Credit Card Insider is an independent, advertising supported website. Credit Card Insider receives compensation from some credit card issuers as advertisers. Advertiser relationships do not affect card ratings or our Editor’s Best Card Picks. Credit Card Insider has not reviewed all available credit card offers in the marketplace. Content is not provided or commissioned by any credit card issuers. Reasonable efforts are made to maintain accurate information, though all credit card information is presented without warranty. When you click on any ‘Apply Now’ button, the most up-to-date terms and conditions, rates, and fee information will be presented by the issuer. Credit Card Insider has partnered with CardRatings for our coverage of credit card products. Credit Card Insider and CardRatings may receive a commission from card issuers. A list of these issuers can be found on our Editorial Guidelines.
While there may never be a shortage of scammers and fraudsters working vigilantly to steal your personal information, there are always ways to be diligent about protecting yourself from potential threats.
Keep reading to learn how to prevent credit card fraud and the resulting unauthorized charges, which, if not caught and removed, can have long-lasting negative effects on your credit scores.
The first step in protecting yourself from scams is to know which ones to look out for. Recognizing the possible signs of the many different scams can help you be more proactive in defending yourself.
You make your weekly stop for gas at the same station you always do. When you go to insert your card into the terminal, it doesn’t slide as smoothly as usual but you don’t think much of it. Later that week, you receive a text alert from your issuer claiming that suspicious activity occurred on your account. But how could this have happened?
Credit and debit card skimming devices fit over real card readers, and are strategically designed to look like the authentic readers. When you swipe your card, the skimmer captures the information associated with the magnetic strip, such as card numbers and PINs, and stores it.
There are similar devices that replicate keypads, allowing fraudsters to capture PINs by other means. And in some cases, thieves may set up tiny hidden cameras nearby to spy on people as they enter their PINs.
The fraudster may return to the skimmer to remove it and download the stored information. Other systems allow the information to be downloaded remotely.
Skimmers don’t need to interfere with the normal operation of the reader; you may use your card successfully and go about your business, never knowing your information was nabbed in the process.
Shimming is a relatively new scam, which evolved from skimming when chip cards were created to help defend cardholders from theft. Where skimmers are used to steal data during mag strip transactions, shimmers are used for chip transactions: either chip-and-signature or chip-and-PIN.
Shimmers are paper-thin devices with their own readers and storage, which are inserted into the slots in card terminals. When a card is dipped into the device, the information is stored in the shim. While the information stored in the shim can’t be used to replicate another chip card, scammers can create a version of the stolen card with a magnetic strip.
Similar to skimmers, always check to see if a terminal has been tampered with before inserting your card. Tampered terminals may have torn security labels or could seem tighter when you try to insert your card. If this is the case, cancel the transaction immediately. Shimmers are still relatively rare, thankfully, and chip transactions are still quite secure in most cases.
One man in Fontana, California, received a call from the IRS demanding a hefty payment in order to avoid arrest. The price? $2,200 in Target gift cards. After the two women who orchestrated this phone scam (and successfully received their gift card payment) were arrested, it was found that they were part of a large phone scam ring wreaking havoc on the entire nation. $900,000 in gift cards and goods were found in their apartment.
Fraudsters will reach out with unsolicited calls to pressure you to send over money or personal information. They may pitch elaborate giveaways —You’ve just won an all-inclusive vacation to Cuba! All you have to do is send over a security deposit to secure your cabin! — or impersonate a federal organization like the IRS and prey on the natural fear of arrest.
Robocalls saw a 57% increase from 2017 to 2018, with over 47.8 billion robocalls sent out in the United States alone. These deliver pre-recorded messages from a living person or an automated voice, and are used by scammers as a cheap and easy way to target large numbers of people from any location.
Phone scams also go beyond calls. Text messages are suspect too, thanks to a method called “smishing” — short for “SMS phishing.” Smishing is basically phishing with text messages. Never click on any attachments or follow any links sent to you from unknown numbers. If you do, malware may be downloaded onto your device.
Phishing scams target a potential victim, typically through email, pretending to be a reputable agency or company.
Two recent phishing scams are targeting users of Facebook and Instagram. The first targets users of Facebook Messenger, through which the scammer will impersonate a friend of the user. Scammers will send malicious video links with a baity message like “Is this you?” or a call to action to open the video.
The second scam reaches out to Instagram users as Instagram itself, claiming accounts will be suspended for violating the social media network’s copyright laws. It prompts users to fill out a Copyright Objection Form, but it’s actually a scheme to obtain your login details.
Scammers leverage credibility by impersonating established companies, to steal personal information or bait victims into clicking malicious links.
