Spiky piggy bank

How To Protect Yourself From Credit Card Fraud: Scams, Skimmers, and Phishing

The Federal Trade Commission reported that people lost more than $5.8 billion to fraud in 2021,[1] an increase of more than 70% over the previous year. And the problem shows no signs of getting better.

While there may never be a shortage of scammers and fraudsters vigilantly working to steal your personal information, there are ways to be diligent about protecting yourself from potential threats.

Keep reading to learn how to prevent credit card fraud and the resulting unauthorized charges, which, if not caught and removed, can have long-lasting negative effects on your credit scores (and your wallet).

Credit Card Scams To Watch Out For

The first step in protecting yourself from scams is to know which ones to look out for. Recognizing the signs of different scams can help you be more proactive in defending yourself.

Credit card skimming

Let’s say you make your weekly stop for gas at the same station you always use. When you insert your card into the terminal, it doesn’t slide in as smoothly as usual, but you don’t think much of it. 

Later that week, you receive a text alert from your credit card issuer claiming that suspicious activity occurred on your account. But how could this have happened?

Credit and debit card skimming devices fit over real card readers and are designed to look like authentic readers. When you swipe your card, the skimmer captures the information associated with the magnetic strip, such as your credit card number and PIN, and stores it for unauthorized use.

Some skimming-type devices replicate keypads, allowing fraudsters to capture PINs. And in some cases, thieves may set up tiny hidden cameras to spy on people as they enter their PINs.

The fraudster may return to the skimmer to remove it and download the stored information, which they can use to make fraudulent purchases or generate physical credit cards. Other systems allow the information in the skimmer to download remotely.

Skimmers often don’t interfere with the normal operation of the merchant’s reader. You may use your card successfully and go about your business, never knowing your information was nabbed in the process. The merchant may never know either.

Credit card shimming

Shimming is a relatively new scam. It evolved when EMV technology was created by Europay, Mastercard and Visa to help defend cardholders from theft. In the past, skimmers stole data during magnetic stripe transactions. Shimmers are used for chip-and-signature or chip-and-PIN transactions.

Shimmers are paper-thin devices with readers and storage. They are inserted into the slots in card terminals. When a credit card is dipped into the slot, the card’s information is stored in the shim. 

While the information stored in the shim can’t be used to create another chip card, scammers can create a version of the stolen card with a magnetic strip.

Always check to see if a terminal has been tampered with before inserting your card. Tampered terminals may have torn security labels or could feel tighter when you try to insert your card. If this is the case, cancel the transaction immediately and notify the merchant.

Shimmers remain relatively uncommon and, in most cases, chip transactions are quite secure.

Phone Scams

Phone scammers will mimic legit organizations, law enforcement, government agencies or even people you know to defraud you. And they can be very convincing.

Here’s an example: A person in Fontana, California, received a call from the “IRS” demanding a hefty payment to avoid arrest. The price for his freedom was $2,200 in Target gift cards.[2] 

After the people who orchestrated the scam were arrested, authorities learned they were part of a large ring of phone scammers wreaking havoc all over the country. During a search, authorities found $900,000 in gift cards and goods in their apartment.

Fraudsters will reach out with unsolicited calls to pressure you to send money or part with personal information. They may pitch elaborate giveaways like, “You’ve just won an all-inclusive vacation to Aruba!” All you have to do is send over a security deposit to secure your bungalow. — Or they may impersonate an agency like the IRS and prey on your fear of jail time.

In 2020, Americans received nearly 4 billion robocalls a month.[3] The prerecorded individual or automated voice messages are used by scammers as a cheap and easy way to target large numbers of people from any location.

Phone scams also go beyond calls. Text messages are officially suspect thanks to smishing — which is short for SMS phishing. (We’ll talk more about phishing soon.) 

Smishing is phishing with text messages. Never click on any attachments or follow any links you receive from unknown numbers. If you do, malware may download onto your device.


Phishing scams typically target a potential victim through email, pretending to be a reputable agency or company. Scammers leverage this perceived credibility to steal personal details like credit card information, driver’s license numbers or Social Security numbers or bait victims into clicking malicious links.

One common scam is when a scammer impersonates a friend.

Another popular scam reaches out to Instagram users as the social network, claiming their accounts will be suspended for violating copyright laws. It prompts users to fill out a Copyright Objection form, but it’s a scheme to obtain your login details.

