Cybersecurity firm ESET is warning Apple Pay users of a surge in sophisticated scams targeting their financial information, Apple IDs, and login credentials, according to alerts issued January 23 and 29, 2026. While Apple Pay employs security measures like biometric authentication and tokenization to protect user data, ESET reports that fraudsters are increasingly focused on exploiting the user, rather than the technology itself.
The company’s research indicates that scammers are not attempting to breach Apple’s security systems directly, but are instead employing tactics designed to manipulate users into voluntarily surrendering sensitive information or authorizing fraudulent transactions. “Apple is known for designing digital ecosystems thinking about security and privacy,” stated Mario Micucci, a Security Researcher at ESET. “But the platform and its solid reputation can still be used for scams, usually ‘hacking’ the device/wallet owner.”
Common tactics include phishing and smishing – fraudulent attempts to obtain personal information via deceptive emails and text messages. These messages often impersonate Apple Pay or other legitimate financial institutions, urging recipients to click on malicious links or provide their credentials. ESET also notes a growing trend of scams leveraging the Near Field Communication (NFC) technology that underpins mobile payment services. The firm’s research revealed a near doubling of malware detections for Android devices utilizing NFC between the first and second halves of 2025.
According to a report published January 29, 2026, by cincodias.elpais.com, the increasing popularity of Apple Pay has made it a prime target for cybercriminals. The report emphasizes that these attacks rely on psychological manipulation and well-crafted deception, exploiting user trust rather than technical vulnerabilities. The firm highlights that the goal of these scams is often to obtain money, banking details, or control of the victim’s Apple account.
ESET’s warnings extend to users of Google Pay, suggesting that the underlying principles of these scams are applicable across mobile payment platforms. The firm advises users to be vigilant against unsolicited requests for personal or financial information, and to exercise caution when clicking on links or downloading attachments from unknown sources. eltiempo.com reported on January 30, 2026, that the use of public Wi-Fi networks significantly elevates the risk of account theft.
The company has not yet released a detailed breakdown of the financial losses associated with these scams, nor has Apple publicly responded to the recent surge in reported incidents. Further investigation into the specific malware targeting NFC-enabled Android devices is ongoing, according to ESET.
