Credit card theft, also known as credit card skimming, has been on the rise for the past five years with a significant jump during the COVID-19 pandemic. In our recent investigations we have also seen scam messages targeting immigrants in the states and credit card thefts that affected local recipients of New York’s Excluded Workers Fund.
Documented spoke with experts and compiled a list of simple recommendations that you could take to protect your information online and prevent falling victim to credit card skimming and identity theft.
How does credit card theft occur?
Credit card thefts can occur in various places, such as at gas pumps, banks, and abandoned automatic teller machines (ATM) that are tampered to copy the 16 digits from a debit card along with its pin.
“The card’s information can be captured in different ways, but as soon as you insert your card into an ATM, it could be read by an electronic device that collects that information,” said Bruce Wayne Renard, Executive Director at The National ATM Council.
Renard added that criminals could use fake keyboards, similar to the original one on the ATM, or tiny cameras placed around the ATM to record the moment in which the PIN is entered. Other times, they might also use fake card readers that are inserted into the genuine one.
After the criminals have obtained the information, they can make purchases online or clone the card with another name to make purchases in person.
While falling victim to credit card theft is a serious crime of grand larceny, there are still ways to avoid falling for it. Renard recommends the following:
- Inspect it/ Move it. When using the ATM, jiggle the credit card reader and try to pull it out. A genuine reader will not move and should not come off or have a gap.
- Check the Keypad. A fake keypad is not stable. Try to lift it up and remove it by moving it. If it seems unstable, it is most likely that it is fake.
- Look around the ATM. Look for any signs of tampering, such as small cameras installed in the upper part where it has visibility to the keypad.
- Cover your hand while entering the pin.
“The most important thing is to avoid abandoned ATMs,” said Renard.
Check out the New York Police Department’s guide to avoid falling victim to credit card skimming.
How to protect your information online
Your credit card number and personal information can also be compromised while surfing the web through what is known as phishing.
Phishing is when someone sends you a link, via email or text message, with the purpose of tricking you into sharing your personal information or password, explained Alberto Casares, VP of Digital Risk Protection at Costella Intelligence.
According to Casares, the cybercriminals portray themselves as real companies. They send messages with a logo from a genuine and well known company, or create web addresses that are very similar, for example BankofAmerica is interpreted as BankoAmerica.
“As soon as you click on a link or an image, it’s really easy to steal one’s information. There are tools that create scam campaigns that are shared via messages … and as soon as a user provides any type of information, the cybercriminal automatically has access to those details,” warned Casares.
Casares recommends keeping in mind the following tips to avoid compromising your information:
- Never click on images or links that you receive via email or messages. Instead go to your web browser and visit the genuine website to make sure the notice you received is true. For example if your bank sent you an offer, log into your profile on the site and the offer should be there, if it’s real.
- Make sure the website is genuine. For example: Documentedny vs. docvmentedny
- Use antivirus plugins, if you can. These plugins will notify you when a site has malicious content.
- Make sure the website has the SSL security lock. This will make sure that any information shared between you and the site is encrypted and secure. Scam sites also have the ability to install SSL security locks, it’s important to keep in mind all the steps above.
Additional steps to secure your data and prevent identity theft
- If at all possible avoid using a public WiFi. Public connections are often not secure, which makes your data more vulnerable to hackers.
- Do not provide more information than it is needed. For example, if a profile online suggests you enter your age, you should skip it.
- Avoid using the same password for all your accounts. It is also recommended to have a combination of letters, signs and numbers. For example: P4SSWord!
- Avoid using your personal emails if you are checking a forum that is not important or temporary as an email address is like your ID in the online world.
- If possible, get a VPN. It offers a secure connection regardless of where you are located and gives you the ability to choose a proxy IP address that helps you keep your information secure.
While it might not be always possible to verify if a web page is secure or not, Caseres recommends being skeptical of deals or offers that are too good to be true: “When something is free, you are the product.”