A naukri.com initiative
Krebsonsecurity
2d
334
How Phished Data Turns into Apple & Google Wallets
- Carding has traditionally been associated with Russian hackers, but innovation from cybercrime groups in China is reviving the carding industry by turning phished card data into mobile wallets.
- Criminals in China are using sophisticated phishing kits to send messages via Apple iMessage and Google RCS, tricking victims into linking their card data to a new mobile wallet controlled by scammers.
- These cybercriminals are selling multiple stolen digital wallets on a single mobile device and then selling these phones in bulk, with waiting periods before fraud decreasing to just seven to ten days.
- Some criminal groups cash out stolen mobile wallets by setting up fake e-commerce businesses and running transactions through them.
- A Chinese phishing group sells an Android app named 'ZNFC' that can relay a valid NFC transaction worldwide for tap-to-pay transactions.
- The rise of 'ghost tap' mobile software allows criminals to make unauthorized transactions at ATMs using mobile wallets.
- Chinese phishing kits incorporate advanced phishing techniques to maximize data extraction from victims and ensure stolen data remains secure, with real human operators behind smishing websites.
- Phishers convert stolen card details into a digital image of a real payment card to enroll stolen cards into Apple Pay, exploiting vulnerabilities in the system.
- These phishing operations are estimated to have caused losses of about $15 billion in fraudulent charges over a year, highlighting the profitability of mobile phishing kits.
- The reliance on one-time codes for mobile wallet onboarding has facilitated this carding resurgence, prompting banks to implement more secure authentication methods to combat the threat.
- Improvements in contactless payment terminals and increased vigilance from tech companies like Apple and Google are suggested as ways to mitigate the ghost tap threat and secure mobile wallet provisioning.
Read Full Article
20 Likes
For uninterrupted reading, download the app