Scammers On Telegram Say Apple Pay Is The Easiest Way To Rip People Off For Fast Cash
We’ve written before about how two-factor authentication (2FA) provides much stronger protection against attackers attempting to access user accounts than a single password. Even so, it’s still important to remain vigilant, as 2FA doesn’t make user accounts unbreachable. We recently reported on Android malware that has the ability to steal 2FA codes. However, conniving digital thieves have found that they don’t need malware to steal authentication codes.
Black hat programmers have begun selling subscriptions on Telegram to bots that automatically make phone calls that trick people into giving away their 2FA codes by impersonating legitimate companies. When potential victims answer the calls, the bots tell them to secure their accounts by entering codes sent to their mobile devices. The referenced codes are 2FA codes sent to the victims, that scammers using the bots need to access victims’ accounts. Authentication codes entered by victims are passed on to the scammers.
Black hat programmers have begun selling subscriptions on Telegram to bots that automatically make phone calls that trick people into giving away their 2FA codes by impersonating legitimate companies. When potential victims answer the calls, the bots tell them to secure their accounts by entering codes sent to their mobile devices. The referenced codes are 2FA codes sent to the victims, that scammers using the bots need to access victims’ accounts. Authentication codes entered by victims are passed on to the scammers.
The Telegram channels that sell access to one of these bots, known as “Yahooze OTP” (one time password), have recently highlighted a particular use case for the bot that involves Apple Pay. Scammers are able to enter stolen or leaked credit card credentials into Apple Pay, then use bots to acquire the authentication codes sent by victims’ banks or credit card issuers. Based on Telegram messages, it seems that scammers who successfully link credit cards with Apple Pay in this way tend to buy gift cards and prepaid Visa cards.
According to an administrator of one Telegram channel, Apple Pay is the easiest way to make money using the Yahooze OTP bot. However, related Telegram channels have indicated that the scheme works with Google Pay and Samsung Pay, as well. It’s possible that scammers are helped by the minimal transaction data passed on to banks by Apple Pay. Without more detailed transaction data, banks may have a harder time detecting fraud.
According to an administrator of one Telegram channel, Apple Pay is the easiest way to make money using the Yahooze OTP bot. However, related Telegram channels have indicated that the scheme works with Google Pay and Samsung Pay, as well. It’s possible that scammers are helped by the minimal transaction data passed on to banks by Apple Pay. Without more detailed transaction data, banks may have a harder time detecting fraud.
