2 weeks Ago
Do not make cvalls if yoiu see this message. Your phone, your data and your money are at risk. There is a surge in Chinese attacks against iPhone and Android users in America and Europe, driven by sophisticated platforms designed in China and operated by organized gangs of cyber criminals.
With millions of smartphones targeted, you will come under attack. Package delivery and unpaid toll texts have taken most of the headlines, but an even worse threat is proving a nightmare for phone users. This is where a helpful bank or technical support employee reaches out to let you know there’s a problem and to help you fix it.
This could be to protect your phone or computer from an attack or to protect your money from an ongoing fraud in real time. We even now have fake police officers and federal agents contacting citizens to solicit payment to avoid arrest. All these calls are dangerous scams.
Every single one of them. As the FBI has warned , no tech support desk or bank or law enforcement official will ever reach out to you for any of these reasons. Do not take or make these calls.
And if you receive a text or email that you find worrying, use publicly available channels to find a number or email address for the organization, and contact them directly. The latest warning from the team at Cleafy is yet more of the same. The new threat is frighteningly sophisticated.
“A significant new trend,” it says, “challenging traditional banking institutions, payment institutions, and card issuers [with] New attack on smartphone users. This attack starts with an urgent text or WhatsApp message “impersonating bank security alerts, notifying users of a suspicious outgoing payment. The message prompts potential victims to call a specific number to dispute the transaction.
” Once you make that call, you will be tricked into checking your banking app, confirming your PIN and — here’s the novel bit — holding your bank card near your phone so the threat actors can read the details of the card using NFC and then make contactless transactions. The threat actors, Cleafy explains, “persuade the victim to install a seemingly innocuous application. A link to this malicious app, often disguised as a security tool or a verification utility, is sent via SMS or WhatsApp.
Without the victim’s knowledge, this application hides the SuperCard X malware, incorporating the NFC-relay functionality.” Once your card has been read, the attackers initiate “contactless payments at POS terminals or, more alarmingly, contactless cash withdrawals at ATMs.” We have seen other NFC vulnerabilities exposed, but this remote attack combined with the surge in text scams makes this easily scaleable with no need for physical proximity to victims.
Just as with other scams — including the fake Google emails doing the rounds this week , the key isn’t to dissect the technical cleverness of the attack, albeit it is clever. The key is to ensure smartphone users know never to take or make these calls. Once a scammer has you on the phone, they have a good chance of stealing from you.
This is what they do for a living, and they’re often frighteningly good at it. None of the objections you raise will be new to them, they’re well rehearsed. Don’t put yourself at risk.
Your bank will never reach out to you in this way — do not call any of those numbers if you receive any of these messages. It really is as simple as that..
