Go Phish! Week #19

Your weekly dose of scam-proofing in 3 minutes or less, no fluff, just the latest hacks, scams, phishing attacks, and cyber cons you actually need to know about.

🚨SCAM OF THE WEEK:  Credit Card Scams

When your card gets rinsed faster than your dignity on a night out.

What is it?

Scammers steal your credit card details and use them to make unauthorised purchases, drain your account, or even create cloned cards. They don’t need your card, just the numbers. And with online shopping, that’s all they need.

Some of the most common methods:

• Fake payment pages

• Phishing emails or texts

• Skimming devices at ATMs

• Info-stealing malware

• Compromised e-commerce sites

🧠 How It Works

• You get tricked into entering your card info into a fake website.

  
  

• Or you tap your card at a tampered ATM with a skimmer installed.

  
  

• Or your details are stolen in a data breach and sold online.

  
  

• A few days later, your statement shows purchases you definitely didn’t make.

  
  

• The scammer ghosts. Your money’s gone. And the bank might not always reimburse you.

💥 Why It Works

Because card details are easy to steal and hard to trace.

Scammers don’t even need to go full Ocean’s Eleven. Just a decent fake website, a convincing phishing SMS, or a skimmer hidden in plain sight at a petrol station.

And because most people don’t check their statements closely, scammers can get away with multiple small transactions before anyone notices.

🙈 Real-world facepalms

• A UK charity worker lost £2,000 after entering their card details on a clone of a real airline site. The scam site looked identical - until the flights never showed up.

  
  

• Over 1.3 million card numbers were stolen in the 2022 Wawa data breach, and sold on the dark web for less than the cost of a sandwich.

  
  

• In South Africa, several petrol stations were caught with compromised card machines that skimmed customers’ details. The victims? Dozens of locals who had no idea until their bank flagged suspicious transactions in Eastern Europe.

⚠️ Red Flags for Customers to Watch Out For

• Websites that look slightly “off” (check the URL carefully).

  
  

• Payment requests via dodgy links or QR codes.

  
  

• Unexpected emails/SMSes asking you to “confirm” a purchase.

  
  

• ATMs or card machines that feel loose, bulky, or tampered with.

  
  

• Your card is suddenly declined despite funds being available.

🛡️ How Not to Get Played

• Don’t save your card details to browsers or websites unless it’s 100% trusted.

  
  

• Use a virtual card number (many banks offer this now).

  
  

• Always double-check URLs before entering payment info.

  
  

• Cover the keypad when entering your PIN, even at familiar places.

  
  

• Set up alerts for every card transaction, know instantly when your money moves.

  
  

• If something looks or feels off, don’t swipe, don’t tap, don’t enter.

🔥 ONE-LINER HOT TAKE

If you wouldn’t hand your credit card to a stranger in a parking lot, stop doing it online.

That’s it for this week.

If your card starts buying crypto, gym supplements, and a scooter in Belarus, you’ve probably been hit.

Stay sharp, stay suspicious.

Catch you next time,
Dan & the Goldphish Team

📌 P.S. Know someone who saves their card details to every online shop “for convenience”? Forward this before their bank account funds someone else’s holiday.