even, I've got 10 minutes left to get this done.

SPEAKER_00: 20:46

Right. So it's harder during that holiday season to say, were you expecting this? But it's still a nice golden rule to kind of live by when you get that email or when you get that text, or you know, was I expecting this UPS notification? Yes, but that doesn't mean I'm gonna click on it. You know, do I really need to know where this is? No, it's either gonna show up at my door on time or it's not. And clicking on that link doesn't make anything move very fast.

SPEAKER_02: 21:14

Well, you heard it here from the expert, information, head of information security. Don't click, take your time, read. If it sounds too good to be true, go to the actual website instead of clicking on those links. That way you can enjoy this time of the year without the fear of having to become victim of a scam. Thank you, Russell, for joining us again. Hopefully, this will help a lot of our listeners stay safe during the holiday season.

SPEAKER_00: 21:42

Thank you for having me.

SPEAKER_01: 21:46

It's time for blueprint building blocks. Small changes that lead to big financial wins. Let's stack up for success.

SPEAKER_02: 21:56

Think before you click. Scammers love the holidays. Don't let them love your wallet too. Think before you click and shop only from trusted sites. Your money, your guard. Keep your information safe this season. Use strong passwords, avoid public Wi-Fi, and never share your personal information through email attacks. Look, if it's a deal that sounds too good to be true, it probably is. Verify before you buy, double check links before entering your payment information. Look, cybercrimes don't stop at home. Be cautious with emails and attachments at work too. One wrong click can affect your whole system. Be safe through the holidays, enjoy them, but just use a little bit of common sense.

SPEAKER_01: 22:44

That's a wrap on today's Blueprint Building Blocks. Stay on track with your financial journey. Subscribe to the Money Matters Podcast.

Kim Chapman

Host

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Smidgen

Red Stick Spice Company