A new report says that criminals are abusing Apple Pay to scam unsuspecting users, and reveals they believe it is the “easiest way” to make money.
Criminals are abusing Apple Pay and other contactless payment systems to go on spending sprees with stolen credit and debit card numbers, according to a Motherboard review of various Telegram channels used by fraudsters. One fraudster said that Apple Pay is the “easiest way” to make money with a recently developed hacking tool available in the digital underground that focuses on stealing victims’ multi-factor authentication tokens.
According to the reports, criminals are using bots to automatically call victims and dupe them into handing over multi-factor authentication codes, and then using the bots to link stolen credit cards to contactless payment systems like Apple, Samsung, and Google Pay. The cards are then used to buy gift cards using the payment credentials of the victims. As the report notes, Apple Pay may be a preferred exploit because you don’t need a PIN number to spend money or any identification, just a phone.
The story is another reason why it’s important to remember never to hand over any kind of authentication or verification code to anyone, especially someone over the phone. Companies like Apple will never call you for that type of information. And if they do, it’s probably someone just posing as a company to steal from you, as one crypto investor who lost $650k found out earlier this week.