Fraudsters target Apple Pay in credit card scams
Criminals using stolen credit card details are reportedly linking them to contactless payment systems such as Apple Pay, before spending thousands of dollars through them.
Image Credit: Apple
There have been cases before of thieves using a burner iPhone and Apple Pay to spend on stolen credit cards. But now a new report quotes one fraudster as describing Apple Pay as the "easiest way" to make money.
According to Vice, Apple Pay and other systems are discussed on Telegram channels typically used by criminals.
These fraudsters are reportedly now using a recently developed hacking tool. Bots automatically place phone calls to victims, who are then in some unspecified way manipulated into handing over their multi-factor authentication codes.
The bots are then used to link the stolen credit cards to contactless systems. This is the "easiest way to make profit using bot," an administrator for the Yahooze OTP bot posted on Telegram.
Read on AppleInsider
Image Credit: Apple
There have been cases before of thieves using a burner iPhone and Apple Pay to spend on stolen credit cards. But now a new report quotes one fraudster as describing Apple Pay as the "easiest way" to make money.
According to Vice, Apple Pay and other systems are discussed on Telegram channels typically used by criminals.
These fraudsters are reportedly now using a recently developed hacking tool. Bots automatically place phone calls to victims, who are then in some unspecified way manipulated into handing over their multi-factor authentication codes.
The bots are then used to link the stolen credit cards to contactless systems. This is the "easiest way to make profit using bot," an administrator for the Yahooze OTP bot posted on Telegram.
Read on AppleInsider
Comments
Caller ID displayed the name and phone number of my actual bank (which I googled).
Automated message in perfect English:
"We recently got a purchase request which we blocked the transaction. If you made this purchase, please press 1. If you didn't make this purchase press 2."
Then when you hit a number (which I selected #2):
"Thank you, please enter you ATM card number for verification"
It keep repeating the message to enter the card number. This is where I was like wait a minute and hung up. The automated call kept calling back every minute for the next hour.
I called my bank to make sure there weren't any transactions attempts and they said no, so I notified them of the scam.
A week later, I get another call from a different bank (which I don't have) called me and had the same message (I let it go to voice mail).
Okay, how about non-robotic sounding and no accent?
It was a robocall, so I wasn't talking to a real person. Since I wasn't talking to a real person, I used the word message to convey what was being said. It seemed pretty legitimate except for when kept repeating to enter my card number. Maybe if they spaced out the timing like every 10 seconds, it would get more people.
If you are duped into doing that, you deserve to separated from your money.
As for a living person, that can be more complex. While fully-automated AI is expensive and difficult, it's not difficult and very inexpensive to use live people. The problem that arises is that a live person in another country may understand English very well—save for certain idioms and culture-related terms—but have a thick accent. The way around this is to use a grid controller with the most common, canned responses that either a "non"-accented English speaker or a tweeked automated service has supplied. This eliminates a large hole of the scam without adding much cost and with every attempt to scam someone they can tweek the placement of responses on the board and what the responses are.
I didn't read the rest of our your statement.
We have to enter our card numbers all the time over the phone - we're basically trained to do it (by the banks).
Had some clown trying to claim they were the IRS and I asked them 'what provision of 5.1.10 Taxpayer Contacts' are you using? They hung up right then and there.
Another tried to claim they were the local police (even spoofed their number) and claimed they were going to arrest me unless I paid them. I pointed out that no real cop would call regarding a possible crime for fear any evidence would be destroyed and that I was invoking the federal False Claims Act which gave me the authority to sue on behalf of the federal government and would be hitting them with extortion charges and posing as a police officer. They hung up.
Related to credit cards. My mother was in surgery in Houston when it got flooded (result of Allison IIRC) and we were stuck there for a month. My father's credit card was near maxed out so I used mine at a parking garage. Six months later a charge for prepaid phone cards appeared on my credit card statement from Houston. I called the bank and had the charge expunged but it shows why these 1 year of protection for errors by the company that let your CC number out in the wild are useless. The smarter thieves will wait a while before starting to charge stuff and the real smart ones will wait longer than a year.