8 Common Credit Card Scams and How to Avoid Them

1. Phishing Scams

Phishing is when a scammer pretends to be a bank, business, organization or government official to trick you into providing your credit card information. There are a few different types of phishing, but typically, you'll get an email, text or social media message that looks like it came from your bank, credit card company or another business you use.

The message usually asks you to click a link or fix a supposed urgent problem. The urgent nature is intended, as the scammer thinks you'll rush into a bad decision without thinking first. The scammers' intention here is to secure your personal data and use it to defraud you or sell it on the dark web.

Example: A phishing email might warn you that one of your utility services is about to be shut off unless you act quickly to update your payment information. But the link you're sent to take care of it instead takes you to a phony website that steals your personal information.

Never click through any link that asks you to confirm your credit card information, provide login credentials or asks for other personal information. Instead, visit the bank or organization's official website or open their app to check your account. Chances are there will be no mention of the supposed problem from a phishing message.

If you suspect an email or text might be a phishing scam, look for these warning signs:

• Email addresses that look slightly off, such as one ending in "@yourbank185.com"
• Messages with typos and poor grammar
• Offers that are too good to be true
• Requests for sensitive personal information, login credentials or money
• Messages that pressure you to make you act fast
• Links that lead to websites that don't match the official web address of the bank or company they claim to be

2. Credit Card Skimming and Shimming

These two scams take place when thieves use various devices to steal your credit card information. They can then make copies of your card details and either sell the information online or use it to create counterfeit credit cards.

These scams are pretty similar in nature but are subtly different. Skimming is when a criminal attaches a device over or inside the card reader to steal data from your card's magnetic strip when you swipe it at ATMs, gas pumps and point-of-sale terminals. Once card issuers increased security by implementing microchips on their cards, scammers turned to shimming, inserting devices deep into the card slot to steal information from chip-enabled cards.

Example: When paying at the gas pump, you notice the card slot feels unusually tight when you try to insert your card. That can be a sign of a skimmer or shimmer inside the reader, so it may be safer to pay the cashier inside instead.

Look for these warning signs of skimming and shimming:

• ATMs and gas pumps found at less-populated, poorly lit locations. Thieves are more likely to install devices in places where they are less likely to be detected.
• Card slots that feel unusually tight. If your card is tough to insert, there may be a hidden information-stealing device installed.
• Keypads or card readers that look different from nearby machines.

3. Interest-Rate Reduction and Debt Settlement Scams

If you're struggling with credit card debt, you might be tempted by companies promising to lower your interest rate or clear your debt for less than you owe. Some companies, such as nonprofit credit counseling agencies, may be able to help you legitimately negotiate with your credit card issuers. But there are also scammers that charge upfront and ongoing fees supposedly to help you reduce your credit card debt without delivering any service in return.

Note that the Federal Trade Commission (FTC) states it's illegal for a company to charge you a fee before reducing your debt or renegotiating it. So, if a company asks you to pay upfront, consider it a red flag the offer may be a scam. Also, be wary of companies that don't disclose key information about their services, such as how much it costs and how long it takes to see results.

Some legitimate companies use a dedicated account to hold the money you save toward a settlement, but if a company can't explain how that account works or who controls the funds, that's also a major red flag. Watch out for lofty promises of savings and promises of protection against creditors and other signs the "debt relief" is a scam.

Tip: If you receive an unsolicited text, email or phone call from someone guaranteeing they can clear your credit card debt for a set amount, such as half of what you owe, it's likely a scam. Legitimate companies never guarantee specific outcomes, but they may share internal data about past client results.

4. Online Shopping Scams

Some scammers set up fake ecommerce websites to steal shoppers' credit card details. They might create these websites to look like legitimate stores, complete with trademarks, professional (stolen) images and URLs that look almost identical to the real store's, just slightly altered.

