Last fall, I received an email that appeared to be from my web host. The email claimed that there was a problem with my payment information and asked me to update it. I clicked on the link in the email and entered my credit card number, thinking that a recent change I’d made to my site must have caused a problem.
The next morning, I logged onto my credit card account to find two large unauthorized purchases. A scammer had successfully phished my payment information from me.
This failure of security is pretty embarrassing for a personal finance writer. I know better than to click through an email link claiming to be from my bank, credit card lender, or other financial institution. But because the email came from a source that wasn’t specifically financial (and because I was thinking about the changes I had made to my website just the day before), I let myself get played.
Thankfully, because I check my credit card balance daily, the scammers didn’t get away with it. However, it’s better to be proactive about avoiding credit card theft so you’re not stuck with the cleanup, which took me several months to complete.
Here’s how you can protect yourself from credit card theft.
Protecting your physical credit card
Stealing your physical credit or debit card is in some respects the easiest way for a scammer to get their hands on your sweet, sweet money. With the actual card in hand, a scammer has all the information they need to make fraudulent purchases: the credit card number, expiration date, and the security code on the back.
That means keeping your physical cards safe is one of the best ways to protect yourself from credit card theft. Don’t carry more cards than you intend to use. Having every card you own in a bulging wallet makes it more likely someone could steal one when you’re not paying attention and you may not realize it’s gone if you have multiple cards.
Another common place where you might be separated from your card is at a restaurant. After you’ve paid your bill, it can be easy to forget if you’ve put away your card (especially if you’ve been enjoying adult beverages). So make it a habit to confirm that you have your card before you leave a restaurant.
If you do find yourself missing a credit or debit card, make sure you call your bank immediately to report it lost or stolen. The faster you move to lock down the card, the less likely the scammers will be able to make fraudulent charges. Make sure you have your bank’s phone number written down somewhere so you’re able to contact them quickly if your card is stolen or lost. (See also: Don’t Panic: Do This If Your Identity Gets Stolen)
Recognizing card skimmers
Credit card thieves also go high-tech to get your information. Credit card skimmers are small devices placed on a legitimate spot for a card scanner, such as on a gas pump or ATM.
When you scan your card to pay, the skimmer device captures all the information stored in your card’s magnetic stripe. In some cases, when there’s a skimmer placed on an ATM, there’s also a tiny camera set up to record you entering your PIN so the fraudster has all the info they need to access your account.
The good news is that it’s possible to detect a card skimmer in the wild. Gas stations and ATMs are the most common places where you’ll see skimmer devices. Generally, these devices will often stick out past the panel rather than sit flush with it, as the legitimate credit card scanner is supposed to. Other red flags to look for are scanners that seem to jiggle or move slightly instead of being firmly affixed, or a pin pad that appears thicker than normal. All of these can potentially indicate a skimmer is in place.
If you find something that looks hinky, go to a different gas station or ATM. Better safe than sorry. (See also: 18 Surprising Ways Your Identity Can Be Stolen)
Protecting your credit card numbers at home
Your home is another place thieves will go searching for your sensitive information. To start, you likely receive credit card offers, the cards themselves, and your statements in the mail. While mail theft is relatively rare (it’s a federal crime, after all), it’s still a good idea to make sure you collect your mail daily and put a hold on it when you go out of town.
Once you get your card-related paperwork in the house, however, you still may be vulnerable. Because credit card scammers are not above a little dumpster diving to get their hands on your credit card number. This is why it’s a good idea to shred any paperwork with your credit card number and other identifying information on it before you throw it away.
Finally, protecting your credit cards at home also means being wary about whom you share information with over the phone. Unless you’ve initiated a phone call of your own volition — not because you’re calling someone who left a voicemail — you should never share your credit card numbers over the phone. Scammers will pose as customer service agents from your financial institution or a merchant you frequent to get your payment information. To be sure, you can hang up and call the institution yourself using the main phone number.
Keeping your cards safe online
You should never provide your credit card information via a link in an email purporting to be from your financial institution or a merchant. Scammers are able to make their fake emails and websites look legitimate, which was exactly the reason I fell victim to this fraud.
But even with my momentary lapse in judgment about being asked for my payment information from my "web host," there were other warning signs that I could’ve heeded if I had been paying attention.
The first is the actual email address. These fake emails will often have a legitimate looking display name, which is the only thing you might see in your email. However, if you hover over or click on the display name, you can see the actual email address that sent you the message. Illegitimate addresses do not follow the same email address format you’ll see from the legitimate company.
In addition to that, looking at the URL that showed up when I clicked the link could’ve told me something weird was going on. Any legitimate site that needs your financial information will have a secure URL to accept your payment. Secure URLs start with https:// (rather than http://) and feature a lock icon in the browser bar. If these elements are missing, then you should not enter your credit card information. (See also: 3 Ways Millennials Can Avoid Financial Fraud)
Daily practices that keep you safe
In addition to these precautions, you can also protect your credit cards with the everyday choices you make. For instance, using strong, unique passwords for all of your online financial services, from shopping to banking, can help you prevent theft. Keeping those strong passwords safe — that is, not written down on a post-it note on your laptop — will also help protect your financial information.
Regularly going over your credit card and banking statements can also help ensure that you’re the only one making purchases with your credit cards. It was this daily habit of mine that made sure my scammers didn’t actually receive the computer they tried to purchase with my credit card. The fact that I check my balance daily meant I was able to shut down the fraudulent sale before they received the goods, even though I fell down on the job of protecting my credit card information.
Like this article? Pin it!
Last month, Kim was a victim of identity theft. Somebody used her debit card to make a large purchase of cosmetics.
