Your Mailbox - Missing a bill? It could be that someone else got into your mail. Knowing that this is a federal offense does not stop criminals. They don't care how many crimes they commit! Your billing statement will have your account number on it. That's all a scammer needs to get into your account. If you have an old fashioned mailbox, you are vulnerable to this kind of theft. Having a mail slot in the door makes it much less likely for someone to get into your mail. An old fashioned mailbox can be altered to reduce the chance of theft. A locking box will allow delivery of your mail into the box, and you'll still be able to get it out, but a thief won't easily be able to get to your mail without looking really suspicious. Also, don't send your payments through your mail carrier. Placing them in your box to go out creates an opportunity for a thief to take them and steal your numbers. Raising that little flag is like ringing a dinner bell for ID theives: Coooome aaaand get it! If he doesn't want to arouse suspicion, the thief can open the envelope carefully, steal your info, then re-seal the envelope and mail it himself, keeping you from finding out that he has your account information until he's drained it or run up a huge bill.
Another option would be to go paperless. Instead of receiving paper statements in the mail from your bank, you can opt to do all of your banking online through your bank's secure website. That way, you can check your statements as often as you want without risk that someone will steal your account numbers. However, if you do this, there are still some precautions to take. These are described below under the Online heading.
Don't use convenience checks. These can be stolen, and your account numbers can easily be copied from the check. Convenience checks are even more convenient for crooks than they are for you! Tell your provider that you don't want them. If they still arrive at your house, shred them and dispose of them with your other sensitive papers as described below under the "Trash" heading.
Your Trash - That's right. Scammers will actually go through your garbage looking for information. Your discarded bank statements, especially your credit card statements, along with any other paperwork containing sensitive info such as your credit or check card number, your social security number, your driver's license number, etc. should be shredded before you trash them. In addition, only toss these items on the day when you clean out your refrigerator. There's always something in the back that's been forgotten. Throw any bad food in a blender with a little water, puree it, and then dump it into the bag on top of your sensitive papers before tying off and tossing the trash. Used kitty litter or puppy papers are another good way to putrefy your personal info for the trash-diving scammer. Gross him out, and he will skip your cans in favor of other, less disgusting fare.
This is one place where most people know their card isn't always safe.
Some more well-known methods of getting your numbers:
Phishing - the scammer sends you an email which looks like it's from your bank, a business with which many people regularly transact, or some other institution from which you could reasonably expect a request for your financial information. Often, the scammer will design the email to appear urgent to trick you into acting before you have time to think about the potential validity of the request. Most people now know that no reputable business will send you an email request for that info.
Instead of responding to any email requesting your information, call the customer service number for your bank or for the actual known institution in whose name the request is being made. Chances are, you will find out they didn't send you any email.
This same scam is run in the name of the FBI, the IRS, and other government authorities. As mentioned above, the genuine article will not contact you this way. The IRS sends scary letters, and if you get the FBI's attention (not as easy as you might think,) you'll find them on your doorstep, not on your phone or online.
Smishing - This is phishing done on phones with web access; you get a text asking you to visit a site which turns out to be bogus. Remember that your phone company, your bank, and other legitimate businesses will not contact you this way, nor will any government agency, your kid's school, etc.
Bogus Web Sites - This is a little more insidious. There are two ways in which this is done.
First, there is the totally bogus site. This looks like a legitimate site, but the business isn't a well-known institution. There are a couple of clues to help you sort out the good not-so-well-known sites from the bad ones. Good sites will have more than one way to contact the seller; phone number for customer service, fax number or mailing address for offline purchases, and an email address. If you can't contact a person, you should be suspicious of the site. If you're not sure of an attractive site, you can check it out with BizRate.com's online store reviews and ratings or the Better Business Bureau's site.
