Adjust Text Size

Avoiding Credit Card Scammers

Written by Nickel - 2 Comments

Avoiding Credit Card Scammers

While at lunch today, I received an e-mail that was purportedly from Chase — but it wasn’t. This isn’t a particularly noteworthy occurrence in that I (like most of you) receive credit card phishing attempts all the time. But this one slipped through the spam filters and it looked quite real.

The message state that our account had been temporarily limited — a standard thing in fraud prevention — and that I needed to login to confirm my account details. It looked real enough (on my phone, anyway) that I called my wife to see if she had used the card for anything out of the ordinary. She hadn’t.

Once I got back to work, I opened the message on my desktop and saw right away that it was a fake. For starters, the “from” address (not just the name) is plainly visible without drilling down on the desktop version of Gmail but not on the mobile interface. I was also able to hover over the link and see that it pointed to a website other than Chase.com.

But even if I hadn’t noticed it was a fake, I would’ve been fine. Why? Because I never (ever!) click links that in e-mails. Instead, I go to my browser and type it in directly (or visit from a bookmark). Or I call. Either way, I know where I’m going and who I’m talking to.

Had I clicked the link, I likely would’ve been presented with a real looking login screen and I may have punched in my account details, thereby handing the scammers the keys to the proverbial kingdom.

So what can you do to protect yourself? For starters, never (ever!) click links in e-mails, no matter how real they look. Also pay attention to whether or not the e-mail contains any personally identifying information. Did they include a part of your account number? If not, be very suspicious. But even if they did, you’re not necessarily safe.

What about the from address? If the originating e-mail address doesn’t match the supposed sender, beware. But even if it does match, you’re not necessarily in the clear.

What about the links? In most cases you can hover over them and your browser or e-mail client will show you the underlying address. If it’s not familiar, steer clear. But once again, even if it looks vaguely familiar, it might not be legit. For example, something like chase.myawesomecard.com doesn’t point to Chase. It points to a subdomain at mysawesomecard.com — which I just made up, but could very well belong to a scammer.

Another thing to look at (in Gmail, at least) is whether or not the images in the message are loading. While you can click a link to tell Gmail to always load images from a certain sender, phishing messages typically come from domains from which you haven’t previously received e-mail so the images won’t automatically load.

But really, the best defense is to either call the number on the back of your card or go to your web browser and punch in the address directly. Like I said above, if you do this you’ll know exactly who you’re dealing with.

Published on August 27th, 2012
Modified on September 3rd, 2012 - 2 Comments
Filed under: Credit Cards

About the author: is the founder and editor-in-chief of this site. He's a thirty-something family man who has been writing about personal finance since 2005, and guess what? He's on Twitter!

Related articles...

» How to Prevent Identity Theft and E-mail Scams
» Ten New Money Scams, Part 3
» Citi Credit Cards Hacked: What It Means for Cardholders
» Carnivals – Week of 03/26/07
» Carnivals – Week of 08/14/06
» Carnivals – Week of 04/07/08
» Newspaper TWO, Craigslist Zero
» From the Archives (August 5th – August 11th)

Was this article useful? Please sign up to receive our content via e-mail:

You will receive only the daily updates, and can unsubscribe at anytime.

2 Responses to “Avoiding Credit Card Scammers”

  1. 1
    Tod Fitch Says:

    Time to contact Chase and tell them to start supporting SPF (Sending Policy Framework) and/or DKIM (Domain Key Internet Mail).

    These are transparent to you but allow your ISP’s mail server to authenticate that mail purporting to be from a sender (Chase) is actually the sender. In the case of DKIM it also allows your ISP’s mail server to verify that the message has not been modified.

    My take is most (all?) large companies don’t use these technologies because they themselves want to be able to outsource email campaigns to third parties. So basically because (insert name of your favorite bank) wants to easily spam you they make it easy for phishers to spam you too.

  2. 2
    Kris Says:

    I get those all the time – both from banks I already work with, and from those who don’t. They sound official, and look tempting, but usually are either spam or scams (guess there’s really not that much of a difference). Sometimes your real bank sends real email, but require a login to access your account. Always be careful when it comes to emails!

Leave a Reply

Because rates and offers from advertisers shown on this website change frequently, please visit referenced sites for current information. This website may be compensated by companies mentioned through advertising, affiliate programs or otherwise.
FiveCentNickel User Survey