How To Protect Yourself From Credit Card Skimmers and Shimmers

The best way to avoid being scammed is to be aware and remain vigilant. Here are some tips to help you protect yourself:

Always go to the source

When you’re buying gas, your safest bet is to go inside the gas station to pay for it. If you’re withdrawing cash, use a teller instead of an ATM. A card reader that sits in front of a cashier is harder to tamper with.

Feel for foul play

Before inserting or swiping your card, always check to see if the card reader is firmly attached. If it moves or your card doesn’t slide in properly, it may have been tampered with. Look for signs of small cameras near the keyboard that could be used to record your PIN.

Pay with a mobile wallet

Mobile wallets, like Apple Pay, Google Pay and Samsung Pay, provide another layer of security when opting for cashless payment. While the primary perk of digital wallets is their convenience, they use encryption technology to protect the information on your cards, so your card data is never involved in the transaction.

Use an app

If you’re an Android user, you may benefit from using the Skim Plus app, which is supposed to detect Bluetooth skimmers and plot any located skimmers using Google Maps. There’s at least one iPhone app you can use as well.

Bluetana (another Bluetooth skimmer locator) is used by law enforcement and is currently unavailable to the public. 

How To Protect Yourself From Phone Scams

Most people recognize the name Frank Abagnale because Leonardo DiCaprio’s made him famous as the forging and check-cashing protagonist of Steven Spielberg’s “Catch Me If You Can.” The former con artist now serves as a professional security consultant for the FBI. He trains agents to fight back against scams and offers advice to consumers as well. 

Identifying a potential phone scam

Does a stranger wanting to hand over a small fortune they won in a lottery sound too good to be true? It probably is. Abagnale highlights a few common signals that you are talking to a scammer:

  • Request for action: The caller instructs you to write something down or demands basic information. Abagnale says scammers will do this to take control and put you in a vulnerable position.
  • Demanding additional fees: The caller may request a prerequisite before you can receive your exotic getaway to Mumbai or New Zealand lotto winnings, like a handling fee. Prize offers never require a payment to claim.
  • Urgent tone: The scammer may sound frantic and speak quickly, demanding that you make an immediate decision.
  • Request for payment: If the phone conversation involves a request for any type of payment, especially an untraceable source such as a gift card or wire transfer to an unverified account, it’s probably a scam.

Phone scams may look like this:

  • “Charities” asking for donations
  • Foreign lotteries identifying you as a winner
  • Sweepstakes and prizes (like a free Marriott vacation)
  • Calls from your bank, credit card company or utility company
  • Tech support calls for computer issues
  • Calls from an attorney that you or a relative is in legal trouble
  • Threatening calls that claim to be from the IRS or FBI
  • Any urgent request that requires immediate feedback

Do your research

Always research any information the caller provides. Skilled scammers can make phone calls seem legitimate by masquerading as banks or government agencies – and sometimes they’re quite good at it.

Fact check company names the caller claims to be associated with. Hang up and call the company, bank or agency to confirm the call’s legitimacy. 

How To Protect Yourself From Phishing

Phishing has evolved in its approach and depth of deception and currently exists beyond the typical email scam. Examples may include:

Deceptive phishing

If you receive an email from what looks like a legitimate company threatening to deactivate your account or claiming suspicious activity that requires you to sign in to your account, you may be dealing with a common type of phishing. 

Scammers usually use an urgent tone to intimidate recipients into handing over personal information.

Legitimate companies will typically never request personal information over email. Look for misspellings in the company’s name and the URL. Look for the appearance of an unknown URL when hovering over a provided link. Does the message include your name? Real companies typically customize messages with customer names – though a motivated scammer can do this, too.

Newer phishing methods are targeting cloud services. such as Dropbox or Google Docs. Scammers will convince users to open a shared doc or Dropbox file that may download malware.

CEO fraud

A fraudster can target employees of a specific corporation through a business email compromise (BEC) scam. The attacker poses as the CEO and reaches out to employees through work emails. You may be able to figure out something’s wrong if the email has several grammatical errors or requests unusual information.

In 2020, the government of Puerto Rico was the victim of a BEC scam. A government official received an email from what appeared to be a representative of the government’s pension fund. The email explained that the pension’s bank account information had changed. Following the email’s instructions, the government official transferred $2.6 million to the fraudulent account.[4]


Rather than reach out by email, attackers hack the domain naming system (DNS) of a legitimate website and redirect traffic to a malicious website. 

