Phishing – Crooked shopping sprees with credit card clones

A person pays with their smartphone

  1. ingame
  2. Gaming News


Contactless inconspicuous: The card terminal does not notice whether the legitimate cardholder or a fraudster wants to pay with a fraudulent credit card clone. © Franziska Gabbert/dpa-tmn

Contactless payment with a smartphone or smartwatch is a practical thing – even scammers think so. This is how you prevent someone else from using your credit card to shop on the phone.

Hanover – Admittedly, a lot has to happen for fraudsters to be able to steal a digital image of someone else’s credit or debit card, store it on their mobile device and then use it to make contactless payments in shops.

But the recent accumulation of cases shows that the attempts by criminals to store stolen credit card clones on smartphones and smartwatches are sometimes quite successful, warns the Lower Saxony State Criminal Police Office (LKA). Anyone who knows how the scam works can protect themselves better. The scam explained in three steps:

Step 1a: The potential victim uses a search engine to search for the online banking page of his or her bank, but then clicks on a link in the results that opens a phishing page and enters his or her online banking and card details there. Therefore, the following applies: Always type the bank address into the browser yourself.

Step 1b: Links in phishing e-mails can also lead to such fake bank websites. The criminals disguise these messages as official bank mail. It says something fictional: A sudden blocking, a necessary verification or a change in the legal situation that allegedly requires the entry of banking access data and card data.

Warning: Banks would never ask you to do something like that. If in doubt, it is best to contact the bank’s customer service.

See also  Steelrising | PREVIEW | Souls-Like with an extraordinary scenario

step 2: The next day the phone rings. It is the scammers who pretend to be bank employees. Because in order to be able to pay with the digital card image on a smartphone or smartwatch, it is not enough to simply enter the card data at the respective payment service.

As a rule, confirmation from the card-issuing bank is also required. This is done partly by entering a TAN in online banking, which is displayed in the bank’s TAN app (push TAN), but partly also by a fingerprint or PIN release within the banking app.

That’s why the fake bank employees ask their victims for the push TAN or ask them for biometric release in the app with flimsy justifications. In fact, they are in the process of setting up their victim’s credit or debit card on their smartphone or smartwatch. Attention: Never disclose such sensitive data.

step 3: If a TAN was revealed in conversation with the criminals or permissions were granted, one must assume that the perpetrator’s device is now activated for payment. This allows the criminals to go shopping without actually having the physical credit or debit card.

Then the following applies: to limit the damage, contact the bank immediately and check the devices stored for the account in online banking. In the event of unauthorized debits, also inform the bank and report it to the police. dpa