Recently, thieves have begun utilising bots to contact their victims and deceive them into passing over their multi-factor authentication tokens automatically.
Vice’s take on the matter:
Apple Pay and other contactless payment systems are being abused by criminals who are using stolen credit and debit card details to go on spending sprees, according to a Motherboard examination of multiple Telegram groups frequented by fraudsters. A freshly created hacking tool accessible in the digital underground that concentrates on obtaining victims’ multi-factor authentication credentials is the “easiest method” to get money, according to one fraudster.
By utilising bots to automatically phone victims and fool them into passing over their multi-factor authentication passwords, criminals may connect stolen credit cards with contactless payment systems such as Apple, Samsung, and Google Pay using stolen credit cards. Once the cards have been purchased, they are utilised to buy gift cards using the victims’ payment information. According to the research, Apple Pay may be a favoured attack since it does not need a PIN number or any other kind of authentication in order to make purchases; all you need is a phone.
Another reason why it’s crucial to remember not to pass up any form of identification or verification code to anybody, particularly someone over the phone, is provided by the narrative. When it comes to this kind of information, even large corporations like Apple won’t contact you. Then, like one crypto investor who lost $650k earlier this week discovered, it’s probably simply a phoney corporation pretending to be a real one.