Credit Card Phishing -- What It Means and How to Prevent It

If you're like most people, the word "phishing", probably conjures up images of a boat, a hook, and a worm. However, "phishing" as it relates to credit cards is something entirely different and can wreak havoc on your finances.

What is phishing?

Phishing is a form of fraud in which a credit card holder receives an email from a legitimate business, such as a credit union or bank you belong to, PayPal, or another business that may have your credit card on file.

The financial losses from phishing are devastating. One report from the Gartner Group estimated the total cost of phishing attacks in 2007 was 3.2 billion in the US, with an estimated 3.6 million adults falling victim to phishing each year.

How does phishing occur?

Almost all phishing schemes require you to "verify" your personal information by entering your credit card number or social security number. Another common scam is to tell the customer that they are potentially the victim of identity theft. Some phishing emails also ask you to call a phone number to provide this information.

Once the customers provide this information, the scammers then take the information and charge up the customer's credit cards, deplete their bank accounts, or open up new lines of credit. The results are financially devastating. The customer typically spends weeks or months getting their finances back on track.

Most people fall for phishing scams because the fraudulent emails are so convincing. They use the same fonts, logos, and forms as the real business. If the email links to a website, the website is often an exact duplicate of the real website.

When the phishing scam requires customers to call a phone number, the number is typically a 1-800 number, just like the company's. The scammers answer the phone in the same way as the representatives from the real company. Victims think they are simply verifying information.

How to prevent phishing

The first step in preventing phishing is knowing that NO legitimate credit card company will ever ask you to verify personal information online. Knowing that and discarding phishing attempts immediately can prevent most phishing attacks.

The following steps will also prevent phishing:

• NEVER give out personal information online. This includes your social security number, bank account numbers, credit card numbers or expiration dates, your mother's maiden name, or the three-digit security code on the back of the card.
• Know how to spot fraud. Oftentimes, emails like this go straight into a spam folder, which is a tip-off. You can also check the email address it comes from; often, it will be an obscure address not associated with the real company. For example, you may get an email from paypal@yahoo.com. Legitimate companies do not use yahoo, Hotmail, gmail, or other free accounts.
• Be careful of phone calls. If someone calls you and says they are your credit card company and asks you for your credit card information, ask for a number and tell them you will call back. If the person pressures you to give the information or refuses to give a call back number, chances are they are trying to steal your credit card information.
• Contact the business if you have questions. Don't direct your questions to the phone number or contact information from the email. Instead, call the number on the back of your credit card and explain what happened.

Credit card phishing can be very costly in both time and money. These tips will help you be aware of and prevent credit card fraud.