The LKA Lower Saxony warns of a scam where criminals steal credit and debit card details using phishing. They then activate the smartphones for payment via NFC. The deceived only notice it on the bank statements. In recent weeks, several victims of the scam have filed complaints, which is why the Hanover Police are now warning about the scam.
Payments via NFC
Current smartphones from Apple or with the Android system from Google and some smartwatches support the so-called Near Field Communication Standard NFC. A small circuit enables data transmission via radio, whereby payments are usually confirmed cryptographically secured – for example, users do not insert the appropriate bank card into the reader at the checkout, but only hold it for it. In the corona pandemic, this form of contactless payment is becoming increasingly widespread.
Credit or debit card data can also be stored on current smartphones and smartwatches and used with Apple Pay or Google Pay. After confirmation with, for example, a mobile PIN code, the data is stored in the wallet on the device. In the future, opening the wallet and confirming the payment with a fingerprint, facial recognition or telephone PIN will be enough to process the payment via the card.
According to the LKA Lower Saxony, the fraudsters use phishing sites to obtain the debit or credit card details. The next day they called the potential victims and pretended to be bank employees. In the course of the conversation, there was always a request to confirm a push TAN – it came in during the conversation. If the victim steps in and confirms the TAN, it will unlock the card on the scammer’s cell phone. Without further PINs, TANs or even physical credit cards, the fraudsters can then shop and pay with the credit card.
The LKA Lower Saxony also provides information on protecting against this scam. For example, the internet banking website should only be accessible via the known URL and not by clicking on links in emails, text messages or messenger messages. In addition, banks and credit unions have never asked for sensitive data or TANs by phone or message. Online banking also allows users to check which cards and devices are stored for use.
Anyone who has fallen for this scam should contact their bank immediately to avoid greater damage. Those involved should then report the incident to the local police station.
Online and telephone fraud remains a hot topic. Instructions on heise online explain how to recognize telephone fraud and how to prevent fraud.