Skimming, Phishing, Smishing, Oh my!

Learn about these common scams and how you can better protect yourself from fraud.

How to identify the most common scams: skimming, phishing and smishing

Skimming is a scam that involves the use of a portable device that is temporarily attached to the original card scanner on any ATM or gas pump. As your card passes through the scanner, the information contained on the magnetic strip is captured by the skimming device.

  • Later, when the criminal retrieves the device, they have captured all the information needed to fraudulently steal money from your account.
  • They may even use secondary devices like cameras that record your keypad entries, or even high-tech overlays placed on the keypad to record your PIN number.

Phishing (email) and smishing (SMS text message) are methods criminals use to trick you into giving them personal financial information such as credit card numbers, bank account numbers, Social Security Numbers, passwords and other sensitive information. They use that information to steal your money or use your good name to open new loans or credit cards.

  • Criminals create messages to look like they are coming from your financial institution or another trusted company. Usually, they will tell you that your bank account, your credit card account or other electronic payment account needs to be “updated” or “validated.”
  • The message will say there are dire consequences if you don't take action, such as your account being frozen or closed.
  • The message typically provides a link or a phone number, and you are told to follow the link, or make the call, in order to update and validate your account to fix the problem.
  • By responding to these messages, you allow the criminals to steal your information because you are sent to a website or call center that is structured to seem legitimate. However, any information you enter into this website or give over the phone is captured directly by the thieves.

How to protect yourself from falling victim of fraud

  • Awareness and alertness are your best allies when it comes to fraudulent activity.
  • Inspect all self-service transaction card reading slots—are there seams or gaps in the surrounding plastic? Are any stickers partially covered? When grasped, does it move? If so…don’t use it.
  • Use ATMs and gas pumps that are highly visible to employees.
  • At the gas pump, choose the CREDIT option. That way, you don’t have to enter a PIN.
  • If you must use debit, shield the keyboard with your second hand while you enter your PIN number.
  • The U.S. Department of Justice suggests three simple steps to help you avoid becoming a phishing and smishing victim.
    • STOP. The message is designed to get an immediate reaction from you by making it seem like an emergency. Do not click any link or call any number included in the message.
    • LOOK. Think about the message. Does it make sense that your account would be closed if you don't respond immediately to a link in an unexpected message? A safer choice would be to log into your account normally or call the company; don't use the link or phone number inside the unexpected message. If there are no problems or alerts when you log in normally or call the company directly, you know the unexpected message is fraudulent.
    • CALL. Tell the company or financial institution that you received a suspicious message purportedly coming from them. The person at the company or financial institution will confirm there’s no problem, and they can warn others about these fraudulent activities.