New Phishing Scam Targets EMV Chip-Enabled Card Users

Banks and credit card providers are constantly looking for ways to improve security and prevent fraudulent transactions from taking place on your accounts. So, it should come as no surprise that the tactics used to bypass these measures are undergoing similar advancements. Such is the case with the EMV chip card, credit card companies' latest effort to thwart unauthorized access to your credit and debit card accounts.

What Is EMV?

EMV stands for Europay, MasterCard, and Visa, the three companies that originally pioneered chip-enabled cards. The EMV standard is considered better than traditional magnetic strip cards because unlike magnetic strips, which contain static information that can easily be traced and copied by scammers, EMV chips contain dynamic information that is different for each transaction. Essentially, the chip prevents scammers from using your information from a point of sale, because once the transaction is complete, the information from the card is already considered obsolete.

However, this does not mean that EMV cards are completely foolproof, as scammers have found a new way to work around the added level of security. In order to do so, thieves aren't using new technology, but rather old, tried-and-true phishing techniques that have been working for decades.

What Is the Scam?

The scam is fairly straightforward: phishers will send you an email claiming to be from your bank or credit card provider. They'll use official looking brand images and language to create a very convincing message that you need to update your personal and banking information before receiving a "new card." Once you click on the link provided, or reply with sensitive information of any kind, it's business as usual for the scammers, and fraudulent transactions are sure to follow.

This type of scam is not new; in fact, it was only a few years ago when Bank of America customers began receiving similar phishing emails like the one below:

Dear Valued Member,

We noticed invalid login attempts into your account online from an unknown IP address . Due to this, we have temporarily suspended your account. We need you to update your account information for your online banking to be re-activated please updated your billing information today by clicking here [link is provided] After a few clicks, just verify the information you entered is correct.

Sincerely,

BOA Member Services Team

P.S. The link in this message will be expire within 24 Hours. You have to update your payment information

How Can I Protect Myself?

Of course, you should know by now to never open an email from an unknown sender, least of all click on links sent in an unsolicited email. If you do receive any correspondence from someone claiming to be your bank, you can always call the number on the back of your card, or visit your local branch in-person to verify the claims made by the email. Remember, scam artists looking to get passed the EMV standard are relying on human error for their success. Do NOT disclose any information over the Internet, unless you're using a legitimate and secured site.