“Ghost Touch” Scam:โ New Contactless Payment Threat Steals From Your Account
Contactless payment, the convenient methodโ of paying with a tapโ of your card orโ phone, is facing a new cybersecurity threat โdubbed “ghost touch.” this scam can drain your bank account in seconds, often without you realizing what’s happening.
Theโ vulnerability exploits Near Field Interaction (NFC) technology – the foundation of contactless payments foundโ in most modern phones and cards. While NFC is designed to be secure, generating a unique, quickly expiring code for each transaction, criminals have discovered a way to intercept and reuseโ this code.
Recent research from Kaspersky reveals two primary methods of operation. The first is a physical scam โwhere fraudsters, using โขtwo connected phones, discreetly capture your payment token in crowded places like queues, on public transport, or in bars. Thisโ captured codeโข is thenโฃ instantly relayed to a second phone, used to completeโ a fraudulent purchase at a nearby terminal. Crucially, this happensโ so quickly โคthe victim remains unaware, and no malware is installed on their device.
The second method relies on social engineering. Scammers pose โas bank or card company employees, tricking victims into installing a malicious app under the guise of card validation. Once the victim taps their card to their phone,โค the app intercepts the payment token and sends it to the fraudster, who โthen โuses it for unauthorized purchases.
“This scam demonstrates how criminals areโข adept at identifying and exploiting systemโ weaknesses to commit fraud without needing to hack devices,” explainsโฃ Anderson leite, a Security Researcherโ at Kaspersky. “Ourโฃ analysis shows that attackers can bypass existing security measuresโ with creativity, intercepting and forwarding card data.”
Worryingly, tutorials detailing how to configure theseโข malicious applications are circulating on platforms like Telegram, attracting a global audience of potential criminals.Some even showcase successful fraudulent transactions to demonstrate the effectiveness of the tools.
How to Protect Yourself:
Kaspersky recommends the following steps to mitigate the risk of falling victim to the “ghost touch”โ scam:
* Use NFC Blocking: Employ wallets or โขphone cases designed to block NFC signals, preventing unauthorizedโ reading of your card data.
* monitor โคTransactions: Regularly review your bank statements and โpromptly report any suspicious activity.
* Enable Alerts: Activate transactionโค alerts through your bank app,virtual wallet,or card provider to receive immediate notifications of accountโ activity.
*โฃ Download Safely: Only download applications from โofficial app stores andโ carefully verify the developer’s โname and reputation.Avoid installing apps sent or recommended through messages, social media, or โขWhatsApp.
* Install Security Software: Utilize a reputable security solution capable of detecting and blocking malicious applications โคattempting to exploit NFC communication.