If you want to learn how Chinese phishing or "smishing" groups are turning phished card data into mobile wallets, check out today's story. The innovation coming out of these groups is remarkable, and includes mobile apps that let thieves relay "ghost tap" […] [Original post on infosec.exchange] - ThreadSky

briankrebs.infosec.exchange.ap.brid.gy • 10 days ago

If you want to learn how Chinese phishing or "smishing" groups are turning phished card data into mobile wallets, check out today's story. The innovation coming out of these groups is remarkable, and includes mobile apps that let thieves relay "ghost tap" […] https://infosec.exchange/@briankrebs/114026780881376222

Comments

drgeraint.glasgow.social.ap.brid.gy•9 days ago

https://infosec.exchange/@briankrebs One time codes seem to be a major systemic weakness. All these warnings from banks not to share them, but when they arrive, there is no real way of knowing what they are for or by whom the code was initiated.

Powerfromspace1.mstdn.social.ap.brid.gy•10 days ago

https://infosec.exchange/@briankrebs all ☝️

ruari.velocipederider.com.ap.brid.gy•10 days ago

https://infosec.exchange/@briankrebs It would also be nice if more banks allowed fine grained control of the features enabled for a given credit/debit account.

https://velocipederider.com/@ruari/113955800760365438

For one of the cards I use most online, I have specifically […] https://velocipederider.com/@ruari/114026927246676809

briankrebs.infosec.exchange.ap.brid.gy•3 days ago

I keep getting financial industry people reaching out about this story to say how much fraud they are now seeing from peoples' payment card data being phished and loaded onto mobile wallets just by also phishing a one-time code out of victims.

One thing I think a lot of people are missing with […]

miki.dragonscave.space.ap.brid.gy•3 days ago

@briankrebs Apple urgently needs to deploy their location detection technology, which they're now using to make sure Americans can't install third party browsers, a lot more widely.

If banks knew where the fraudster was, and *how sure Apple was of that info*, the fraudsters' job would be a lot […]

mredig.fosstodon.org.ap.brid.gy•3 days ago

@briankrebs Just to make sure I understand, the vulnerability is not the typical usage of mobile wallets themselves, right? It's compromised auth code *enabling* the use of a wallet by an illegitimate user, right?

briankrebs.infosec.exchange.ap.brid.gy•3 days ago

@mredig you got it!

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply