Five Credit Card Scams You Need to Know About
When you have a credit card, you’re unfortunately attractive to thieves and other scammers. New schemes are surfacing all the time, and the ones that work best (meaning, the ones that bilk the most victims out of their hard-earned money) are the ones that keep making the rounds.
Luckily, you can keep yourself and your finances safe if you know what to look for. Here are five of the most popular scams that you need to be aware of, and how to avoid falling victim to them.
Pretty much all the scams on this list are phishing scams to some degree, but it’s worth looking at what they are before examining how they’ve evolved into more specialized schemes. The classic phishing scam involves the illusion of a legitimate request in order to steal your personal information, like login details or private data.
The thief usually poses as someone from a real company, like your bank or credit card company. They use a fake email address or caller ID spoofing to appear legit, and try to fool you into thinking it’s safe to share your personal details. This includes your account number, password, security features (for example, your mother’s maiden name), social security number, date of birth, and other data that can be used to access your account or even steal your identity.
How to Spot It
Phishing happens through an email or phone call. It might say that your account has been compromised and needs to be reset, or that charges were made to your card that you know weren’t you. The scammer will ask for your personal details under the guise of verifying you’re you, ironically presented as being for your own safety.
Some phishing scams even present a fake discount, prize, or other offer that requires you to log in to your online account to claim—but the online website will only look like the legitimate one, and instead be designed to steal your login info.
The phishing attempt will often include assertions that the company has been unable to reach you until now, or that this is the last time they will try contacting you. It’s designed to create a sense of urgency, causing you to drop your defenses out of panic.
How to Avoid It
The easiest way to avoid being phished is to never (like ever) give your personal details in a phone call or email that you didn’t initiate. If someone calls and claims to be from your bank or credit card, asking for personal details like all your credit card digits, PIN, passwords or full social, tell them you will call back. And then only dial the official number on the back of your credit or debit card, even if they specifically give you a different number.
Never give anyone the three digits on the back of your credit card unless you called them directly to make a purchase, or you’re trying to buy something online and you went to the website yourself.
For emails, hover over the sender and see whether it’s actually from the spoofed company. Hover over links without clicking them, and see where it’s actually directing you to go. If it’s not the website that you know to be real, don’t click it. Open another tab—preferably in incognito mode—and go to the real website where you can safely log in and review account activity.
A trusted legitimate financial institution will never ask for your important personal details through email, and while they may ask for it over the phone, they will absolutely not mind if you want to call them back directly.
SMS + Phishing = Smishing. In other words, when phishing happens through text messaging, a.k.a. short message services (SMS), it’s referred to as smishing.
Cybercriminals have figured out that people often trust text messages more than emails, so they have pivoted their efforts towards this newer medium instead. The text message will often masquerade as an alert from your bank or credit card account, and most people accept these as legit because they expect fraud alert notifications.
The message will either include a malicious link infected with a virus or spyware, or it will lead you to a fake site that requires you to provide your personal information and log in to what you believe is your own account. It’s not … it’s a device to steal your credentials or private details.
How to Spot It
A financial smishing message might have similar verbiage to the real notifications you would expect from your bank or creditor, or even a retail customer service department. Look for messages that say things like “We’ve detected an issue with your account” or “Credit Card Fraud Alert,” followed by instructions to click a link and log in to your account to verify a purchase or contact information.
Other smishing scams congratulate you for winning a prize in a fake contest. Still others appear to come from a government entity or healthcare service and tell you that new information is available for you to review. These became increasingly popular during the pandemic, and might even urge you to do contact tracing because of a fake encounter with someone who has COVID-19.
How to Avoid It
If you receive a text message that doesn’t come from the same number you normally get notifications from, don’t click anything. Even if you do see that it’s in a thread with other legit messages you’ve received before, it’s safer not to click the text message link, but to log in through your mobile app instead.
Again, a trusted financial institution will not ask for your personal information through text messages. And while you might get a link to their website at the bottom of a message, most notifications from banks don’t include any links at all.
Romance scams are sometimes called catfishing, after the 2010 documentary Catfish. But since in this case the catfish is also phishing, it’s specifically known as catphishing. The name might be cute, but the scheme definitely isn’t.
Typical romance scams are bad enough without the financial aspect, because they involve playing with your heart. A catfish will pretend to be someone they’re not—someone attractive and often of a different gender—to lure in the victim over time. They use fake social media profiles with stolen photos and will message you to try establishing a relationship. Or they will go straight to the dating sites, knowing that people they interact with there are actively looking for love.
After establishing a rapport, and even making you think you’re in a committed relationship with the fake person, the catfish will often pretend to need money. It might be for a personal reason, a health issue, or even because they say they want to travel to see you. They will then ask for your bank account or credit card details and spend your money on what they pretend to be rent, groceries, utility bills, healthcare expenses, etc.
They might even offer to send you money—often stolen from another victim—before asking you to send back some money or to purchase gift cards for them. With the details from the back of the gift cards, they can spend them quickly and without a trace.
