Spiky piggy bank

How To Protect Yourself From Credit Card Fraud: Scams, Skimmers, and Phishing


What You Need To Know

  • Credit card fraud can occur in a variety of ways, and the consequences of becoming a victim can have long-lasting effects
  • Be diligent about protecting yourself from credit card scams
  • Phishing scams typically target a potential victim through email, pretending to be a reputable agency or company


Did you know that there are over 76 million credit cards for sale on the dark web? That number skyrocketed throughout 2019, and the problem is only getting worse.

While there may never be a shortage of scammers and fraudsters working vigilantly to steal your personal information, there are ways to be diligent about protecting yourself from potential threats.

Keep reading to learn how to prevent credit card fraud and the resulting unauthorized charges, which, if not caught and removed, can have long-lasting negative effects on your credit scores.

Credit Card Scams To Watch Out For

The first step in protecting yourself from scams is to know which ones to look out for. Recognizing the possible signs of the many different scams can help you be more proactive in defending yourself.

Credit card skimming

You make your weekly stop for gas at the same station you always do. When you go to insert your card into the terminal, it doesn’t slide as smoothly as usual but you don’t think much of it. 

Later that week, you receive a text alert from your issuer claiming that suspicious activity occurred on your credit card account. But how could this have happened?

Credit and debit card skimming devices fit over real card readers, and are strategically designed to look like the authentic readers. When you swipe your card, the skimmer captures the information associated with the magnetic strip, such as credit card numbers and PINs, and stores it.

There are similar devices that replicate keypads, allowing fraudsters to capture PINs by other means. And in some cases, thieves may set up tiny hidden cameras nearby to spy on people as they enter their PINs.

The fraudster may return to the skimmer to remove it and download the stored information, which he can then use to make a new card. Other systems allow the information to be downloaded remotely.

Skimmers don’t need to interfere with the normal operation of the reader; you may use your card successfully and go about your business, never knowing your information was nabbed in the process.

Credit card shimming

Shimming is a relatively new scam, which evolved from skimming when EMV technology was created to help defend cardholders from theft. Where skimmers are used to steal data during mag strip transactions, shimmers are used for chip transactions: either chip-and-signature or chip-and-PIN.

Shimmers are paper-thin devices with their own readers and storage, which are inserted into the slots in card terminals. When a card is dipped into the device, the information is stored in the shim. 

While the information stored in the shim can’t be used to replicate another chip card, scammers can create a version of the stolen card with a magnetic strip.

Similar to skimmers, always check to see if a terminal has been tampered with before inserting your card. Tampered terminals may have torn security labels or could seem tighter when you try to insert your card. If this is the case, cancel the transaction immediately. 

Shimmers are still relatively rare, thankfully, and chip transactions are still quite secure in most cases.

Phone scams

One man in Fontana, California, received a call from the IRS demanding a hefty payment in order to avoid arrest. The price? $2,200 in Target gift cards. 

After the people who orchestrated this phone scam (and successfully received their gift card payment) were arrested, it was found that they were part of a large phone scam ring wreaking havoc on the entire nation. $900,000 in gift cards and goods were found in their apartment.

Fraudsters will reach out with unsolicited calls to pressure you to send over money or personal information. They may pitch elaborate giveaways — You’ve just won an all-inclusive vacation to Cuba! 

All you have to do is send over a security deposit to secure your cabin! — or impersonate a federal organization like the IRS and prey on the natural fear of arrest.

Robocalls saw a 57% increase from 2017 to 2018, with over 47.8 billion robocalls sent out in the United States alone. These deliver pre-recorded messages from a living person or an automated voice, and are used by scammers as a cheap and easy way to target large numbers of people from any location.

Phone scams also go beyond calls. Text messages are suspect too, thanks to a method called “smishing” — short for “SMS phishing.” Smishing is basically phishing with text messages. Never click on any attachments or follow any links sent to you from unknown numbers. If you do, malware may be downloaded onto your device.


Phishing scams target a potential victim, typically through email, pretending to be a reputable agency or company.

Two recent phishing scams are targeting users of Facebook and Instagram. 

