Avoiding Credit Card Scammers
While at lunch today, I received an e-mail that was purportedly from Chase — but it wasn’t. This isn’t a particularly noteworthy occurrence in that I (like most of you) receive credit card phishing attempts all the time. But this one slipped through the spam filters and it looked quite real.
The message state that our account had been temporarily limited — a standard thing in fraud prevention — and that I needed to login to confirm my account details. It looked real enough (on my phone, anyway) that I called my wife to see if she had used the card for anything out of the ordinary. She hadn’t.
Once I got back to work, I opened the message on my desktop and saw right away that it was a fake. For starters, the “from” address (not just the name) is plainly visible without drilling down on the desktop version of Gmail but not on the mobile interface. I was also able to hover over the link and see that it pointed to a website other than Chase.com.
But even if I hadn’t noticed it was a fake, I would’ve been fine. Why? Because I never (ever!) click links that in e-mails. Instead, I go to my browser and type it in directly (or visit from a bookmark). Or I call. Either way, I know where I’m going and who I’m talking to.
Had I clicked the link, I likely would’ve been presented with a real looking login screen and I may have punched in my account details, thereby handing the scammers the keys to the proverbial kingdom.
So what can you do to protect yourself? For starters, never (ever!) click links in e-mails, no matter how real they look. Also pay attention to whether or not the e-mail contains any personally identifying information. Did they include a part of your account number? If not, be very suspicious. But even if they did, you’re not necessarily safe.
What about the from address? If the originating e-mail address doesn’t match the supposed sender, beware. But even if it does match, you’re not necessarily in the clear.
What about the links? In most cases you can hover over them and your browser or e-mail client will show you the underlying address. If it’s not familiar, steer clear. But once again, even if it looks vaguely familiar, it might not be legit. For example, something like chase.myawesomecard.com doesn’t point to Chase. It points to a subdomain at mysawesomecard.com — which I just made up, but could very well belong to a scammer.
Another thing to look at (in Gmail, at least) is whether or not the images in the message are loading. While you can click a link to tell Gmail to always load images from a certain sender, phishing messages typically come from domains from which you haven’t previously received e-mail so the images won’t automatically load.
But really, the best defense is to either call the number on the back of your card or go to your web browser and punch in the address directly. Like I said above, if you do this you’ll know exactly who you’re dealing with.
Disclaimer: Discover is a paid advertiser of this site.
Reasonable efforts are made to maintain accurate information. See the Discover online credit card application for full terms and conditions on offers and rewards.
Modified on September 3rd, 2012 - 2 Comments
Filed under: Credit Cards
About the author: Nickel is the founder and editor-in-chief of this site. He's a thirty-something family man who has been writing about personal finance since 2005, and guess what? He's on Twitter!
Related articles...
» How to Prevent Identity Theft and E-mail Scams» Ten New Money Scams, Part 3
» Citi Credit Cards Hacked: What It Means for Cardholders
» Carnivals – Week of 03/26/07
» Carnivals – Week of 04/07/08
» Carnivals – Week of 08/14/06
» Carnivals – Week of 05/25/08
» The Best of March 2008
Was this article useful? Please sign up to receive our content via e-mail:
2 Responses to “Avoiding Credit Card Scammers”
Leave a Reply
Top Cards by Category
The new Discover it card is out to change the way people think about credit cards. No annual fee. No overlimit fee. No foreign transaction fee & no pay-by-phone fee. No late fee on your first late payment. And Discover won't increase your APR for paying late.*
Bonus Miles: Earn 30,000 bonus miles toward Award Travel after you spend $500 on the Card within the first three months of Cardmembership. Earn As You Spend: Get 2X miles on Delta purchases and 1X miles for all other eligible dollars spent.
The new Discover it card is out to change the way people think about credit cards. No annual fee. No overlimit fee. No foreign transaction fee & no pay-by-phone fee. No late fee on your first late payment. And Discover won't increase your APR for paying late.*
The new Discover it card is out to change the way people think about credit cards. No annual fee. No overlimit fee. No foreign transaction fee & no pay-by-phone fee. No late fee on your first late payment. And Discover won't increase your APR for paying late.*
The new Discover it card is out to change the way people think about credit cards. No annual fee. No overlimit fee. No foreign transaction fee & no pay-by-phone fee. No late fee on your first late payment. And Discover won't increase your APR for paying late.*
The new Discover it card is out to change the way people think about credit cards. No annual fee. No overlimit fee. No foreign transaction fee & no pay-by-phone fee. No late fee on your first late payment. And Discover won't increase your APR for paying late.*
The SimplyCash(R) Business Card from American Express aims to help your business succeed with a generous cash-back rewards program. Many businesses can benefit from cash back categories such as U.S. office supply stores, wireless telephone services purchased directly from U.S. service providers and U.S. gas stations. This card not only offers a low introductory purchase APR but also doesn't charge an annual fee.
The new Discover it card is out to change the way people think about credit cards. No annual fee. No overlimit fee. No foreign transaction fee & no pay-by-phone fee. No late fee on your first late payment. And Discover won't increase your APR for paying late.*
- How to Become a Millionaire
- How to Get Out of Debt
- The Best Dollars I've Ever Spent
- How Our Estate Plan is Structured
- How We Paid Our Mortgage In Less than 10 Years
- Money Making Ideas
- How to Manage Your Asset Allocation with Multiple Accounts
- Consumption Smoothing - Save While the Saving's Good
- How to Save on Groceries
- How Much Life Insurance Do You Need?
- Eleven Great Books About Money
- Dave Ramsey is Bad at Math
- Dish Network Customer Service SUCKS
- $8,000 Homebuyer Tax Credit
- Pay Off Mortgage Early or Invest?
- How to Claim the First-Time Homebuyer Tax Credit
- Termite Control: Sentricon vs. Termidor
- How Much Should You Pay a Babysitter?
- Reduced Credit Limits? Share Your Experience
- Ethanol Blended Gas = Lower Mileage?
- $15,000 Homebuyer Tax Credit
- Buying Furniture off the Back of a Truck
- Will Mac OS X Lion Kill Quicken 2007?
How to save money on insurance
- How to help your family after you are gone
- Will Social Security be gone before I retire?
- Refund, or no refund?
- This battle of the sexes has no winner
- What to look for when buying an energy-efficient home
- The hidden savings in a rent payment
- How to save money on vacations using social media and new technologies
- How to budget without regular paychecks
- What do you do with your windfalls?
- Don't believe the bull
August 27th, 2012 at 6:38 pm
Time to contact Chase and tell them to start supporting SPF (Sending Policy Framework) and/or DKIM (Domain Key Internet Mail).
These are transparent to you but allow your ISP’s mail server to authenticate that mail purporting to be from a sender (Chase) is actually the sender. In the case of DKIM it also allows your ISP’s mail server to verify that the message has not been modified.
My take is most (all?) large companies don’t use these technologies because they themselves want to be able to outsource email campaigns to third parties. So basically because (insert name of your favorite bank) wants to easily spam you they make it easy for phishers to spam you too.
August 29th, 2012 at 10:13 pm
I get those all the time – both from banks I already work with, and from those who don’t. They sound official, and look tempting, but usually are either spam or scams (guess there’s really not that much of a difference). Sometimes your real bank sends real email, but require a login to access your account. Always be careful when it comes to emails!