Credit card phishing has quickly become a member of the growing list of email frauds. Credit card phishing scams are clever because of the way they use social engineering to lure unsuspecting people to give up their credit card information.

What is an Email Phishing Scam?

A scammer initiates a phishing attempt by impersonating a trusted company or person in the hopes of luring their victims to share sensitive information, such as personally identifying information (PII) or a credit card number. There are some obviously cheap attempts to get information, but these days the person(s) behind the scam can be rather clever.

According to the Government of Canada, across the globe, approximately 156 million phishing scams are emailed daily and 16 million make it through spam filters. It is estimated 8 million of these that make it through filters are opened and 800,000 people click on the links.  Of those, 80,000 fall for the scam. 2 While a small percentage overall when compared with the massive amount of spam sent, it's still a huge payoff for the scammers.

In most phishing attempts today the sender of the email has gone through great pains to appear legitimate. Many of these scams are so well-forged it might be difficult to differentiate between a fake and a genuine email.

Credit: Lee Davy via Flickr/CC by 2.0

How Do Email Phishing Scams Work?

The most common credit card phishing scams occur when a swindler creates a carefully crafted email to convince the targeted victim to share his or her credit card number. These emails are usually worded in an urgent tone which states the victim’s credit is compromised or that his or her credit card information is wrong in their records and it needs to be rectified immediately.

Occasionally, victims might be requested to email the credit card information back to the agency, but most people today immediately recognize that this is a scam. In response to the growing savvy of Internet users, the scammers have come up with a better way to appear legitimate. They now include a hyperlink in an email which brings email recipients to the "company's" website.

In reality this is a spoofed website, but it is so cleverly developed it looks like the real deal. If you were to pull up the genuine website, chances are it would look much like the faked site. At this illegitimate website you are asked to enter your information and hit send. At this point your credit card information has been transmitted to the scammer.

While email is the most prevalent form of phishing, the telephone is another avenue the scammer may use to get your credit card information. If you receive any kind of recorded message or even a live person asking you for sensitive information, hang up and call the company by using the customer service number given on the back of your credit card.

How to Avoid Becoming a Victim of Phishing

Most people at one time or another will become a target of credit card phishing, but you can significantly decrease or eliminate the odds of falling victim if you recognize the signs and learn the ways to avoid being snagged by the phisherman's hook.

Credit: Gaertringen/Pixabay CC0 Public Domain

Do Not Share Sensitive Information

If you are given a request by email or telephone which asks for your credit card number, be cautious and don't share it. Scammers are often pretty convincing and, these days, with the ability to spoof both email addresses and phone numbers, the thieves could make themselves appear to be legitimate.

Genuine businesses will never ask for credit card information in this way, but will instead offer other choices to give them the information they need. Always go to the official website for a phone number or use the number of the back of your card and call your bank. Better to be safe than sorry.

Hyperlinks and Email Attachments

If you receive a request for any sensitive information in an email, never click the link embedded in the text. Even if the email looks exactly as your creditor's site and uses all the right contact information. Instead, open your browser and navigate to the website yourself by typing in the URL address directly. Bookmark your bank's website so you always have it handy.  Again, you can always call the bank and ask if they need information from you.

Additionally, even though most people know not to click on attachments, scammers will sometimes send attachments and ask you to download it. Chances are it will contain viruses or trojans to infest your computer system. Never download any attachments you aren't expecting or have requested.

Ignore Requests for Passwords

Scammers will occasionally try and lure you to share your password to your bank's website or a PIN. Never give this information out, no legitimate business will ever ask for this kind of information under any circumstances.

Learn How to Recognize Scam Emails

Scammers are savvy enough to clone who it is they are impersonating, but there are ways you can recognize the scam. If an email from a company you have in your address book ends up in your spam folder, there is a strong possibility it is a fake. Another way to tell is to look at the structure of the email to see if there are spelling, grammar or typo errors made. If you see any, this means there is a good chance it is a phishing attempt.

Emails containing a tone of urgency are designed to invoke panic and is a classic technique used by social engineers. Their intent is to incite fear in the victim and get a response before he or she has the chance to think actions through.

Call us!
Credit: InspiredImages/Pixabay CC0 Public Domain

If you receive an urgent-sounding message, contact your bank directly to verify if they tried to contact you (chances are they didn't) and report the scam so others don't fall victim. Get the phone number from your bank's official website.

Don’t Bank in Public Spaces

There are many ways scammers phish without coming to you, instead they try and lure you to give up the information voluntarily. For instance, many shops, hotels and other organizations offer free Wi-Fi to the public, but these are not the networks to use to do any sort of banking.1 Most of them are not secured and hackers can easily get into open wireless networks. Some thieves even set up rogue wireless networks to mimic public Wi-Fi spaces with the intent to pilfer data as it travels though.  

Phishing for credit card information has become a serious problem for both consumers and businesses. Since the banks who issue cards have become a primary target for phishing, these businesses take the issue seriously because it is becoming costly problem.

If you suspect a phishing attempt has been targeted at you, it is best to immediately report the email or phone call you received to your bank and let them know what happened. This way you can better protect yourself,  make strives to put an end to the scam and the bank can warn their customers of scams impersonating them.

Wallet in pocket with credit cards showing
Credit: stevepb/Pixabay CC0 Public Domain

Be careful of the phisherman, don't leave your wallet out for the taking