The MapleMoney Show » How to Spend Money Wisely » Credit Cards

How to Avoid Credit Card Scams and Other Fraud, with Kari Norman

Presented by Wealthsimple

Welcome to The MapleMoney Show, the podcast that helps Canadians improve their finances to create lasting financial freedom. I’m your host, Tom Drake, the founder of MapleMoney, where I’ve been writing about all things related to personal finance since 2009.

Have you been the victim of credit card fraud? If so, you’ve felt the anger and embarrassment that comes with it. This week, I spoke with someone who knows firsthand how it feels to be a victim of fraud. She also knows what to do about it.

Kari Norman is the author and creator behind the personal finance blog, Money In Your Tea. She has a background in Economics and is now self-employed, providing association management and bookkeeping services. Kari joins me on the show to tell her story, and to share some advice on how to avoid fraud.

As Kari explains, if you become a victim of credit card fraud, it’s normal to feel angry or embarrassed. It’s important to know that you’re not alone. So far in 2021, over 36,000 Canadians have fallen victim to fraud. Your immediate course of action should be to notify your bank or credit card company right away. They will guide you from there.

Near the end of our conversation, Kari leaves us with some tips on spotting fraudulent texts or emails. Just because it looks legit doesn’t mean that it is. Fraud has become highly sophisticated, and fraudsters are very good at making a scam email look like the real thing.

One rule of thumb is to never click on links in a suspicious email or text. A legit company will never require you to provide them with personal information, including account numbers, over a text or email, or even over the phone. If you’re suspicious, reach out to the company directly without using the contact information included in the suspicious communication.

Do you prefer to invest in socially responsible companies? If so, our sponsor Wealthsimple will help you build a portfolio that focuses on low carbon, cleantech, human rights, and the environment. To get started with Socially Responsible Investing, head over to Wealthsimple today!

Episode Summary

  • Kari explains how she became the victim of a Visa card scam
  • Canadians have lost over $140M to fraud so far in 2021
  • Fraudsters are playing a numbers game
  • Why it’s important to monitor your credit score and report
  • What to do if you’ve been a victim of credit card fraud
  • What to watch for before clicking on email links
  • Where to report fraud

Read transcript

Have you been the victim of credit card fraud? If so, you felt the anger and even embarrassment that can come with it. This week, I spoke with someone who knows firsthand how it feels to be a victim of fraud. Kari Norman is the author and creator behind the personal finance blog, Money in Your Tea. She has a background in economics and is now self-employed, providing association management and bookkeeping services. Kari joins me on the show to tell her story and to share some tips on how you can avoid becoming a victim of fraud and what to do if it happens to you. 


Welcome to the Maple Money Show, the podcast that helps Canadians improve their personal finances to create lasting financial freedom. Do you prefer to invest in socially responsible companies? If so, our sponsor, Wealthsimple, will help you build a portfolio that focuses on low carbon, cleantech, human rights, and the environment. To get started with socially responsible investing head over to today. Now, let’s chat with Kari… 


Tom: Hi, Kari. Welcome to the Maple Money Show. 


Kari: Thanks, Tom. It’s good to be here. 


Tom: I wanted to have you on because you wrote about something I thought was interesting. You had a bit of an issue with a credit card scam. I’m sure everybody knows these things exist. You see them in news or you get the CRA ones around tax time. People always hear about them but I don’t know how many people have dealt with them as deeply as you had to. Just to start off, can you kind of explain what happened to you? 


Kari: Yes. It was about 6:00 a.m. I was fast asleep, of course, and the phone rings. I don’t know about you, but when I get a phone call in the middle of the night and I’m fast asleep, my mind immediately goes to thinking something’s happened to somebody. It’s an emergency. So I answered the phone and I’m kind of in that particular headspace when I hear this recorded message about charges to my Visa card. And they weren’t small. It was something like $280. It was enough that I was concerned about it. And it said, press one to accept these charges or press two to cancel these charges. So naturally, I pressed two because I hadn’t made these charges. Then it would forward you to a person. But to be honest, it was 6:00 a.m. and I was exhausted. I figured I had already said I didn’t make the calls so I’m going to just hang up and call them back later in the day when I was more awake. So that was the end of that. My husband and I use MasterCard and Amex for personal cards, but I have two Visa cards for companies that I work with so I called the number on the back of one, and they listed off the four or five most recent charges and it wasn’t anything suspicious. Those were legitimate charges so I knew that card was fine. And I called the other card and she said they were getting a lot of people reporting early morning phone calls about fraudulent charges, and it’s a scam. That was when I really clued in that this was a scam. It wasn’t until that point—well into the day, that it even crossed my mind that this was not a legitimate thing. 