Tip: Be cautious of online stores that only accept wire transfers, cryptocurrency, gift cards or other nonrefundable payment methods. Scammers often use these because once you pay, your money is almost impossible to recover. If you are allowed to use your credit card, the website's creator could steal your card's info. And it might be several days or weeks before you realize you aren't actually going to get the item you were promised.

Watch out for:

• Store prices that are unusually low.
• Spelling errors in the URL or a web address that doesn't end in .com.
• New websites with little information, perhaps missing the About page or contact information.

Learn more: Red Flags to Look for When Shopping Online

5. Public Wi-Fi Scams

Similarly, scammers monitor a public Wi-Fi network or create and broadcast a Wi-Fi signal they control. Sure, the airport or hotel Wi-Fi is convenient, but a criminal can steal your credit card's information if you use it while you're connected to public networks. They can also infect your computer with malware that can steal your information later.

Insecure public Wi-Fi networks typically don't require a password and have generic names like Free Wi-Fi or a name mimicking your location. Understand that a network run by a scammer might look legitimate, but be far from it. Look for web addresses that start with https rather than http. Without the "s," your information may be vulnerable. And if your connection is slow or you encounter pop-ups or multiple disconnections, you could be on a scammer's network.

Tip: When you're connected to a public Wi-Fi network, avoid online shopping sites and payment pages where you'll be required to enter your credit card information. Similarly, don't do any online banking or log in to any personal accounts where sensitive personal data could be compromised. If you absolutely must use your credit card or personal data, use a VPN rather than trust the public Wi-Fi network alone.

6. QR Code Scams

There are a few different ways you can fall victim to a QR code scam, also known as quishing. All typically start when a scammer gets you to scan a QR code. From that point, you might be led to a fake website that steals your credit card information, or the scan could trigger a download of harmful software onto your device. A scammer can also use a fake QR code to reroute a payment to themselves, instead of the person or company you sent it to.

Example: Parking lots are increasingly becoming targets for QR code scams. Scammers often install fake QR code signs in the lot or stickers on the pay station. When you scan it, you are sent to a fake payment page on a phishing site that collects your credit card information or a parking fee that goes straight to the scammer, not the parking lot vendor.

Watch out for:

• Unsolicited QR codes coming from people or businesses you don't know or do business with.
• Fake websites for legitimate businesses. For example, look for a web address that isn't letter-for-letter the same as the legitimate company's website.
• Any QR code that sends you to a payment page or asks you to initiate a download. Install security software on your device that stops viruses and malware from installing programs or creating other problems.

7. Overcharge Scams

This scheme typically preys on your good nature to scam you. A thief contacts you via email, text or phone to let you know your credit card was "overcharged" for a purchase or payment. But in order to get a refund, you must "confirm your payment information" or "verify your credit card" details. You could be asked to click a link and log in to a phishing website to initiate your "refund." Instead of receiving a refund, you could have your credit card information stolen or have malware installed on your computer or device.

Tip: Be skeptical of any unsolicited texts or emails promising a refund. And, as with most credit card scams, don't click on any link from any unsolicited message. If you're unsure whether it's real, visit the legitimate site on your own to check for any messages or records of overpayment.

8. Donation Scams

Here's another scam seeking to take advantage of your goodwill. This time, a scammer claiming to represent a well-known charity contacts you and asks you for a donation. If you comply, they could change your donation amount or steal your credit card information or both.

Once again, watch out for fake websites, this time posing as legitimate charities. The usual warning signs apply:

• The "charity" may pressure you into donating.
• Links from emails or texts lead to sites with suspicious-looking URLs that aren't the same as the official site the charity claims to be.
• You're asked to pay directly through email or over the phone, often through nonrefundable sources like wire transfers and gift cards.

Tip: If you really want to donate to the charity, a better course of action is to hang up and then visit the charity's official website on your own to donate.

