Credit Cards and Phishing

Criminals use the Internet in a variety of ways as they target victims. Phishing is one method whereby fraudsters try to trick consumers into sharing financial or personal information. A phishing attempt may arrive by email or text message, trying to encourage a victim to respond to the message with their financial details. Phishing messages can also pop up while people browse the Internet. Responding to phishing attempts can put you at risk for having your financial information compromised. Learning about various types of credit phishing can help you recognize these messages and avoid them.

An email or text phishing message can seem legitimate at first glance. Criminals send these messages to consumers, impersonating a business or an organization, trying to get people to respond to the messages. A phishing email might contain a message about a purported unauthorized transaction on a credit card account, telling the consumer to click on a link to confirm their identifying information. If a consumer clicks the link, the person would navigate to a fraudulent website. Entering financial data into the fields of this website would put this information into the hands of criminals, who could then access the account. Another type of phishing email might tell a consumer that a routine account verification resulted in the inability to verify financial information. If a consumer clicks a link to verify their information, the person would be providing this information to a criminal.

Phishing emails and text messages can be very prevalent, arriving often in your email inbox. Criminals can be quite resourceful in their attempts to defraud consumers. Emails often appear legitimate, with company logos and headers contained in the messages. To avoid becoming a victim of credit phishing, always delete emails and text messages that request confirmation or verification of financial or personal information. Credit card companies and banks will never contact customers in this fashion requesting this information. Never reply to these emails by return email or by phone, and never click any links contained in emails.

Spear phishing is another type of credit phishing. With this type of crime, the criminals target a specific group of people, such as people who use the same bank, work at the same company, or use the same website for placing e-commerce orders. The fraudsters will send out emails to the group of victims, representing the organization they have in common. This type of phishing crime often occurs after the criminals hack into the organization's system. The message will often have some sort of urgency, telling consumers that they must click a link or reply to confirm or verify their personal or financial information. Consumers who reply will likely be prompted for their account password, account number, or some sort of code that will give the criminals access to accounts.

Some criminals also engage in "vishing," which involves fraudsters calling people on the phone. A criminal would pose as a representative of a legitimate company, a bank, or even a government agency. The criminal tells the victim about a potential issue with an account that requires the victim to confirm or provide financial information to resolve it. If the victim shares information, the criminal uses it to access the account.

Thieves also use the Internet to defraud victims. A criminal might create a fraudulent website that offers some sort of service or product. The criminal spends time with search engine optimization to ensure that the website is indexed by the search engines for specific keywords. When consumers arrive at the website after performing a search, they find enticing offers for the purchase of goods or services. Making a purchase and entering payment information on this website can lead to a compromise of the account. Consumers must always verify the legitimacy of a website prior to making a purchase on the Internet. One way to verify a website is to examine the URL. A secure website will have "https" and not merely "http" in the Web address. In addition, a Web browser should show a lock icon that indicates that the website is secure.