Tom: Yeah, that’s interesting. Is it always an early morning thing as far as you know? Is this part of the tactic? Or maybe it’s 24 hours a day and you just happened to get it in the morning? 


Kari: Yeah, I think they generally try for early morning, but I don’t think it’s 100 percent. 


Tom: I get so many phone calls, I’ve actually just stopped answering them. I think you can do this on your phone where you can set it up that if someone’s not on your contact list, the call doesn’t even come through. I might get to that point. We’ll see. But I get all these phone calls and now even text messages that are similar kinds of things. It’s some kind of alert about an expense or something like that. They really seem to prey on your emotions a bit by putting some urgency to it. 


Kari: Yeah. There’s a number of reasons why this works. First of all, if they do catch you early in the morning (which I think they try to do) you’re groggy. You’re half asleep, not really critically thinking at that point and they’re counting on that. You’re more likely to fall for a scam without that critical thinking piece. Then, when there is actually a true fraudulent charge on your card, they do call you. That’s a thing that actually happens. So, it sounded very professional. It sounded just like when you call the bank and get into their robot system. It was perfect grammar. It just sounded professional. I think they also pick amounts that are enough to be concerned about. If they said there’s a $10 fraudulent charge, you’re probably not going to get out of bed for that. But when it’s up into the mid-hundreds or even into the thousands of dollars, that’s alarming, so you want to address that. But if you do press number two to say you did not make the charges, you get transferred to a person who is going to start asking you questions. They’ll ask you what bank you’re associated with. So you say TD or RBC or wherever. And then they read off the first four digits of the card. But every TD Visa is 4520. That’s how credit cards work. The first four digits determine which bank it is and whether it’s Visa, MasterCard, or Amex. That’s not specific to you, but it sounds like it is for anybody who doesn’t know how credit cards are numbered. Then they’re going to ask you for the rest of your information. What’s the expiry date? Yes, that’s what we have on file. What’s the code on the back of the card? Yes, that’s what we have on file. Of course, they didn’t have that, but you’ve just given it to them. 


Tom: Oh, wow! Yeah, I can see the risk there because at that point someone would have given everything that they needed to put an order through online or by phone or whatever. Anyone that’s ever placed a virtual order online, if you give all that information, then obviously that’s enough that anybody could use it. One thing I was thinking when you said that they give you the first four digits is, a lot of times statements you get in the mail might say the last four digits of your credit card. I think I have that right. Maybe, it’s that they avoid the last four, but I think sometimes they show the last four. While that is quite unique, I’m thinking that it’s probably still worth watching out for. If someone intercepted your mail or email, it’s not quite as much of a cold call as you got but who knows what level of sophistication might be out there where someone could somehow get your whole number. 


Kari: Yeah, if it’s truly the bank, whether it’s Visa, MasterCard, or Amex, whatever card you have, they know your name. They know the credit card number because they gave it to you. They know the expiry date. They know the code on the back. They already know all that information, so they won’t ask you for that. They don’t know the PIN that you have when you’re at the machine, but they don’t need to know that for any reason. They don’t know your password for online banking because they don’t need to know that either. So they’ll never ask you for those. If anybody’s asking for those kinds of secret codes that you have in your head, that’s also a clue that it’s not legitimate. 


Tom: That’s a good point. I didn’t think about PIN numbers and such. I remember (more in the past than nowadays) a time when there were card scanners at gas stations and such that would basically take all your credit card information and PIN numbers and everything. They would capture everything. I don’t know if those are as common because hardly anybody swipes a card anymore, but it’s definitely another form of getting your information so you do have to look out for it. 


Kari: Yeah, I think the chip cards are more secure that way. 


Tom: Yeah, exactly. So what happens next with anyone that falls into this? Obviously, when they give their credit card information is too much, but I’ve even heard that just something like saying “yes” to a question might get recorded and used for certain things where you’re basically giving some kind of information. You mentioned pressing numbers “one” and “two” which is confirming you’re actually on the phone and stuff. But there is also the possibility that they’re recording your voice to do things with as well. There’s a lot here to watch out for. If someone’s had one of these calls but haven’t gone all the way and given every little bit of credit card information, should they do anything at that point? I’ve heard about reporting fraud. Is it really fraud if it doesn’t go all the way through? Where’s the line, I guess? 


Kari: Well, Canada does have an anti-fraud center. They have a website. So far, up to the end of August 2021, there were over 51,000 reports of attempted fraud and 36,000 Canadian victims of fraud so far this year, in the first eight months. It seems like people are reporting fraud they did not fall for so you can report it to them, for sure. 


Tom: This fraud adds up into the millions within Canada, right? 


Kari: Yeah, there are 36,000 people in Canada who have experienced fraud up until the end of August this year. They’ve lost over $144 million. It’s a massive industry. 


Tom: Being that early in the year, like there could be more than $200 million by the end of the year. That’s a lot of people falling for this. I don’t mean to be mean by saying falling for it. But you’re falling into the scam. Is it basically a numbers game? Because I’ve got to assume more people than not are just hanging up. Or, like me, never answering in the first place. Do they just try everybody and wait for those maybe single-digit percent’s that actually work? 


Kari: I assume that must be how it works, yeah. 


Tom: One of the things I like is that you can take preventative measures. Maybe not preventative, but you can at least take measures to avoid or at least look for some of these. One of the things I do is monitor my credit. I’m a bit of a credit score junkie. I probably get a little obsessive about it. But within that, you can also actually monitor your accounts to see if a new account showed up on your credit report or if some odd expense shows up. Obviously, you can see expenses on your statements as well. Do recommend this—both monitoring your credit but also monitoring your own accounts as well? 


Kari: Yeah, I’m looking into my online banking on a regular basis. If I see something that’s suspicious, then I definitely follow through on that. And it has happened. A couple of years ago, we had charges for gas from another country. I was sitting here in Toronto, so I knew I wasn’t purchasing gas in another country. Those kinds of things happen but if you report them right away, Visa, MasterCard or Amex will remove them from your charges. You don’t have to pay for them. You’re not liable for charges you don’t make. And like you, I do track my credit score online as well. 


Tom: I’m not sure what you use, but personally, I recommend to people listening,  Borrowell and Credit Karma. Now, with those, they are free, but it’s worth knowing that you’re going to be marketed to a bit as well when you’re paying for the product. But I do think they’re great options—to get those two different credit bureau reports without paying anything. And also, it’s continual. Whereas, if you pay for a regular credit report that’s not continued on a subscription basis, you’re just getting it that one time and you don’t get to check whenever you feel like it. 


Kari: Yes, and if you have been the victim of fraud, there’s so much emotion once you realize that you were a victim. You’re angry that you fell for this and that somebody would do this to you. And maybe you’re a bit embarrassed, but it’s really important to look past that and realize that you’re not alone. It’s happened to 36,000 people so far this year and 42,000 people last year. It’s going up all the time. You’re not alone. But you need to contact the bank and your credit card company and have them flag your accounts to make sure that nothing else happens and they block anything suspicious. And then sign up for credit score tracking. Give them the heads up too, that you’ve been the victim of fraud so they can watch out for it on your behalf. 


Tom: I know with credit cards, some of that liability is on the credit card company. You’re not necessarily on the hook for it. Is there a line there where you have a certain responsibility to contact them? Or if it’s months later that you notice it, is the credit company still going to clear it? Do you know where that falls out—who is actually responsible for the fraud? 


Kari: I think you have about three months to report something. But it’s better just to be monitoring your expenses every month, at least anyways, so you know if you’re sticking within your budget and all those other good things. 


Tom: There is something you mentioned earlier about the grammar that was proper. I’ve had those calls before when I used to answer my phone where they claim it’s a support thing and they ask you to open up Windows, go to this site, click on this thing, that thing. Those ones are just so bad! They’re so obviously not Microsoft. But this one was a little more legitimate—the call you had. With a call like that, other than the fact that once they get to the point that they’re asking for your information, for sure, that should be a red flag. But how does someone know the difference? In my case, what I’ve seen wasn’t a phone call. I’ve had some emails that weren’t concerning an expense or anything. But it was a legitimate email. I didn’t trust it at first, because how do you know to trust anything when they’re initiating contact? It just seemed off to me. But when I looked into it, it was actually a legitimate email. 


Kari: Yeah, sometimes they have the company logo. They have a footer that looks legitimate. It looks very real but it’s not. One good way I found for checking for emails is to just look at the “from” portion of the email. Often it’ll be from some random overseas email address after the @ sign. That’s your clue there. But if it’s from PayPal, it’ll be @PayPal—that kind of thing. That’s a good way of checking. And don’t click on those links. 


Tom: And that’s a great point, too, not clicking on links. Another thing people can look for is… let’s use PayPal as an example. It might say but if you hover over that (if you’re on a computer) in most browsers, the actual address will show up in the bottom, left. You can see what the real link is even though there’s one displaying right in front of you. When we say look for the right domain address, it’s more than just looking at what’s there in the text. It’s really what that link is when you click on it. 


Kari: Yes. And if it is from a legitimate-looking company like PayPal or your bank or whatever, and you’re not quite sure, just log into the platform in the usual way (in your browser). You don’t have to click on that link to get to your account. 


Tom: Yes, without a legitimate email—I wish I could remember what it was exactly but it said something like, “Click this and go see…” Maybe it was a link to their secure messages. It might have been something like that. But it sure raised a lot of red flags for me. I wasn’t sure about an email saying, “Just click this…” because I assume when I click it, it’s going to ask me to log in and things like that. So yeah, it’s very concerning.  


Kari: And it’s better to be overly skeptical than the other way around. 


Tom: Yeah, and I’m very skeptical. One thing I do—and I just thought of this as additional protection is, just out of my own desire to have complicated passwords that even I don’t know, I use LastPass, which is just a password manager. One of the extra security to that is if I were to click a link to a bank and end up on that site if it’s not the actual domain, LastPass isn’t going to recognize it and give me that login. So there’s a bit of extra “accidental” security because it’s not going to line up and give you that login. 


Kari: That’s right. That’s a great point. 


Tom: If someone goes even further and gives all their information, and maybe there’s already been a charge because I assume that happens pretty quick, what can they do next? Do they contact the bank? 


Kari: Yeah, contact your bank or your credit card company right away. If you have any evidence like text, take screenshots. If it’s an email, then save those. If it was one of those scams where they got control of your computer, take screenshots of that. Get as much evidence as you can. Gather any receipts, documents, bank statements or whatever is relevant for this situation. 


Tom: With any kind of fraud like this, is it considered the same as identity theft? Is that the same thing, or is that more someone actually opening up a new account? I guess what I’m asking is, what’s the terminology? Is that a whole other thing where new accounts are getting opened up? 


Kari: Yeah, I think that’s another type of financial fraud. I mean, I hate to say they’ve “only got your credit card number and charged you” because that’s only one level of difficulty to deal with. If they’ve also got your identity and started opening up other credit cards, lines of credit, loans, or even a mortgage under your name at another financial institution, that can impact your credit score pretty quickly. Again, make sure that you’re monitoring that. 


Tom: That’s what I was thinking was. Then you’ve got something much more complicated to unravel where maybe your whole credit history is starting to look like a mess. But with credit cards, it is pretty simple, right? I actually had a fraudulent charge on one of my credit cards. It was while I was travelling so maybe it was one of those old “swipe” things or something like that. I don’t remember where I was travelling, but they froze my card so I couldn’t use it, which was annoying while I was travelling. I called them right away and they said, they had a couple of expenses they were concerned about. And as they walked me through them, I was said, “No, that one’s good. And that one’s good.” But one, which was a random, little amount was in Boston. And I was not in Boston. I told them, “I might be travelling, but I’ve never been there,” so they ended up reversing that one. It was no hassle on my end other than travelling without a credit card. But they reversed that one and sent me a new card. Is that pretty common? That it’s just to call them and they take it from there?


