Credit Card Thieves Just Don’t Quit  

Credit Card Thieves Just Don’t Quit  

Credit cards are more secure than ever, yet somehow we are still getting scammed! Here’s how to protect yourself. 

Shoppers of a certain era will recall the anxiety of the dreaded carbon copy. Every credit card purchase finished with a ka-chunk-ka-chunk as the clerk mechanically imprinted your card over a three-part form. One of the copies — with your name, card number, and everything needed for a fun day at the mall — stayed with the retailer. Maybe they kept their receipts locked up. Maybe they tossed them in an open box by the water cooler. Who knows? 

The analog era of card swiping is nearing extinction. We’re even entering the final days of “Um, do I swipe it or use the chip?” as chip-enabled cards become the standard. And yet with each step forward in secure technology, the bad guys always find ways around it to your money. It seems as though you can still lose your credit card number as easy as if there was a hole in your jeans!

Some scams are diabolically cutting-edge, others tried and true. Every year, they’ll dupe a depressingly large number of people. So, let’s try to disappoint as many scammers as possible. This list shouldn’t be treated as comprehensive — that would fill volumes. Large-scale data breaches and staying secure online are topics for another post. The focus here is on credit card theft and the common points of vulnerability — to empower you to spot the next scam that comes your way.

Point-of-sale hacks: They record your every move.

Card Shimmers 

First, Shimmers should not be confused with card Skimmers (see below). Shimming is a next-level racket to steal your info at ATMs and card readers that’s even more devious. A shimmer device is little more than a thin sheet of circuitry slipped inside the card reader, leaving it hidden from view. The shimmer reads the info from the chip on your card, then relays it using a Bluetooth connection, all while you make an otherwise normal transaction. Currently, a thief can’t replicate your chip, but they can transfer your info to the magnetic strip of a blank card and do plenty of damage. 

Card Skimmers 

A hacker installs a phony, but real-looking, card reader (the skimmer) on the front of the ATM or gas pump. As you make your transaction, the skimmer records the info on the magnetic strip of your card. Skimmers typically work with an illicit camera or keypad that records your pin number. Gas stations are notorious hot-spots for skimmers since pumps are left unattended, and because they’re the last to upgrade to modern, chip-enabled card readers. 

How to protect yourself

Examine the card reader.

For card skimmers, eyeball the card reader for signs of tampering or fakery. Do the colors seem a bit off or are markings misaligned? Wiggle it a little, is it loose? Bear in mind, card skimmers can be sneakily convincing, so don’t assume they will stand out. Spotting a card shimmer, unfortunately, is nearly impossible since they hide inside the card reader.

Protect your pin.

Scammers are after your pin number too and will try to record you with a camera that’s near the ATM or made to look like part of the ATM itself. (This is one reason it’s recommended to cover the keypad when entering your pin.) Or, they’ll record your pin number with an overlay keypad. This is a phony keypad installed on top of the real one to record your keystrokes. So, it’s a good idea to inspect the keypad for signs of tampering as well.

Be choosy where you use your card.

Just by our common sense, we trust an ATM at a well-lit bank more than the no-name ATM in an alley — one is easier to tamper with than the other. Apply that instinct everywhere you use your card. At a gas station, the safest choice is a pump nearest to the cashier, or better yet pay in advance inside. Just know, however, even check-out aisles and bank ATMs have been compromised. A quick-handed thief can install their hacking tools in mere seconds, so there’s no harm in giving every reader a quick exam.

Use tap-to-pay applications

If there’s an option for tap-to-pay, you’ve avoided swiping or inserting a card altogether. Millions of Americans used apps like Apple Pay, Google Pay, Venmo, or Zelle last year. Many of these apps have also partnered with banks, which means they have been examined thoroughly from a security and scamming standpoint.  Not a sure thing, but certainly an additional level of security against scammers.

Sneaking on to your phone scams: Eavesdropping while you surf. 

Phony Wi-Fi networks 

Leave it to scammers to spoil a good thing. That free Wi-Fi you rely on while traveling may be an open invitation to hackers. One way they enter: a “man in the middle” attack, where they use their own hardware to eavesdrop while you browse. Or, they’ll take advantage of a network improperly set up and exploit that weakness to access your device. Or … they’ll go so far as to fake their own network. They’ll even give it a convincing name like “Free Cafe Wi-Fi” and wait for unsuspecting users to login. Once they have access, they can capture any information you enter or install a virus or malware.

Compromised charging stations.

