Understanding Credit Card Phishing and How To Stay Safe

Fewer and fewer people transact with cash nowadays. Most use an online payment app, debit card, or credit card. The increased use of credit cards online and offline comes with higher incidents of credit card fraud in Canada. According to a 2023 study, about a quarter (21 percent) of Canadians have been victims of credit card fraud in their lifetime.

Credit card fraud happens when someone takes your credit card, account numbers, or card information and uses it for illegal or unauthorized activities. Scammers take advantage of the growing acceptance of and comfort with remote payment options to target vulnerable people, particularly the elderly. The spike in the volume of online sales has also made it statistically easier for them to find cracks in the system.  

What is credit card phishing?

A phishing scam is a scheme wherein bad actors contact victims through emails, text messages, or phone calls. The scam aims to acquire sensitive information, such as passwords and financial data. Fraudsters often pose as well-known businesses, agencies, or organizations to build trust and persuade victims to give up sensitive or valuable information. Once they get your credit card numbers, bank account details, and passwords, they use them for illegal activities.

In the current digital landscape, phishing scams have evolved, including tactics such as phishing in social networks and chat apps. Generative AI has made cybercriminals more adept at making their phishing emails look legitimate. That makes it easy to trick people into opening, clicking, or sharing dubious links.

How It Works

Phishing scams mimic a legitimate company or service but provide fraudulent instructions or links to gain access to sensitive information. Some of the most dangerous ones attempt to access financial details directly by posing as the credit card company or another legitimate entity that would need legitimate access to these details.

For example, someone may call you, claiming to be from your bank, to inform you of a breach of your account. They make it seem urgent for you to act immediately by providing them with your credit card information. 

Another tactic is through phone calls. Someone reaches out to you, claiming to be from your credit card company. They will urge you to register for special promos, but they must first confirm your identity by asking for sensitive information.

How To Spot It

Phishing scams come by phone and email and may present various ploys to gain a target’s trust. A typical phishing scam claims that you must update account details for a credit card to justify a security check. 

The scammer might ask for answers to your security questions, positioning themselves as if they already know the answers and are simply verifying. That includes personal questions set up in advance, like your mother’s maiden name or the street on which you grew up. They could also be your date of birth, Social Insurance Number (SIN) and the three-digit code on the back of a credit card.

Alternatively, you might get an email or text message with a link directing you to a bogus website that looks like your credit card company. It may require you to input sensitive information to “access” your account. 

Some matters that phishing scams imitate might be time-sensitive. In these cases, scammers will rush you. A red flag is a heightened sense of urgency or a specific, short timeframe in which instructions must be completed. Beware of assertions such as “[the alleged company] has been unable to reach you until now” or that “this is the last time you will be contacted,” which have become hallmarks of phone scams.

It’s best to be paranoid when it comes to guarding your information. Look for the following indications of a scam before you give anything away:

• Emails asking for information: Financial institutions like credit card issuers will never ask you to provide passwords or other personal information over email.
• Misspelled URLs/slightly altered logos: Phishers often re-create websites and slightly change some elements you might not catch immediately.
• Links to websites: Do not click on links in emails or messages, especially if it comes from an unknown sender. They may lead to a fake website. Always manually type the URL of websites where you must input sensitive information.
• Unsecure websites: Check that the website begins with “https://” instead of “http://.” The extra “s” indicates it is a secure website. If the URL doesn’t have it, don’t provide any information at all. 

In most cases, you just need to pay more attention. Here are some tips to protect yourself from these advanced phishing attacks:

• Look for signs: Look out for unfamiliar greetings or tones, unsolicited messages, grammar and spelling errors, a sense of urgency, unbelievable offers, inconsistencies in email addresses, etc.
• Never respond: When in doubt, avoid responding. Replying to a suspicious message in your inbox lets the scammer know they’re dealing with an active email address.
• Report suspicious messages: Report suspicious messages to your email service provider or workplace tech support.
• Secure your computer with anti-virus software: This can help you proactively identify phishing attacks and provide mitigation techniques for successful attacks.

