Scammers are using the switch to chip and PIN cards as bait.

The US is making the shift to a new credit card system that stands to replace the magnetic stripe. Called “chip and PIN” or EMV cards, the actual card itself contains a tiny microchip to store your information and transactions, rather than the old-fashioned and more vulnerable magnetic stripe. While this card system has been in place in Europe for years, its arrival in the US is only just starting.And that’s what scammers have been waiting for.

While retail stores had until October 1 to upgrade their point-of-sale systems to accept chip cards—these cards feed into the POS machine while the chip is being read, instead of swiping through the system like the older cards—credit card companies are able to take more time to exchange all of their customers’ cards for the new system. That means there are a lot of consumers waiting by the mailbox for their new cards to arrive.

The first danger is obviously that scammers know there’s a massive rollout of new credit cards hitting the streets. As postal fraud and theft are still lucrative crimes, the chances of having your mail stolen could go up. But that kind of crime is small potatoes, especially since the thief has to work in his immediate area and take a gamble on being apprehended.

The more serious threat is in phishing emails from scammers around the world. A phishing email is one that gets sent out to millions of people in the hope that a few individuals take the bait. In a case like this, the email would claim to be from your credit card company, offering you your new card. The only catch is the “company” needs you to update all of your account information, meaning everything the scammer needs to steal your identity.

Here is an important takeaway from this scam, and the good news is it’s universal: no legitimate company will ever email you and ask you to re-enter sensitive information. Also, any company that emails you and tells you to click the included link is not to be trusted. Emails that include an unsolicited attachment or link are the hallmark of computer viruses, and you should never, ever click the link or attachment icon unless it’s something you’re expecting. On the off chance that the email is legitimate, you can call the company directly using a known phone number in order to verify the message.