How Phished Data Turns into Apple & Google Wallets
1 min read
Summary
Carding, the illegal market dealing in stolen card data, has long been associated with Russia.
But innovations by criminal gangs in China are now revitalising the industry by turning card data into mobile wallets that can be used online or in-store.
The gangs are selling items known as smishing kits, which are used to spoof the US Postal Service, and local toll road operators, among others.
The kits are sent through the Apple iMessage system and Rich Communication Services on Google phones, and ask the recipient to enter their card data.
The victim is then told their bank needs to verify the transaction using a one-time code sent to the victim’s mobile phone.
The code is in reality used to link the card to a mobile wallet, to which the criminals then add several digital wallets from different financial institutions.
The phones are then sold in bulk for hundreds of dollars each.