Second, there is the bogus imitation site (Pharming). This looks like the site for a known business, such as Amazon.com, but it's actually a fake that you've been re-directed to by a scammer. This can happen because of malware on your computer, or through hacker activities related to the legitimate site. At the fake site, instead of receiving merchandise or services you purchase, you will be robbed of any information you provide, or fraudulent charges will be applied to your card. You can protect yourself from these sites by checking a few things. Sometimes it's easy; the domain name is misspelled, or the page doesn't look right... maybe the resolution is a little too low, the text is fuzzy, or the photos don't look like they did the last time you visited. Other times, the replica is really good. This is when you have to be a good detective. Every company that asks you for sensitive information must have a digital certificate. You can check on the site's digital certificate by clicking on the closed padlock on the lower right corner of the browser window. Another thing to look for is in the the web address itself, specifically on the page which requests your sensitive information. If you are using a site which is on a secure server, the web address will begin with "https" instead of just "http." Also, keep your browser and anti-virus/anti-spyware/anti-malware software updated to help prevent this kind of re-direction.
Hackers - Whenever you give a website permission to store your information, it becomes more vulnerable in that storage than it was during transmission between your computer and the site. Hackers target sales sites, especially bigger ones which do a lot of business, because they know they can get a huge number of card numbers at once. When given the option to let the site store your information for use with later purchases, choose "no" instead of "yes" if you want to protect your numbers.
On The Phone:
Vishing - This is like phishing, mentioned above under the Online heading, except that it is done with an urgent sounding voice mail to your telephone. The voice mail will ask you to call a number purported to be your bank or some other legitimate institution's customer service number. If you call, you will be asked for your account number(s), PIN, and other sensitive information in order to deal with the "problem." As with phishing, know that no reputable institution will deal with you in this manner. If you are concerned, look up the institution's actual customer service number (it will be on the paperwork you receive from them, also on their website, and in the case of your credit card provider, on the back of your card.)
Telemarketing Scams - While there are still legitimate businesses and charities which use telemarketing to increase their business, there are a lot of scams which also use telemarketing to increase their business. The best rule to follow is to stick with familiar organizations, and don't give anyone your credit or check card number or other financial information to anyone who calls you. You may think you are sending money to help feed starving children in some third world country, but the caller may be a scammer who will bleed your account dry, run up a huge bill, or sell your numbers, along with the rest of the list he/she has complied that day, to a bigger operation.
If you are sold on whatever a telemarketer is offering, instead of completing the transaction immediately, tell them you don't have a credit card or a bank account through which you could send an "electronic check" (the next thing they will ask you for). Ask for a mailing address and instructions on how to send them a money order or certified check with your order, instead. Scammers will immediately hang up on you. A legitimate operation will have a mail-order option available because they want your business. If you really want to use your card, don't do it during that call. Ask for a customer service number which you can call back to make the purchase. This will accomplish two things: First, if the caller tells you there is no number, that the offer is only good during his/her call, or otherwise tries to discourage you from hanging up and calling back, you can be sure you're not dealing with a trustworthy organization. A legitimate business will have a number to call back, and a legitimate telemarketer will be eager to make sure you have his/her name for commission purposes. Second, this will give you the chance to check out the organization which has called you. Before you hang up with the telemarketer, make sure you write down not only the number you are given, but also the name and location of the business. Before calling back, call the Better Business Bureau to check on the business in question, or check the Better Business Bureau's website.
Another clue to tell whether you should be suspicious of a telemarketing call is the timing. Telemarketers are not allowed to call you before 8:00 AM, or after 9:00 PM. If you get a call outside these hours, chances are it's not coming from a legitimate source. Legitimate businesses and charitable organizations obey the law because they want to stay in business. Scam artists don't plan on using the same number for very long, so they don't care about that law.
On another note, using the call-back or mail-order options will give you time to comparison shop. Telemarketers are trained to talk you into buying something right now. That's their job. Part of their pay is commission based on how many sales they get in a day. They are only going to tell you things they think will make you buy their product or service right away. They may even say things to make you worry that if you don't buy now, you will miss out on a good deal or a good product or service.