The first targets users of Facebook Messenger, through which the scammer will impersonate a friend of the user. Scammers will send malicious video links with a baity message like “Is this you?” or a call to action to open the video.

The second scam reaches out to Instagram users as Instagram itself, claiming accounts will be suspended for violating the social media network’s copyright laws. It prompts users to fill out a Copyright Objection Form, but it’s actually a scheme to obtain your login details.

Scammers leverage credibility by impersonating established companies, to steal personal details like credit card information, license numbers, or SSNs, or bait victims into clicking malicious links.

How To Protect Yourself From Credit Card Skimmers and Shimmers

Always go to the source

Your safest bet is to always go into the station itself to pay for gas or visit an actual teller when withdrawing cash rather than use an ATM. A card reader in front of a cashier is always harder for a scammer to target.

Feel for foul play

Before inserting or swiping your card, always check to see if the card reader is firmly attached. If there is movement, or if your card doesn’t slide in properly, it may have been tampered with. Look for signs of small cameras near the keyboard, which could be used to record your PIN.

Pay with a mobile wallet

Mobile wallets, like Apple Pay, Google Pay, and Samsung Pay, provide another layer of security when opting for cashless payment methods. While the primary perk of digital wallets is their convenience factor, they use encryption technology to protect the information on your cards, so your actual card data is never involved in the transaction.

Use an app

If you’re an Android user, you may benefit from the Skim Plus smartphone app, which is meant to detect Bluetooth skimmers and will plot any located skimmers using Google Maps. 

There’s at least one iPhone app as well, but it doesn’t have great reviews; users may expect more iOS-compatible skimmer apps in the future, if any enterprising developers take up the task.

Bluetana, another Bluetooth skimmer locator, is an app currently used by law enforcement. So far it’s been able to detect 64 skimmers within seconds across the several states it’s being used in, which weren’t found using existing scanning technology. Bluetana is not currently available to the public.

How To Protect Yourself From Phone Scams

Identifying a potential phone scam

While Frank Abagnale is most recognizable as the inspiration for Leonardo DiCaprio’s character interpretation in Steven Spielberg’s film “Catch Me If You Can,” the former con artist now serves as a professional security consultant for the FBI. He trains agents to fight back against scams and offers advice to consumers as well.

Does an unsolicited caller who wants to hand over a small fortune you won in a foreign lottery sound too good to be true? It probably is. Abagnale highlights a few common signs that you’re dealing with a scammer:

  • Request for action: The caller instructs you to write something down or demands basic information. Abagnale say scammers will do this to take control and put you in a vulnerable position.
  • Demanding additional fees: The caller may present a prerequisite to receiving your “exotic getaway to Mumbai” or “New Zealand lotto winnings,” like a handling fee. Prize offers will never require a payment to claim.
  • Urgent tone: The scammer may sound frantic and speak quickly, demanding that you make an immediate decision.
  • Request for payment: If the phone conversation involves an ask for any type of payment, especially an untraceable source such as a gift card or wire transfer to an unverified account, it’s probably a scam.

Phone scams may appear as:

  • Charities asking for donations
  • Foreign lotteries identifying you as a winner
  • Sweepstakes and prizes (like a free Marriott vacation)
  • Calls from your bank, credit card company, or utility company
  • Tech support calls wanting to help you with computer issues
  • Urgent requests that require immediate feedback
  • Threatening calls purporting to be from the IRS or FBI

Do your research

Always research any information the caller provides. Skilled scammers can make phone calls seem legitimate by masquerading as banks or government agencies, and sometimes they’re quite good at it.

Fact check company names the caller claims to be associated with. Hang up and call the company, bank, or other organization directly via an official number to confirm the call’s legitimacy. 

Contacting an official number will give you the opportunity to check whether or not the call you received was real.

How To Protect Yourself From Phishing

Phishing has evolved in both its approach to and depth of deception, and now exists beyond the standard email scam. Examples may include:

Deceptive phishing

If you receive an email from what appears to be a legitimate company, like Microsoft or your bank, threatening to deactivate your account or claiming suspicious activity requires you to sign in to your account, you may be dealing with a common type of phishing. 

An urgent tone is typically used to intimidate recipients into handing over personal information.