What To Do

If something feels out of place, contact your credit card company and The Canadian Anti-Fraud Centre immediately. You can provide them with the following information:

• What happened and when you first got suspicious
• The name, designation, and contact information of the person who contacted you

Put out a fraud alert

The fact that the scammer had enough information to contact you and put together a halfway decent script is concerning. It would be best to ask Equifax (toll-free 1-800-465-7166) and TransUnion (toll-free 1-877-525-3823) to place a fraud alert on your credit report. Better yet, ask for a copy from each credit bureau so you can review it for any issues. The $5 processing fee is well worth your peace of mind. 

Contact the local police

Chances are that your stolen credit card won’t be a top priority for the police, but making a statement is still required – and essential! It officially documents potential identity theft, which you can use if the thief does more than use it to make a bunch of purchases. It also provides the police with information to help them identify scam trends and protect the public.

Contact the Anti-Fraud Centre

The Canadian Anti-fraud Centre is the central repository for information about fraud, managed by the Royal Canadian Mounted Police (RCMP) and the Competition Bureau Canada. You can contact them at 1-888-495-850.

Legal Implications for Credit Card Phishing Victims

In Canada, credit card phishing victims are generally protected from financial liability for unauthorized transactions on their cards thanks to a combination of laws and regulations:

• The Cost of Borrowing Regulations: Under the Bank Act, this regulation limits a consumer’s liability for unauthorized credit card use issued by a federally regulated financial institution to a maximum of $50. 
• Zero liability policies: Major credit card companies like Visa, Mastercard, and American Express offer zero liability policies. That means they won’t hold you responsible for unauthorized charges if you report them promptly. These policies provide a layer of protection beyond the legal limit. 

However, this doesn’t mean there are no legal implications for victims. Victims must report any unauthorized activity to their card issuer as soon as possible to benefit from the abovementioned protections. Failure to do so might result in the bank holding you responsible for some charges.

Credit card phishing often involves attempts to steal personal information beyond just the card details. If your identity is stolen, you might face legal issues like:

• Difficulty accessing credit or loans
• Dealing with fraudulent accounts opened in your name
• Potential involvement in legal proceedings related to the fraudulent activity

Suppose you’ve been a victim of credit card phishing. In that case, you should contact your financial institution and seek legal advice to understand your situation and take appropriate action.

Legal Consequences When Charged With Credit Card Phishing

Credit card phishing is considered fraud under Section 342 of the Criminal Code of Canada. While victims are not held liable, the perpetrators of these crimes can face significant penalties:

• Under $5,000: Maximum two years imprisonment or $5,000 fine (summary conviction) or up to 10 years (hybrid offence) 
• Over $5,000: Maximum 14 years imprisonment (straight indictable offence) 

Protect Yourself From Credit Card Phishing Scams

Credit card phishing scams are a common tactic cybercriminals use to steal your personal information and financial data. This article gives you everything you need to know to protect yourself.

However, if you’ve fallen victim to a credit card phishing scam and are facing legal issues, Diamond and Diamond Lawyers is here to help. Our experienced team of defence lawyers understands the complexities of cybercrime and identity theft. We can guide you through any legal process. 

Call us at 1-800-567-HURT or visit our website to learn more.

Don’t wait until it’s too late. Contact Diamond and Diamond Law today for a free consultation and take control of your financial security.

FAQs on Credit Card Phishing

What should I do if I’ve already given out my information?

Don’t panic. Your best bet is to do some damage control. Start with the following:

• Report the incident to your credit card company at once.
• Change your passwords for all online accounts.
• Monitor your credit card statements for any unauthorized activity.
• Put a fraud alert on your credit report.

What are the tactics used by credit card phishers in Canada?

Phishers often try to exploit current events or cultural references relevant to their target audience. They might use themes related to recent tax deadlines, popular Canadian retailers, or government benefit programs to appear more convincing.

Do seniors face a higher risk of credit card phishing scams?

Unfortunately, yes. Seniors are often targeted due to the misconception that they are less tech-savvy. Families and communities must educate seniors about online safety practices and encourage them to be cautious with unsolicited emails, calls, and messages.