Kari: Yes, I think once you’ve notified them, they’ll address it and try and follow up. At that point, the credit card company is on the hook for the money so they want to recover it from whoever stole it. I’m sure they follow it. We had another situation many years ago where MasterCard was sending my husband a new card in the mail, as they do from time to time, but it was intercepted along the way. And whoever got it started charging a bunch of things on it. The bank figured that out and froze the card, which is great, except we were in the middle of a home renovation and had a lot of things we needed to put on that credit card. 


Tom: Yeah, that’s how it felt for me, too. Especially when you’re travelling or renovations like that. It’s definitely handy to have more than one card in that kind of situation. I’ve said before on the podcast, I’m a big fan of credit cards to use as a tool, responsibly. Pay them off and all that. But I think this is another great example of the benefits of a credit card over a bank card where you can be on the hook, upfront. You take the responsibility until you can show otherwise. But a credit card is kind of the other way around, where the credit card company takes the responsibility. If you’re travelling, I think a credit card is the best way to go when travelling. Or when you’re doing those big renovations and want to get some points as well. I think this is another one in the “win” column for credit cards. It really can be a 30-second call to get this fixed up. 


Kari: That’s right. Yeah. Well, maybe not 30 seconds. 


Tom: Thirty seconds after 30 minutes of being on hold. Is there anything else you wanted to cover here? Anything we missed that the people need to know about this? 


Kari: I guess, once you’ve got it all sorted out with the bank, you’ve followed up, you’re tracking your credit score, don’t be hesitant to report that to Canada’s anti-fraud center. And if you feel that it warrants it, you can also report it to the police. Obviously, don’t use 9-1-1 because it’s not that kind of an emergency. But you can just look for the number for your local police station and see where they want to take it from there. And if it’s something like your wallet has been stolen where you’ve lost all of your ID as well, then you’re going to want to follow up with either the federal government or the provincial government, depending on what ID was stolen. 


Tom: With this fraud center, do you think it is beneficial if you didn’t actually become a victim—like in your situation? Is there a benefit to reporting that? It may not help you, or maybe it should something more happen than you realized. Do they want to see that? Do they want to hear from every single person that gets a phone call? Do you have any idea about that? 


Kari: Yeah, that’s a good question. I haven’t spoken to them myself so I don’t know what their goals are. But I’m sure they’d like to hear about them, particularly new scams, so it’s on their radar as well. That way, they can help raise awareness. 


Tom: Well, that’s what I was thinking. All these obvious calls that I’ve had in the past, I’ve never thought about reporting it, but maybe that might help if they can shut down a phone number or shut down the people doing it, whatever the case is. One other thing I wanted to ask was, speaking of phone numbers, what do they look like? Is this a big, long international number? The ones I’ve seen have been local. Is that common? Is there any “tell” there or is it all pretty sneaky looking? 


Kari: You know, I didn’t even really look at the phone number it was coming from it. It wasn’t a call display that showed a family member or something like that. It was just a random number from what I recall. 


Tom: So maybe there’s not anything super obvious, but the one for me looked local. It didn’t have a name, but it wasn’t 20 digits long or anything like that where you’d obviously know that’s not a legit number. Well, thanks for running us through this. I think it’s something people need to be more aware of. They should sign up for that credit monitoring. They should just have that bit of skepticism in these phone calls, emails, texts. And like you said, don’t go clicking things. Don’t go answering things. It’s better to contact your bank or credit card provider after the fact. Can you let people know where they can find you online? 


Kari: Sure. I have a website called, Money In Your Tea, and it’s at I’m also on Twitter more often, but also Instagram and Facebook too. 


Tom: Great. Thanks for being on the show. 


Kari: Thanks for inviting me. 

Tom: Thank you, Kari, for sharing your story, along with some helpful tips on dealing with credit card fraud. You can find the show notes for this episode at If you have a moment, head over to our YouTube channel, and subscribe there. We’ll be getting back to releasing never before seen content, soon. You can search for Maple Money or go to and subscribe today. I look forward to seeing back here next week when Mel Dorion joins us to explain why she’s adjusting her timeline to financial independence. See you next week!

Thirty-six thousand people in Canada have experienced fraud, up until the end of August this year, and have lost over $144 million dollars. (Fraud) is a massive industry. - Kari Norman Click to Tweet