If there’s one type of identity theft that consumers are particularly susceptible to it’s phishing scams. The scams are used to collect your personal information such as your credit card information — no hacker required. In fact, you give your information to the scammer! Let’s explore how you can identify phishing emails to better protect your credit card information from unauthorised use.

What are phishing scams?

Phishing scams often come to you through email messages, but you can also be hit on social networks, forums, or anywhere you can be sent messages. Here’s how the scam works:

The scammer will send you an email or other message. They’ll make it appear to come from a legitimate company or bank. The idea is to get you to click on a link in that message.

When you do click on the link, it will direct you to a Web page that also looks legitimate (for example, it might be a clone of a bank’s actual website, so the logo and other branding looks familiar to you). People who don’t look more closely then use a login form (giving their username and password for the bank’s actual account), their credit card information (thinking they’re making a purchase or payment), or some other personal information the scammer wants.

If you click on a link in a phishing email and enter your credit card information, you’re essentially handing your credit card number, expiration date, and name to the scammer personally (all they need to use it for online or over-the-phone fraudulent purchases).

The scams don’t catch everyone, but you’ll be more susceptible if you receive a phishing email that appears to be from a bank you actually have a credit card with. For example, if you have an ANZ Gold Visa credit card (and that’s your only credit card), you probably wouldn’t click a link to try to access your ANZ account if the phishing email appeared to be from HSBC instead. If the email were made to look like it was coming from ANZ though, you might not think twice about entering your credit card information.

How can you identify phishing emails?

At first glance, it isn’t always easy to identify phishing emails. After all they’re designed to look like they’re coming from a legitimate source. However, here are a few things you should look at or do if you get any email asking you to input your credit card information:

1. Look at the return email address. While they can be masked, you may notice something obviously suspicious. For example, your actual credit card company isn’t going to email you from a Gmail or Yahoo email account — they’ll have accounts on their own domain name.

2. Put your mouse pointer on the link, but don’t click it. Most Web browsers and email programs have a status bar at the bottom. When you mouseover a link, the full Web address will be displayed there. Make sure the domain name actually points to your credit card company’s website (and not just something that includes their name or looks similar).

3. If you’re still not sure about a link, go to your Web browser and manually visit your credit card company’s website (by typing in the real domain name from a credit card statement — not the address from the email). Login from there to see if there are really any messages for you about your account (many phishing emails make it appear that there’s urgent information or a problem with your account).

4. If you don’t see anything wrong with your account, but you’re still curious, call your bank and ask them about the message directly.

5. Forward any suspicious emails to a contact address for your credit card company. They often have a fraud department where staff can research the phishing attempt further than you can, and try to stop future phishing attempts (which helps to protect other customers).

These days you can’t just sit back and expect that your credit card information will be kept safe and secure. You have to be proactive about preventing identity theft, especially when the thieves enter your home right through your email account. Unless you’re 100% certain that an email came from your bank, don’t click any links and don’t enter your credit card information. That goes doubly for messages in other mediums like social networks, where you can’t verify that an email address is really from your bank’s own domain. Hackers aren’t who people should worry about most online when it comes to protecting their credit card information. They’re far more likely to hand that information over to scammers themselves. Don’t be one of them.