New credit card chip scam emerges on email

Posted at 1:28 PM, Oct 05, 2015

Just three days after the deadline for businesses to install new smart chip credit card readers, scammers have already found a new way to target you and your money.

The scammers are trying to capitalize on the millions who haven't received a chip card yet.

For every two chip cards in circulation in the U.S., there are three still without the chip.

"I have a chip card," said consumer Aaron Cohen. "I'm glad to know that there is another level of security. We'll see what happens with it. I'm not sure, but it does seem a little easier."

The new technology makes consumers safer because unlike swiping, which transmits your card number, the chip card creates and encrypts a new number for every transaction.

But just as the technology is newly unfolding, scammers have found new opportunity to take advantage of you.

Only about 40 percent of Americans have received the new EMV chip cards. That leaves the majority without them.

Scammers are contacting people via e-mail - posing as your credit card company or bank - informing you that in order to get a new EMV chip card, you need to update your account by confirming some personal information or clicking on a link.

If you provide personal information in response to the e-mail, you have just made yourself a target for identity theft. If you click the link, you may end up downloading keystroke logging malware that can steal your personal information.

"Knowing that makes me want to actually follow up and get an updated card with the new chip technology to make sure," said Cohen.

So how can you tell if the e-mail is from a scammer?

Follow these tips from the AARP.         

1. Legitimate emails from card issuers should be short, to-the-point notifications that your new EMV card is being mailed, perhaps with an “expect within 10 days” timeframe. They should not include links or attachments promising details or urging action to “update your account” or the like; that’s the calling card of scammers.

As a general rule, don’t trust links in emails — and before clicking, always hover your computer mouse over the link; if it doesn’t display the sender’s company name, assume the worst. It’s also safer to access any business website by typing its url yourself, not via provided links. Or call the phone number listed on your card, not provided in emails.

2. Bogus paypal emails are making the rounds, with malware-laden “update your account” attachments. Legit paypal emails never include attachments.

3. Authentic emails from card issuers will address you by name and include some specific reference to your credit card, such as the last four digits of your account number. Those from paypal, ebay or other businesses will also include your name. Emails vaguely addressed to dear “cardholder,” “customer” or “account holder” are scams.

4. Even if the email includes your name, don’t trust it unless you previously provided your email address to that business (for instance, when you enrolled in online banking). Email mailing lists — with account holder names — can be purchased by scammers.

5. Be suspicious of phone calls or text messages supposedly from card issuers about EMV cards. These could be “vishing” (for voice phishing) or “smishing” (named after SMS technology that sends text messages) attempts aiming to glean account and personal information.