GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

An image from the Telegram channel for a popular Chinese smishing kit vendor shows 10 mobile phones for sale, each loaded with 4-6 digital wallets from different UK financial institutions.

Download link

https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/161/189/668/142/399/original/f1205bf44d1c1bba.png

Notices where this attachment appears

  1. Embed this notice
    BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 14-Mar-2025 23:21:56 JST BrianKrebs BrianKrebs

    A local television station in Tennessee is warning nebulously about a "new type of card stealing scam," without actually explaining what the new scam is (spoiler: I'm going to tell you). According to the story, the scam involves a novel "tap to pay" type of fraud.

    “From what I understand, this may be one of the first or earliest arrests of this type of situation in the country,” Binkley said.

    The story also noted that 11 people had been arrested as allegedly involved in the scam.

    https://www.wvlt.tv/2025/03/13/one-first-or-earliest-arrests-this-type-new-type-card-stealing-scam-found-knox-county/

    These facts lead me to believe that what we're seeing here is the materialization in the United States of a software-as-a-service offering that allows thieves to relay a valid NFC (tap-to-pay) transaction from mobile devices halfway around the world.

    As I explained at length last month, this innovation is being driven by Chinese phishing groups that have largely been responsible for all the toll phishing and USPS phishing scams that arrive by instant message on your mobile device.

    These are not SMS messages. They are being sent through Google and Apple phones and bypass the mobile provider networks entirely. When fraudsters successfully phish card data from victims, they then tell the victim their bank needs to verify the transaction and will send a one-time code. If the victim then provides that one-time code, the phishers will use to enroll the victim's card into a mobile wallet tied to a Google or Apple phone.

    The fraudsters who are selling these phishing kits also sell the software for relaying NFC transactions from these compromised cards/devices.

    A number of people in Singapore have been arrested for trying to use this "ghost tap" software at electronics retailers. AFAIK, This is the first case I'm aware of in the United States that's been documented in the media.

    https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/

    In conversation about a month ago from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.