Yup, hackers are ruining free-charging too. Known as “juice jacking,” this newest threat comes from using a compromised public charging port at airports, cafes and elsewhere. It looks like just another wall outlet, except a hacker has swapped the charging port with one capable of reading your phone when you plug in. And just like that, you’ve let them access your data, install malware, and even lock you out of your own phone. Even an innocent-looking charge cable can be capable of putting malicious software on your phone — so if you see one hanging around the airport, treat it with caution.   

How to protect yourself

Hold off on shopping and banking. When using public Wi-Fi, avoid making financial transactions or accessing banking and finance apps. It’s safer to wait until you’re on a connection you trust.  

Verify the network. If you’re at a hotel, cafe, or a place that offers free Wi-Fi, find out the name of the network from a trusted source before logging in. Also, if a Wi-Fi network lets you join without entering a password? That’s a red flag to avoid it.

Use a spare battery. A quality external battery for your phone is cheap and lets you charge on-the-go and avoid “juice jacking.” 

Expose them with an app. Hackers often use common Bluetooth devices to transmit stolen data — which also exposes them. There are smartphone apps that can help detect fraudulent Wi-Fi hotspots, though they come with a steep learning curve. But how many ways can you bust scammers in the act?

Over the phone and email scams: The classic ways to get fleeced.  

You’re a winner! 

Maybe it’s money, tickets, even a crazy-generous coupon from a favorite store. The hook is: You’ve won a prize! And it’s all yours … as soon as you pay a small processing fee. Once you pay it, you’ve already lost. Even worse, they’ll likely be another and another fee until you’re broke or figure out, yes, you’ve been scammed. Do not let the thought of fabulous winnings blind you to the possibility that it is a hoax. Large and well-managed criminal enterprises exist to rip people off, and they’ll go to tireless lengths to pass themselves off as an organization that could be familiar to you.   

You’re in trouble

This scam kicks off with someone acting in an official capacity informing you that you’ve got a problem. A big problem. Maybe you owe the IRS, or you’ve got an unpaid utility bill. There’s even one where a law enforcement official claims a relative of yours is in trouble. The scams are multiple, but what they share is the pretense of authority, somebody who possesses the power to cause real hardship, really quickly. But lo and behold, they’ll take a credit card (or other form of payment) so you can clear it up quickly. They scare you, then they scam you.

Won’t you please help? 

The most insidious of any racket here. Fake charities take advantage of our goodwill to rip us off. These are especially popular around the holidays and following a disaster. These can come via phone and email, so always be vigilant not click on links unfamiliar to you.   

Fraudulent fraud alerts 

This one can trip people up since they’re not after your actual credit number, but the damage is the same. A rep supposedly from your credit card company contacts you about fraudulent activity. To verify who you are, they’ll ask for your zip code or three-digit CVV code. The thing is, the scammers already obtained your credit card number by other means, they just needed a last piece of info to spend to their thieving heart’s desires. 

Fake offers from your credit card company.

Your credit card company is calling you to offer a “great new rate!” Isn’t that nice of them? These scams can feel extra convincing, depending on how slick the fraudster’s pitch is. They’ll ask you to first take care of a “processing fee” or similar-sounding fee to get you signed up. All they’re really offering you is a hoax.   

How to protect yourself

Over the phone scams are famously low-tech, but so is the solution; do not give your credit card information when someone randomly calls up asking for it, no matter what the pretense, no matter what they claim or promise. There’s even the “front desk scam” for when you’re on vacation. You get a call on your hotel room phone asking to “correct” some missing credit card information. Except the person calling has nothing to do with the hotel. 

The IRS does not call us to pay our taxes. You didn’t win the lottery in another country since, we’re sorry to report, playing a foreign lottery violates federal law. And credit card companies do not need your detailed info before discussing fraudulent activity. There could be any reason it’s a scam, so protect yourself against all of them by guarding your info — your card number, CVV number, zip code, expiration date, any of your personal info. (There are also scams that target identity theft, such as the delinquent jury summons scam.) 

Do your level-headed best to verify independently whatever claim is being made to you. Visit their official website and do your own fact-checking. Or, call the bank, charity, DMV or whomever on a confirmed phone number. And if it still seems legit? Apply a second dose of skepticism and confirm it again.

Final advice: Check your bank or credit card statement, even for small stuff.  

It may be a drag, but we have to do it anyway: Check your monthly statement for suspicious activity. Here’s the thing though; just because there’s no eye-popping charges, you can still get defrauded in nickel-and-dime fashion. Savvy thieves will make multiple small-time purchases knowing they might slip by under your radar. Be sure to scrutinize your bill and don’t let them shop on your dime.

Be careful out there.  The bad guys are always nipping at our heels.