Legitimate companies will typically never request personal information over email. Look for misspellings in the company’s name, the URL, the appearance of an unknown URL when hovering over a provided link, or messages that don’t use your name — real companies will typically customize the message to use the customer’s name, although scammers can do this too.

Companies should focus on strengthening their IT and email security to help prevent this.

Newer phishing methods are targeting cloud services such as Dropbox or Google Docs. Scammers will lure users into opening up a shared doc or Dropbox file, which may automatically download malware.

CEO fraud

A fraudster can target employees of a specific corporation through a business email compromise: The attacker poses as the CEO and reaches out to employees through work emails. Signs that you’re dealing with a scammer may include frequent grammatical errors or unusual information being requested.

In one case Centrify was the target of CEO fraud, where scammers reached out to an employee from what appeared as the boss’ email. The scammer requested a six-figure wire transfer to an external account, which was almost fulfilled before it was noticed that the ‘f’ and the ‘i’ in Centrify were switched within the fake email.


Rather than reach out via email, attackers hack the domain naming system (DNS) of a legitimate website so that, when a user types in that URL, he or she is redirected to a malicious website. 

This is known as DNS poisoning. The same effect can also be achieved by hacking an individual computer, forcing the user to visit fraudulent sites even when typing in the correct URLs.

DNS poisoning needs to be mitigated by the internet service provider in most cases, but you can make efforts to protect yourself by always using a legitimate ISP that regularly updates its security software. Staying diligent with the latest anti-virus software and security updates can improve your own defenses.

More Tips To Stay Protected

Being educated on the common tactics fraudsters use to steal your personal information is only the first step. It’s also important to practice other forms of defense to help stay protected from debit and credit card theft.

  • Choose credit over debit: Use credit cards over debit cards whenever possible. If the card info is stolen, the fraudster is playing with the bank’s money rather than yours, and credit cards typically have zero liability policies in place so you won’t be held liable for fraudulent charges (debit cards do too, but they’re not as strong).
  • Reach out to an alternative contact: If you receive a suspicious email or phone call from someone claiming to be from a legitimate company, cease contact and locate an official contact email or phone number to reach back out with. Customer support can verify if the initial message was legit.
  • Monitor your payment card accounts: Whether you use credit or debit, keep an eye on your card statements to check for any fraudulent purchases. The Fair Credit Billing Act limits liability for fraudulent credit card purchases up to $50. In many cases, as long as you report the fraud quickly you won’t be on the hook. But, as mentioned, credit cards tend to have better protections than debit cards, and the fraud resolution process may be quicker and less hassle.
  • Sign up for alerts: Set up alerts with your issuer to catch fraudulent spending. Being aware of suspicious activity as soon as it occurs will give you enough time to contact your card issuer and cancel the card before more damage is done. Look into the security features your issuer offers; some provide apps that can alert you in real time of card activity. If you fear that your identity may have been compromised, you can contact the credit bureaus and place fraud alerts on your credit reports as well.
  • Never sign in to accounts on unsecured Wi-Fi: If public Wi-Fi is your only option, refrain from logging in to any websites that manage personal information, such as banking and shopping sites. Turn off the automatic connectivity feature on your device, to prevent yourself from accidentally connecting to a dangerous network. If you need to log in using public Wi-Fi, consider using a VPN.
  • Shred any mail that contains personal info: Always properly dispose of any mail you receive that includes personal account numbers, Social Security numbers, or addresses. Shredding it is the most effective way of ensuring that fraudsters can’t take advantage of your mail.

Despite your best efforts, payment card fraud can happen in many different ways, so it’s good to be informed. 

If you become a victim of credit card fraud, immediately dispute any unauthorized charges. Alerts on your credit accounts (and credit reports) may only notify you of activity; they don’t necessarily take action for you, so familiarize yourself with ways to fight back against fraud and identity theft.


In Case You Missed It

  1. Recognizing the possible signs of the many different scams can help you be more proactive in defending yourself

  2. Scammers leverage credibility by impersonating established companies to steal credit card information, license numbers, SSNs, or bait victims into clicking malicious links

  3. Phishing scams typically target a potential victim through email, pretending to be a reputable agency or company

You Should Also Check Out…