“Ghost Touch” Scam: New Contactless Payment Threat Steals From Your Account
Contactless payment, the convenient method of paying with a tap of your card or phone, is facing a new cybersecurity threat dubbed “ghost touch.” this scam can drain your bank account in seconds, often without you realizing what’s happening.
The vulnerability exploits Near Field Interaction (NFC) technology – the foundation of contactless payments found in most modern phones and cards. While NFC is designed to be secure, generating a unique, quickly expiring code for each transaction, criminals have discovered a way to intercept and reuse this code.
Recent research from Kaspersky reveals two primary methods of operation. The first is a physical scam where fraudsters, using two connected phones, discreetly capture your payment token in crowded places like queues, on public transport, or in bars. This captured code is then instantly relayed to a second phone, used to complete a fraudulent purchase at a nearby terminal. Crucially, this happens so quickly the victim remains unaware, and no malware is installed on their device.
The second method relies on social engineering. Scammers pose as bank or card company employees, tricking victims into installing a malicious app under the guise of card validation. Once the victim taps their card to their phone, the app intercepts the payment token and sends it to the fraudster, who then uses it for unauthorized purchases.
“This scam demonstrates how criminals are adept at identifying and exploiting system weaknesses to commit fraud without needing to hack devices,” explains Anderson leite, a Security Researcher at Kaspersky. “Our analysis shows that attackers can bypass existing security measures with creativity, intercepting and forwarding card data.”
Worryingly, tutorials detailing how to configure these malicious applications are circulating on platforms like Telegram, attracting a global audience of potential criminals.Some even showcase successful fraudulent transactions to demonstrate the effectiveness of the tools.
How to Protect Yourself:
Kaspersky recommends the following steps to mitigate the risk of falling victim to the “ghost touch” scam:
* Use NFC Blocking: Employ wallets or phone cases designed to block NFC signals, preventing unauthorized reading of your card data.
* monitor Transactions: Regularly review your bank statements and promptly report any suspicious activity.
* Enable Alerts: Activate transaction alerts through your bank app,virtual wallet,or card provider to receive immediate notifications of account activity.
* Download Safely: Only download applications from official app stores and carefully verify the developer’s name and reputation.Avoid installing apps sent or recommended through messages, social media, or WhatsApp.
* Install Security Software: Utilize a reputable security solution capable of detecting and blocking malicious applications attempting to exploit NFC communication.
