christmastree Don't Get Scammed by Santa

Someone’s been naughty this year-and we’re not talking about you! Those awful scammers don’t take time out for the holidays, and if you don’t know what to expect you can be their next victim.

One of the oldest holiday scams, which is even more prevalent in the age of the internet, is the letter-from-Santa scam.

Here’s all you need to know about this Christmas-themed scheme.

How it plays out

In this ruse, scammers set up bogus websites where parents can order legitimate-looking letters from Santa for their children. The cost is less than $30. All they need to do is share some details about their child along with their credit card information, and the letter is supposedly as good as mailed.

Except that it’s not. Unfortunately, anyone who follows the instructions detailed on the site has just fallen prey to a scam. They’ll never see that promised letter, or the money they paid for the privilege of receiving a note from Santa. Worse, the ring of scammers now has the children’s information and their parent’s credit card details.

This set of circumstances can have all sorts of unhappy endings, from identity theft to emptied accounts. Sometimes, the scammers will go after the child’s credit, which will likely go unchecked for years. When the children are grown and try to open a credit card or take out a loan, they may find that their credit score has been destroyed by these scammers over the years, all without their knowledge.

Some sites will even offer to send the letter at no cost. All you need to do is share some details about your child, like their full legal name, date of birth and home address. Of course, this is also the work of scammers looking to steal your child’s identity.

How can I tell it’s a scam?  

There are legitimate websites where you can order a letter from Santa for your child at no risk of identity theft or a ruined credit history. But how can you weed out the phony sites from the authentic services?

We’ve made it simple. Look for the following red flags, which should alert you to the fact that a site is created by scammers:

  • The fruadster reaches out to you repeatedly. Promotional emails and ads are one thing; targeted marketing that is so aggressive it borders on harassment is another thing entirely. If a company doesn’t stop sending you emails or alerts about its services, you may be dealing with a scam.
  • The site is not secure. As always, check for the lock icon and the ‘s’ after the ‘http’ in the URL; both indicate a site’s security. Also, look for security badges on the bottom of the webpage and click on them to see if they’re actual links to the security company they allegedly represent. Scammers often post static images of well-known security badges, which do fool people into thinking the site is safe.
  • You need to answer too many questions. Yes, a service sending your child a letter from Santa will need to know your child’s name and mailing address. They may even ask your child’s age so they can send an age-appropriate letter. But there’s no need for them to be privy to your child’s exact date of birth, and certainly not their Social Security number. If the questions in an online form are making you uncomfortable, opt out.
  • You can’t reach a representative by phone. Most websites will have the company’s toll-free contact number on the site’s homepage. If you suspect fraud, try the number. If the company is bogus, the number will likely be a fake.
  • You can’t find any positive reviews about the company online. An online search on a legitimate service should bring up basic information and some positive reviews about the service. If a search turns up empty, and of course, if it turns up any reports of past scams, the “company” is run by crooks.

If you’ve recognized a company as a scam, be sure not to click on any links that are embedded in their emails. Flag their emails as spam, and delete every email, message and alert it sends you.

You can still send your child a letter from Santa. Try a legitimate site like Portable North Pole or or better yet, create and send one yourself!

Your Turn: Have you been targeted by a letter-from-Santa scam? Share your experience with us in the comments.


smartphone Robocalls Claiming Your Social Security Number is Suspended

Be on the lookout for a popular robocall scam that is tricking people into believing their Social Security number (SSN) has been suspended. The robocall tells you to call the number provided to speak with a government agent about the issue. Some of the robocalls even threaten to issue an arrest warrant if the victim doesn’t respond.

When you call the number back, you are actually speaking with a fake government agent. This scammer will try to trick you into giving up sensitive personal information like your SSN, birth date, and bank account number.

Always remember the following to stay safe from tricks like this:

  • Your Social Security number can never be suspended.
  • The Social Security Administration will never threaten to arrest anyone.
  • Do not share any type of personal information with anyone you don’t know over the phone.
  • If you get this type of call, hang up the phone immediately and report the call to the appropriate agency.

alert Securing Your New Devices

During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), recommends these important steps you should consider to make your Internet of Things more secure:

Use Strong Passwords:

Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some Internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.

Evaluate Your Security Settings:

Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more at risk. It is important to examine the settings, particularly security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.

Ensure You Have Up-to-Date Software:

When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.

Connect Carefully: 

Once your device is connected to the Internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the Internet is needed. See Securing Your Home Network for more information.


lock Quick Tips on Protecting Your Security

Securing Your Account:

  • UKFCU will never ask you to send us your personal information such as account numbers, card PINs, Social Security numbers, or Tax IDs over text or email.
  • Enable biometric logins, like finger-print and facial recognition within your phone's settings, for added security within your mobile banking app.
  • Frequently check your accounts, verifying your purchases and withdrawals.

Protecting Your Identity:

  • Periodically check through your credit reports to make sure your accounts are secured.
  • Do not carry sensitive information in your wallet like your Social Security card and Medicare card.
  • Keep personal documents in a secure place, and shred sensitive documents when appropriate.

Security Resources:


3/21/18 IMPORTANT INFORMATION: Debit Card Security Alert

Please be advised, if you have recently used an ATM in Lexington and surrounding areas, you need to be aware of a possible debit card compromise on your account. Please keep an eye on your account for any suspicious activity and if you see any fraudulent activity on your account, call 859.264.4200 or 800. 234.8528, immediately.

We will continue to work diligently to ensure your account is as secure as possible and update you on any possible data breaches.

To monitor your account thoroughly, sign up for Online Banking, or download our Mobile App. You may also sign up for Visa Purchase Alerts, which will notify you by email when transactions occur on your account. We apologize for any inconvenience this may cause.


While the internet and computers offer many opportunities and advancements for business and individuals, it also opens your door to predators and crooks. It is important to pay attention to who you are giving your confidential information to and make sure it is someone you know and trust.

You should NEVER be asked for your confidential information over e-mail. E-mail is not a secure method of transmitting information and the messages can be tapped into and information stolen. If you feel that you have received an e-mail or are suspicious of someone trying to commit Identity Theft, it is very important that you report the scam quickly so that law enforcement agencies can shut the fraudulent operations down.

Falcon Fraud Detection is provided to every UKFCU member with your debit and credit card. Falcon Fraud Detection reviews each suspicious transaction, reviews the cardholder account and calls the cardholder if necessary. The number for Falcon Fraud Center is 1.888.918.7313.


General Identity Theft and Fraud Information

Federal Trade Commission: Scam Alerts

Take the Fraud Awareness Quiz- Are you protecting yourself against fraud?