There is a scam making the rounds right now that I think is worth talking about, because it is specifically designed to make you doubt yourself when you spot it.
Here is how it works. Someone makes a small, fraudulent charge on your credit card, maybe just a few dollars. But when you look at the charge, it shows the name and information of a real, legitimate business. So you think, “Well, maybe I did buy something there and forgot about it.” And that is exactly what they are counting on.
How the Scam Works
These scammers will use the name of a real business near you, or they will go so far as to register a small, similar-sounding business with an address nearby. They start with small test charges, a couple dollars here and a couple dollars there, to see if you notice. If you don’t, the charges get bigger.
And here is the really frustrating part. When you finally do notice and try to track down the business, you end up contacting the legitimate company. Of course, they have no idea what you are talking about, because the charges did not actually come from them. It is a fake name attached to a fraudulent operation.
If you have ever dealt with spam phone calls, this will sound familiar. Scammers “spoof” real phone numbers so that when you call back or try to block the number, you are just reaching some random innocent person or business. This is the credit card version of that same trick.
What You Should Do
If you spot a charge you do not recognize, here is what I would recommend:
Secure your account immediately. Contact your bank or credit card company and let them know about the suspicious charges. Lock your card if you can.
Report the charges to your bank. Do not worry about hurting the legitimate business whose name was used. The charges did not come from them. Your bank can investigate and track down the actual source of the fraud.
File a report with the police. This creates a record that helps law enforcement identify patterns and shut these operations down, especially if you report it quickly.
A Few More Things to Keep in Mind
The FCC and other federal agencies should really be building better systems to protect people from these kinds of scams and shut the fraudsters down. But until that happens, we have to look out for ourselves and each other.
Here are some good habits that can help:
Never trust anyone who calls you on the phone asking for verification codes. No legitimate business will do this. They may know a lot about you, your email, your name, your phone number, but this is easy to look up. Don’t fall for it.
If you get an email reporting a problem with your account and it includes a link, check where that link actually goes before you click it. If it does not take you directly to the official website of whoever supposedly sent the message, that is a big red flag.
Scammers are getting smarter and bolder, but you do not have to cooperate. If something feels off about a charge on your account, trust that feeling and report it. It is always better to be safe.
What This Means If You Run a Website
This is a good time to talk about why website security matters, especially if you are running an online store.
If you have a WooCommerce site, you are processing real transactions with real customer data. That means you need a secure website where you can clearly track every transaction that comes through. You should be able to see exactly what was purchased, when, and by whom. If something looks suspicious, you need to be able to identify it quickly and block bad actors from accessing your store.
A well-built WordPress site with proper security measures in place gives you that kind of visibility and control. Things like SSL certificates, two-factor authentication, regular updates, and proper user permissions are not just nice extras. They are essential. You want to make it as difficult as possible for someone to gain unauthorized access to your WooCommerce dashboard, your customer data, or your payment processing.
And here is something worth repeating, because the same tricks scammers use on your credit card, they use on website owners too. WordPress will never call you and ask for your website password or your two-factor authentication code. Your hosting company will not do that either. If someone contacts you claiming they need that information to “fix” or “verify” something on your site, that is a scam. Full stop.
Just like with the credit card scam we talked about above, the goal is to look legitimate enough that you let your guard down. Do not let them. If you get a call or email like that, hang up, close the email, and go directly to your hosting dashboard or WordPress admin on your own. Do not click their links. Do not give them your credentials.
Taking care of your website security is not so different from taking care of your personal finances. Stay alert, keep things locked down, and if something does not feel right, trust your instincts.
