Companies use test transactions to check that everything is in working order, but cybercriminals are making fake ones to steal credit card information. Fortunately, it’s very easy to catch a scammer trying to trick you, as you’ll see in this failed scam I received.
What Are Test Transactions?
Before I continue, I want to clarify something. Test transactions are real transactions where a company performs a test transition to ensure your card works properly. For example, if you’ve added a credit card to your Google account, you’ll likely see a $1 charge from Google on your statement.
When this happens, the company isn’t actually taking $1 from you. It’s only asking your bank if it could take $1. If the bank gives the go-ahead, it tells the company that your card details are correct. The company then doesn’t follow through with the $1 transaction, causing it to time out and signaling your bank to return your dollar.
As such, not all test transactions are fraudulent; they can be used legitimately. However, scammers can pretend to perform one to trick you into handing over your details.
How Scammers Use Fake Test Transactions to Steal Your Credit Card Details
So, how are scammers tricking people into making fake checks? Well, let’s look at when someone tried this scam on me. Because I live in the UK, the scammer impersonated a government website, claiming that I could claim money for winter fuel, a big political talking point for Britons at the time of writing.
I’ve added screenshots detailing the attack above, so be sure to review them to cross-reference what I’m saying with the example.
The attack began as a text message claiming I was eligible for extra money to pay for winter fuel, but only if I acted fast. When I clicked on the link, it took me to a fake website designed to look like a UK governmental site. It reassured me that I could claim £200-300; if I didn’t fill out the form, I’d forfeit it to someone else.
I continued the process until the fake website asked me for my credit card details to perform a test payment. I entered fake details to see what would happen if someone fell for the scam.
Once I clicked the submit button, the website instantly declined my fake card. In reality, the website had shipped off the details I entered to the scammer; if I had entered my real card details, they would have everything they needed to start using it. In a particularly sinister move, the website suggested I “try another card.” This is a ploy to get people to enter as many card details as they can get away with.
How to Stay Safe From Fake Test Transactions
Now that we’ve seen a fake test transaction in the wild, let’s surgically pick through this scam and analyze the red flags you should look out for.
The Text Message Was Immediately Flagged as Spam
The first warning is in plain view in the first screenshot. Google correctly marked the text message as a scam and asked me to exercise caution when clicking on any links. If you see a text message marked as a scam like this, treat everything with a hefty pinch of salt.
Be Careful About Messages Designed to Evoke Fear or Panic
Note the scammer’s language in the first and third images. The first one says that my application window would close on November 12th; given that I received this text on November 11th, the scammer was trying to get me to panic and click the link without thinking.
Again, the third image shows the scammer playing off the fear of missing out, claiming that I had to apply for the winter fuel payment orit’d be given to someone else. If a suspicious website, message, or call begins playing heavily into your sense of fear or panic, be careful and keep a level head. It may be a scammer trying to use your emotions as leverage.
Check the Website’s URL
Take a look at the website’s URL in the second image. Does that look like an official governmental URL to you? Some scams will try to dress up their fake URL to make it sound more believable, so it’s always worth cross-referencing it with the real deal to see if you’re speaking to a scammer.
This time, there was no need to double-check anything—the weird URL immediately stank of a scam. In fact, a weird URL is one of the best ways to identify a phishing scam.
Check for Weird Text and “Unprofessional” Design
Businesses put in time and effort to make their websites look professional and clean. Scammers don’t have the same luxury; they have to keep making fake websites as fast as they’re taken down by people reporting them. As such, you’ll often see weird mistakes on these scammer websites.
In the second screenshot, note the strange English in the passage: “You could get either £200 or £300 to help you pay your heating bills for winter 2024 to 2025.” In the fourth screenshot, the input form says that I’d get a refund within “5-7 working,” with the sentence cutting off abruptly. Keep an eye out for these weird errors when looking for a scam.
While test transactions are not a scam by themselves, scammers can use them to trick people. Now you know how to spot them in the wild and stay safe from people wanting your credit card information.