This is known as DNS poisoning. The same goal can be achieved by hacking someone’s computer, diverting them to fraudulent sites even when they are typing in the correct URLs.

In most cases, your internet service provider must take care of DNS poisoning, but you can make efforts to protect yourself by always using a legitimate ISP that regularly updates its security software. Staying diligent with the latest antivirus software and security updates can strengthen your defenses.

More Tips To Stay Protected

Being educated on the common tactics fraudsters use to steal your personal information is just the first step. It’s also important to practice other forms of defense to stay better protected from debit and credit card theft.

Choose credit over debit

Use credit cards over debit cards whenever you can. If the card info is stolen, the fraudster is playing with the bank’s money – not yours. And credit cards typically have zero liability policies in place. You won’t be liable for fraudulent charges. (Debit cards also have liability policies, but they’re typically not as strong.)

Reach out to an alternative contact

If you receive a suspicious email or phone call from someone claiming to be from a legitimate company, close the email or hang up and locate an official contact email or phone number to reach. Customer support can verify if the initial message was legit.

Monitor your payment card accounts

Whether you use a credit card or debit card, keep an eye on your card statements to check for any fraudulent purchases. The Fair Credit Billing Act limits liability for fraudulent credit card purchases up to $50.[5] In many cases, as long as you report the fraud quickly, you won’t be on the hook. But, as previously mentioned, credit cards typically have better protections than debit cards, and the fraud resolution process may be faster and less convoluted.

Sign up for alerts

Set up alerts with your issuer to catch fraudulent spending. Be on the lookout for suspicious activity and report it as soon as you find it. Be quick about contacting your card issuer and canceling the card before more damage is done. Look into the security features your issuer offers. Some card issuers provide apps that alert you of real-time card activity.

If you suspect your identity may be compromised, contact the credit bureaus (Equifax®, Experian™ and TransUnion®) and place fraud alerts on your credit reports.

Never sign in to accounts on unsecured Wi-Fi

If public Wi-Fi is your only option, avoid logging into websites that manage your personal information, such as banking and shopping sites. Turn off the automatic connectivity feature on your device to prevent accidentally connecting to a dangerous network. If you need to log in with public Wi-Fi, consider using a virtual private network.

Shred any mail that contains personal info

Always properly dispose of any mail you receive that includes personal account numbers, Social Security numbers or addresses. Shredding is the most effective way to ensure that fraudsters can’t take advantage of your mail.

Stay Informed

Despite your best efforts, credit card fraud can happen at any time and in many different ways, so it’s good to be informed. If you become a victim of credit card fraud, immediately dispute any unauthorized charges. Alerts on your credit accounts and credit reports will notify you of suspicious activity, but they won’t take action for you. Familiarize yourself with all the tools available to you to fight back against fraud and identity theft.

The Short Version

  • Credit card fraud can occur in a variety of ways, and the consequences of becoming a victim can have long-lasting effects
  • Be diligent about protecting yourself from credit card scams
  • Phishing scams typically target a potential victim through email, pretending to be a reputable agency or company
Back to top of page

  1. Federal Trade Commission. “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021.” Retrieved July 2022 from https://www.ftc.gov/news-events/news/press-releases/2022/02/new-data-shows-ftc-received-28-million-fraud-reports-consumers-2021-0

  2. WABC-TV. “Women accused of purchasing $900K worth of goods with stolen gift cards, police say.” Retrieved July 2022 from https://abc7ny.com/target-gift-cards-stolen-fontana-fraud-women-in-steal/5559917/

  3. Federal Communications Commission. “The FCC’s Push to Combat Robocalls & Spoofing.” Retrieved July 2022 from https://www.fcc.gov/spoofed-robocalls

  4. Associated Press. “3 employees suspended in $4M Puerto Rico online scam.” Retrieved July 2022 from https://apnews.com/article/hacking-puerto-rico-us-news-caribbean-latin-america-4425716dd1db3e82ad9e5c6ab595c852

  5. Federal Trade Commission. “Fair Credit Billing Act.” Retrieved July 2022 from https://www.ftc.gov/legal-library/browse/statutes/fair-credit-billing-act

You Should Also Check Out…

Our team of financial experts write, review and verify content for accuracy and clarity.