How to Spot It
Catfish social accounts are often brand new, with very few friends or posting history. Their photos sometimes look fake, or at least too good to be true. You can search Google Images for similar photos, either by uploading the picture or by pasting the URL. You’ll know almost immediately whether this person’s profile image has been used before, and if it was by someone with the same name.
Also check what the person posts on social media. Are there videos that match the photos? Is there real interaction between people who look like they’re actually friends, with accounts that look legit? Are real people tagged in the same photos or videos as this person—people who are making comments or reacting to those photos? Catfish often won’t have photos or videos of them with friends, and if they do, the friends won’t be commenting on how much fun they had when it was taken.
How to Avoid It
If you think you’re in a long-distance relationship with someone you met online, don’t rely on social media messages, text messages, or even phone calls in your communication. If you try to get the person on the phone and they balk, it could be because the voice doesn’t match the images. But to really make sure you’re talking to the person you think you are, push for video calls. It’s extremely difficult to pose as somebody else through video.
Even more importantly, don’t give someone you’ve never met in person access to sensitive info, including credit card data and account credentials. It doesn’t matter what the sob story is … protect your financials at all costs.
Another type of scam that manipulates your emotions—in this case, by using fear—is the threatening scam. These are among the original spoof scams, and involve threats to have you pay off fines, taxes or other debts stat … unless you want to face some dire consequences.
Threatening scams often happen over the phone, and the caller usually claims to be from the local police or a federal agency like the IRS, FBI or SSA. The scammer tells the victim they’ll be arrested or fined if they don’t pay off the outstanding debt on the spot.
Newer variations of this involve blackmail, and these might come through as an email. The cybercriminal will tell you they have hacked into your bank account and will drain all your money if you don’t pay a ransom. Or that they have secret video footage of you doing something you wouldn’t want publicized, and they will send it to all your contacts if you don’t pay.
There are also charity scams in a similar vein, which prey on your goodhearted nature rather than using blatant fear tactics. These calls pretend to be from a well-known charity and ask you to donate over the phone. It’s not exactly a threat, but they may guilt you or strongarm you into paying a fake donation with your credit card.
How to Spot It
The threatening scam is easy to spot if you slow down and breathe long enough to realize that law enforcement and government officials will never call and demand immediate payment. They’ll send a letter or, in the case of police officers, just show up at your door (and you’ll likely know the cops at your door are real by their uniforms, badges and official police cars).
Charities will cold call you for a donation … but if you tell them you want to call them back directly or donate on their website, they won’t have an issue with it. They might even send you an email outlining your various donation options, allowing you to research the charity further or verify the true source.
Blackmail scams make no pretense of being from someone who’s not a criminal. They are very upfront about the fact that they’re extorting hush money.
How to Avoid It
When you get a call or email demanding money now, take a breath and don’t panic. It’s not the IRS demanding back taxes this second, and it’s not the FBI about to arrest you for not paying a fine. It’s just not.
Even if the phone call appears to be from a legitimate organization, it’s possible to spoof numbers and make them appear to come from a different phone. There’s no way for you to check this, but if it’s an email, remember that you can hover over the address or any links to see what they really are.
Regardless of the angle, always ask if you can call back, and then directly phone the number that you know to be real for that company or organization. Never give your credit card information to an incoming caller if you’re not 100% sure about their identity. And if someone is blackmailing you, understand that everything they say is likely a lie, and just happily send the email to spam.
Despite the name, this scam doesn’t actually involve overcharging you—it’s about making you think you’ve been overcharged so you give up your details for the reimbursement. It’s designed to sound helpful so you’ll lower your guard and cooperate with this fact-finding mission.
A similar scheme is the interest rate scam, which congratulates you for being eligible to lower your interest rate on a credit card or loan. Like the overcharging scam, you’re asked for your personal information and credit card details in an attempt to take your money, or even steal your identity.
How to Spot It
The scam call or email will typically tell you that you’ve been overcharged on a “recent purchase” without giving the specifics. Or that you qualify for a “lower interest rate” without telling you the details on what. Instead, the schemer will ask you a bunch of questions as he or she digs for your personal data.
You know it’s a scam because a real representative from your credit card company or bank would know the details of the alleged “recent purchase,” and a real debt consolidation company wouldn’t cold call you asking for sensitive data.
How to Avoid It
If you’re told you were overcharged for a purchase, ask for all the details without giving up any of your own. If in doubt, hang up. You can go to your account and log in yourself to verify what has been charged or not.
If you’re told you can get a lower interest rate or lower payments, ask all the questions you want. But don’t give your personal information to a cold caller. You can check your rate options directly with your credit card company or lender.
Putting yourself on the National Do Not Call Registry will help you ferret out scammers even faster, because legitimate companies have to adhere to the list. So at that point, any solicitation that makes it through has to be a criminal.
Thieves and scammers will always try to hook you any way they can, just like the scorpion will always sting the frog. But now that you know what to look for and how to avoid getting stung, the criminals can go prey on some other frog.
While having a credit card makes you attractive to scammers, it doesn’t mean you have to be a victim. Knowledge is power, and so is knowing your credit card company has your back. For example, Credit One Bank offers protection against unauthorized charges with Zero Fraud Liability. See if you pre-qualify, which doesn’t affect your credit score.