When comparison shopping, you may find that you can get the exact same thing or better, locally or from a familiar and secure online source, often at a lower price. Further, you might find that while doing that research, you realize you don't really want the product or service, and aren't sure why it sounded so good on the phone. Having time to think about it can make all the difference!
In college, I got an offer to subscribe to a bunch of different magazines for a certain price per magazine per week. The way the guy talked made the offer sound great. When I did the math later, I realized that not only was I not getting a below-subscription-price deal as the caller told me, he was charging me more than the newsstand price. By breaking the price down to weeks instead of months, he made it seem smaller than it was. If I had, at eighteen, known the rules I've stated above, I'd have avoided the scam entirely. Instead, I had to fight to have the charges removed from my account. Fortunately, two things saved my card from the charges: First, he'd called outside the hours permitted to telemarketers (almost midnight - definitely a bad sign.) Second, the customer service folks at the bank through which I had my card backed me up, especially when I told them about the timing of the call. It was a hard fight, though. It took a few months to get the charge removed, and then the company continued sending me magazines (not the ones we'd talked about, either,) then sent the "debt" to a collection agency, and I had to dispute that with the credit bureaus!
At the ATM:
Clever Spies - Beware of loitering individuals near an ATM, whether they be on foot or in a car. With today's technology, it isn't at all difficult to hide a small, high-resolution camera or use a camera phone to get a photo or video of your transaction, providing the thief with enough information to use your account later. Never feel silly for listening to your instincts at the ATM. If something feels wrong, something probably is wrong. It's better to appear rude or go to another location than to be robbed or scammed.
Bank Card Skimming - This one is actually kind of like real work. Thieves put fake parts over real parts on ATM machines. Some use real cameras placed in locations where you might expect the camera to be. Others use card readers and fake keypads to harvest your card number and pin. Your transaction will work as normal, and you will even get a receipt if requested. You'll have no reason, at first glance, to be suspicious. Later, the thief returns to the machine, removes his equipment, and harvests the information for later use. A few things you can do to protect yourself: Try to stick with known ATMs in known locations, especially in areas where you know someone can always see the ATM or it is frequently checked. (If you aren't sure how well or frequently an ATM is monitored, call the customer service number on the machine, or check with your bank.) Also, try to use the same ATM or set of ATMs regularly. If you look at it on a regular basis, you are more likely to notice if something is out of place, something new has been added, etc. That is your safest bet; get to know your ATM! If something looks wrong, never just assume they've updated. Ask someone, or if you can't do that, go somewhere else.
When using an unfamiliar ATM there are still steps you can take to protect yourself. Check to make sure the machine parts are real. If the visible camera lens extends out from the machine, firmly touch the side to see how well it is attached. It shouldn't feel loose or flimsy. Cameras installed in these machines aren't made to come off easily. Do the same with the keypad and card reader. If it feels like you can lift it off, it may be a fake. If there is an attached pamphlet holder, look to see if the whole thing is just plain Plexiglas. Sometimes these are used to hide mini-cameras. Check anything that looks superfluous. ATMs aren't usually made to look pretty. Raised pieces which don't appear to serve any purpose just might have a nefarious one. Also, look under any area which hangs over the card reader. Tiny cameras can be placed in these hidden areas. If you find something, report it immediately. Not only can you save your own account, you may save a lot of other people's accounts as well.
Finally, as with transactions in stores and restaurants, follow the speed and shield rules described below under the heading, "Shopping;" have your card outside your wallet or purse for as little time as possible, just long enough to scan. Palm it when moving it to and inserting it into the slot, keeping your numbers covered so that a camera can't record them, then put it away. Use your hand and body to shield the screen and keypad (after establishing that it is not fake) so that a camera can't be used to gain your PIN.