Your safest bet is to always go into the station itself to pay for gas or visit an actual teller when withdrawing cash rather than use an ATM. A card reader in front of a cashier is always harder for a scammer to target.
Before inserting or swiping your card, always check to see if the card reader is firmly attached. If there is movement, or if your card doesn’t slide in properly, it may have been tampered with. Look for signs of small cameras near the keyboard, which could be used to record your PIN.
Mobile wallets, like Apple Pay, Google Pay, and Samsung Pay, provide another layer of security when opting for cashless payment methods. While the primary perk of digital wallets is their convenience factor, they use encryption technology to protect the information on your cards, so your actual card data is never involved in the transaction.
If you’re an Android user, you may benefit from the Skim Plus smartphone app, which is meant to detect Bluetooth skimmers and will plot any located skimmers using Google Maps. There’s at least one iPhone app as well, but it doesn’t have great reviews; users may expect more iOS-compatible skimmer apps in the future, if any enterprising developers take up the task.
While Frank Abagnale is most recognizable as the inspiration for Leonardo DiCaprio’s character interpretation in Steven Spielberg’s film “Catch Me If You Can,” the former con artist now serves as a professional security consultant for the FBI. He trains agents to fight back against scams, and offers advice to consumers as well.
Does an unsolicited caller who wants to hand over a small fortune you won in a foreign lottery sound too good to be true? It probably is. Abagnale highlights a few common signs that you’re dealing with a scammer:
Phone scams may appear as:
Always research any information the caller provides. Skilled scammers can make phone calls seem legitimate by masquerading as banks or government agencies, and sometimes they’re quite good at it.
Fact check company names the caller claims to be associated with. Hang up and call the company, bank, or other organization directly via an official number to confirm the call’s legitimacy. Contacting an official number will give you the opportunity to check whether or not the call you received was real.
Phishing has evolved in both its approach to and depth of deception, and now exists beyond the standard email scam. Examples may include:
If you receive an email from what appears to be a legitimate company, like Microsoft or your bank, threatening to deactivate your account or claiming suspicious activity requires you to sign in to your account, you may be dealing with a common type of phishing. An urgent tone is typically used to intimidate recipients into handing over personal information.
Legitimate companies will typically never request personal information over email. Look for misspellings in the company’s name, the URL, the appearance of an unknown URL when hovering over a provided link, or messages that don’t use your name — real companies will typically customize the message to use the customer’s name, although scammers can do this too.
Newer phishing methods are targeting cloud services such as Dropbox or Google Docs. Scammers will lure users into opening up a shared doc or Dropbox file, which may automatically download malware.
A fraudster can target employees of a specific corporation through a business email compromise: The attacker poses as the CEO and reaches out to employees through work emails. Signs that you’re dealing with a scammer may include frequent grammatical errors or unusual information being requested.
In one case Centrify was the target of CEO fraud, where scammers reached out to an employee from what appeared as the boss’ email. The scammer requested a six-figure wire transfer to an external account, which was almost fulfilled before it was noticed that the ‘f’ and the ‘i’ in Centrify were switched within the fake email.
Rather than reach out via email, attackers hack the domain naming system (DNS) of a legitimate website so that, when a user types in that URL, he or she is redirected to a malicious website. This is known as DNS poisoning. The same effect can also be achieved by hacking an individual computer, forcing the user to visit fraudulent sites even when typing in the correct URLs.
DNS poisoning needs to be mitigated by the internet service provider in most cases, but you can make efforts to protect yourself by always using a legitimate ISP that regularly updates its security software. Staying diligent with the latest anti-virus software and security updates can improve your own defenses.
Being educated on the common tactics fraudsters use to steal your personal information is only the first step. It’s also important to practice other forms of defense to help stay protected.
Despite your best efforts, payment card fraud can happen in many different ways, so it’s good to be informed. Read more about ways to prevent identity theft with credit and debit cards.
If you become a victim of credit card fraud, immediately dispute any unauthorized charges. Alerts on your credit accounts (and credit reports) may only notify you of activity; they don’t necessarily take action for you, so familiarize yourself with ways to fight back against fraud and identity theft.
Credit Card Insider receives compensation from advertisers whose products may be mentioned on this page. Advertiser relationships do not affect card evaluations. Advertising partners do not edit or endorse our editorial content. Content is accurate to the best of our knowledge when it's published. Learn more in our Editorial Guidelines.
The responses below are not provided or commissioned by bank advertisers. Responses have not been reviewed, approved or otherwise endorsed by bank advertisers. It is not the bank advertisers' responsibility to ensure all posts and/or questions are answered.