How to Avoid Credit Card Scams

A few best practices can go a long way in keeping your credit card and personal information safe:

• Initiate communications. Resist the urge to respond to phone calls, emails or texts using the number or link provided, even if it appears to be urgent. Instead, use the company's real phone number, website or app on your own to contact them.
• Regularly check your credit card activity. Set up alerts in your credit card account or connect your cards to a budgeting app to look for suspicious charges. By catching unauthorized charges quickly, you can take quick action to shut down your credit card so a scammer can't use it again.
• Use tap-to-pay or your mobile wallet. These are safer methods of payment because they don't share your credit card number. Instead, they use a one-time, encrypted token for every transaction. With these two options, your physical card isn't used, so you won't fall victim to a credit card shimmer or skimmer.
• Never share sensitive information on a public Wi-Fi network. Always remember, public Wi-Fi is insecure. You're better off waiting until you're on a trusted, private network before logging in to bank accounts, shopping online or making payments. If you can't wait, try to use your phone's network signal service rather than Wi-Fi.
• Secure your logins. Turn on multifactor authentication (MFA) for your credit card and banking apps so a scammer can't access them with just your password. Also, create strong and unique passwords for each of your accounts. Consider using a password manager that can store all of your passwords safely and help you keep track of them so you can easily log in.
• Consider freezing your credit reports. You have the right to add a free credit freeze to your credit reports from each of the three major national credit bureaus—Experian, TransUnion and Equifax—which can limit access to your credit reports. That could make it hard for a scammer to open a new credit card or loan in your name, since the creditor wouldn't be able to run your credit.

Steps to Take if You're the Victim of Credit Card Fraud

If you're the victim of credit card fraud, or if you notice suspicious or fraudulent activity on your credit card, take quick action to help protect yourself from future damage.

1. Contact Your Credit Card Issuer

Call the bank or credit card company that issued your card immediately using the customer service number or visit the card issuer's website. Report the unauthorized charges and ask them to cancel your card and send you a new one.

2. Report the Fraud

Contact your local law enforcement agency to file a report about the fraud and keep a copy of the report to provide to your bank and credit bureaus if needed. You can also file a fraud report with the FTC. You may receive guidance on your next steps based on the specific circumstances, and the FTC can track scam trends and alert others to help keep them safe.

Tip: You generally must report credit card fraud within 60 days.

3. File a Report if Your Identity Was Stolen

If the scammer got your personal information in addition to your credit card details, you should file a report at IdentityTheft.gov or by calling 877-438-4338. The FTC can give you a personalized recovery plan and an Identity Theft Report, which you may need to share with creditors to get your accounts cleaned up.

If you're the victim of an internet-related scam, you might also report the fraud to the Internet Crime Complaint Center (IC3), a division of the FBI. For example, if a scammer used a phishing email or fake website to steal your credit card number or if someone used your credit card information to make online purchases, contact your card issuer right away.

4. Add a Fraud Alert to Your Credit Reports

A fraud alert is a notice on your credit report that instructs lenders to verify your identity when reviewing a credit card or loan application. You have the right to place a fraud alert on your reports, and it can help to prevent identity thieves and scammers from opening credit cards and loans in your name. You can set up a free fraud alert through Experian or any one of the three major credit bureaus, and that bureau will inform the other two of the fraud alert.

Phone numbers:
Experian: 888-397-3742
TransUnion: 800-680-7289
Equifax: 800-525-6285

Fortunately, you usually won't be personally responsible if someone uses your stolen credit card information. Instead, the merchant or credit card issuer might cover the cost of the products or services the thieves bought with your credit card.

Learn more: Steps to Take if Someone Opens a Credit Card in Your Name

Monitor Your Credit for Credit Card Fraud

Criminals use many different methods to steal your credit card information so they can make fraudulent charges or open new accounts in your name. The scams above can help you understand how these schemes work and the warning signs to be on the lookout for.

You can also monitor your Experian credit report for free to get real-time alerts about changes and suspicious activity on your report, such as a new credit card account or a hard inquiry. You might also consider a premium identity theft protection membership that scans over 600,000 web pages to detect if your data has been stolen and sends you alerts to aliases or addresses tied to your Social Security number.