Keep an eye on your card, and on your surroundings when checking out. Don't get your card out until your purchases are all scanned. Use it quickly, and put it away immediately. If possible, palm it to make sure the numbers are not visible to others. Don't let anyone stand in your personal space while you use the card reader, and do use either your body or your hand (or both) to shield the screen and keypad when typing in your P.I.N.
Some thieves will steal your card number and pin by watching you and memorizing them, or by using a camera phone. Some phones are now so small, with cameras which have such high resolution, that it isn't even a challenge for a thief to get an image of your numbers without your knowledge. He can palm the camera, look like he's waving at someone, and snap a shot without you even seeing what he's doing... or, he can appear to be having a phone conversation, when he's really photographing your card.
If there is a problem with your card, don't let the clerk take it out of your sight. That shouldn't be necessary - if a supervisor is needed, he or she should come to you, not the other way around. That's just good customer service. When your card is out of your sight, it can be copied without your knowledge, and later used without your permission. It can also be swiped through a portable card reader, which is easy to get and easy to hide. Wanna see something scary? Watch THIS YOUTUBE VIDEO on the subject!
If you shop at one of the few, old fashioned little places (which often have the best stuff) which still submit your card manually, using that little hand-copier, when they ask if you want your carbon, take it. They are not going to keep it. It will go in a trash bin, and then into the dumpster, intact enough for a dumpster-diving thief to find it later. Not only does it have your number, it has your signature. Take your carbons home and dispose of them with your other sensitive papers, shredded, and with something disgusting included in the bag.
Out to Eat:
It's meant to be a convenience to you... but it's also a way of making your card vulnerable. You know the service I mean... instead of making you wait in line at the register, the server offers to take your card and have the transaction completed while you finish your dinner. As nice as this is, it once again puts your card out of your sight long enough for someone to copy it. Another risk involved in this service is the chance that you may forget to put your card away before going... sometimes customers do accidentally leave their cards sitting on the tray provided by the server for the service. If you can see the register from your seat, you know the server, and are good at remembering to get your card back and put it away, you're likely to be safe allowing this. However, if the server has to take the card to another room, and is someone you don't know, or you are likely to get distracted and forget your card, you should feel well within your rights turning the service down. In any case, there should be no reason why a server should insist on the service or make you feel bad for taking care of the transaction yourself. Feel silly? Read this article! Watch this youtube video! (same one as above, under Shopping)
Also, watch out for the "tip" line on your bill. A lot of restaurants, aware that more people are choosing to carry less cash (it's safer and faster to just hand over that card if you get mugged), have begun to offer the courtesy of an option to charge your server's tip to your card, instead. This courtesy does allow you to carry less cash, but it also creates an opportunity for someone to add a fraudulent charge to your card if you do tip with cash and leave that line blank. All they have to do is write an amount on the tip line, and add that to your total before ringing up your bill. You can avoid this by never leaving that line blank. If you are tipping in cash, write something in that line, like N/A or TIC (tipped in cash), so that nothing else can be written there. If you fill that space, no one else can write in it convincingly. After you ring out, check your receipt to make sure that the original bill matches what the receipt says you paid.
Finally, follow the same procedure at this register that you should be following at stores; keep your card in your purse or wallet until you are actually going to use it, and then quickly put it away. Palm it if you can when using a self-scanner. If the restaurant's system is manual, keep your carbons, take them home, and dispose of them with your other sensitive papers.
Most of all, remember this: Legitimate businesses will do all they can to protect themselves, and in the process, their customers, from fraud. That said, they can only do so much. Owners can't babysit every employee, nor can they tell the difference between a customer in the checkout line, and a criminal trying to get your information while you check out. They can't always stop Phishers and Smishers from sending out fake emails, Vishers from sending out fake voice mail, Pharmers from scamming their sites, or other con artists from falsely telemarketing in their name. Even when they do stop fraud, there's no way for them to catch and stop every single scam artist quickly enough to protect every single customer. In the end, it's still up to you to protect yourself through your own vigilance.