For over 4 years now, I’ve operated a popular message board about credit cards.
But during that entire time, I’ve never seen more complaints posted about credit card phishing scams than I have during the past year. Criminals are getting more crafty (and more bold) in how they attempt to steal your credit card information. What follows are five of the most common scams I hear about and how you can protect yourself against them.
1. Fake emails from PayPal
Emails pretending to be from PayPal continue to be one of the most popular phishing scams on the net. The message will typically be addressed to “Dear Customer” (not your personal name) and say something along the lines of “We need your help resolving an issue with your account!” Following that will be a link, which will take you to a fake website made to look like PayPal.
Once there, you will be asked to verify your personal information, including your credit card number, expiration date, and security code (CCV). Of course in actuality, all you are doing is handing over the information to a crook.
2. Malware installed on your computer
A common fallacy is that if you don’t download anything, you don’t have to worry about getting malware. Unfortunately, the truth is not that simple.
Software exploits can sometimes make it possible for the bad guys to install malware on your computer – without your knowledge – simply from visiting an infected website. And because new software exploits are popping up all the time, this means essentially no one is immune to the risk. Using SPYWAREfighter will prevent software exploits and websites from infecting you.
If your computer does become infected, one of the most common types of malware is designed to steal your credit card information. When making a purchase on a website, it will record your payment information and send it back to the scammer (without your knowledge, of course).
3. Fake text messages from your bank
What the scammer will typically do is send out text messages in bulk, which say something like “This is a security alert from Bank of America. Please visit (insert fake URL here) and confirm your identity to see the message”
As you can guess, they are sending you to a dummy website to collect your information. Although less common, some of the bolder criminals will instead request you to call a phone number (theirs).
Just like the PayPal scam, this is all a numbers game. They know that a given percentage of the population in an area is going to use a given bank. So by pretending to be affiliated with popular financial institutions, they know that at least some of the recipients will indeed be customers (and therefore, the message will seem more believable).
4. Fake emails from a major bank
PayPal is probably the most common target (because almost everyone has an account) but that’s not to say you won’t get fake emails from other financial institutions. Where I live (in the US) I frequently hear about phishing emails from popular banks like Chase, American Express, Citi, and Bank of America.
For example, here is a list of recent phishing incidents involving American Express. It seems like some of the most common ones claim an account update has been made. I have an American Express card myself and after looking over that list, I admit many of those emails do sound like something AmEx would send out. However if you know what to look for, you will know they are fraudulent (for starters, they use different URLs).
5. Infected computers redirecting you to imposter sites
It is also possible to get infected with malware which takes you to an imposter website, when you type in the real website’s URL. For example, you might type in americanexpress.com and instead of going to the official site, the malware will cause you to go to phony website which is designed to harvest your information.
How do you protect yourself Credit Card Phishing?
As scary as these scams are, fortunately there are some relatively easy strategies to help safeguard yourself from becoming a victim:
- Use good security software: First and foremost, you need to equip your computer with the best spam filter, anti-virus program, and spyware remover.
- Only communicate with your card issuer thru verified means: If you receive an email or text claiming to be from your bank, don’t click on the link or call the number listed in the message. Instead, you should only contact your credit card company through confirmed means such as the phone number printed on the back of your card and by typing in their URL directly into your browser (and make sure it loads with https://).
- Educate yourself about phishing: Like they say, knowledge is power. The more you educate yourself about how these scams work, the better prepared you will be to spot them.
Guest post By Michael, CEO of Credit Card Forum updated for July 2015.