If You Have Apple Pay, Google Pay, and Samsung Pay The Bad Guys Are Targeting You To Go On A Spending Spree

I use Apple Pay a lot either via my iPhone or my Apple Watch as I feel more secure about using it versus using my physical debit or credit card. But apparently this is a great way for scammers to go to town as Vice is reporting. And this doesn’t just cover Apple Pay, but Google Pay, and Samsung Pay as well:

Recently criminals have started using bots that automatically place phone calls to victims and trick people into handing over their multi-factor authentication codes. Now, various fraudsters selling access to these underground bots are highlighting a particular money making scheme: using the bots to link stolen credit cards to contactless payment systems like Apple, Samsung, and Google Pay and then buying items at the victim’s expense. 


The Telegram posts don’t explain explicitly why fraudsters may see Apple Pay as a preferred option when using multi-factor authentication bypass bots. But when a scammer adds a debit card to Apple Pay, perhaps using stolen card details they’ve purchased online, the scammer does not require the card’s PIN or the physical card itself to start spending the victim’s money. The contactless payment system, in a way, bypasses the need for the PIN or the physical card by creating another avenue to use the stolen card details. When using Apple Pay, a cashier does not see the name that would be present on the physical card and doesn’t ask for identification from the buyer.

Coincidentally, Kevin Costain got a call from someone at “Amazon” who wanted to get remote access to his phone. He decided to record it and Tweeted about it:

This makes we wonder if this is part of the same scam.

Chris Olson, CEO of The Media Trust has this comment:

“Malicious actors have a tough time using the credit card numbers they steal through Web and mobile attacks; the usual way is to sell those numbers in bulk through DarkNet markets or use them to acquire gift cards that can be redeemed for goods. Mobile bots like the ones described by Vice provide them with yet another way to use financial information, and it’s not the first-time mobile payment features have been abused – through PayLeak-3PC, hackers were also able to initiate attacks directly through Apple Wallet. Consumers and businesses alike need to be more conscientious of mobile devices as threat surfaces.”

My advice is that neither a bank or “Amazon” will call or text you for a multi factor authentication code, and it shouldn’t be shared with anyone else. Regardless, clearly this is another example as to why you have to be vigilant at all times as clearly the bad guys are out to get you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: