Experts warned Russians about the scheme of scammers with contactless theft of money
- Новости
- Internet and technology
- Experts warned Russians about the scheme of scammers with contactless theft of money
Malicious software capable of remotely intercepting and transmitting bank card data through NFC modules is developing rapidly. According to the results of the first quarter of 2025 in Russia, the total damage from the use of all malicious versions of NFCGate amounted to 432 million rubles. Every day from January to March, criminals carried out an average of 40 successful attacks, F6 (a developer of technologies to combat cybercrime) told Izvestia on April 24.
In February 2025, analysts recorded the appearance of a new NFCGate assembly, which is used in the so-called "reverse" scheme. Malicious software developers have adapted the application to a ready-made service for fraudulent call centers.
When using the first versions of NFCGate, accomplices of criminals, drops, came to the ATM to withdraw the victim's money. As experts explained, the reverse version of NFCGate allows you to skip this step: scammers, under various pretexts, direct the victim herself to an ATM so that she transfers funds ostensibly to herself, but in fact to criminals.
The attack on bank card users using reverse NFCGate is carried out in two stages. At first, the attackers use social engineering techniques and try to convince the potential victim of the need to install a malicious APK file on the device under the guise of a useful program. They explain that this is required, for example, to "protect" a bank account. In addition, in March 2025, fraudsters began offering to deposit savings into a digital ruble account.
If the user clicks on the link, installs malicious software and launches it, the application will offer to make it the main one for contactless payments. The HPE samples studied by the company's analysts were disguised as applications of the financial regulator.
After installing the application as the default payment system, the user's smartphone makes contact with the attackers' device unnoticed by the owner. The NFC data of the fraudsters' bank card is then sent to the victim's smartphone and emulated.
In the second stage of the attack, the user is persuaded to go to an ATM, ostensibly in order to transfer savings to his account. At the same time, he is informed of a "new" PIN code allegedly from his own card. When the victim attaches his device to the ATM's NFC sensor, the authorization of the drop card will occur. The ATM will require you to enter the PIN code that the scammers have already dictated. The user may assume that they are transferring money to their account, but this amount is being sent to fraudsters.
According to the Fraud Protection department of F6, in March 2025 alone, criminals committed more than 1,000 confirmed attacks on customers of leading Russian banks using the reverse version of NFCGate. The average amount of damage was about 100 thousand rubles.
"In the hands of cybercriminals, the legitimate NFCGate application has quickly become one of the main threats to Russian bank customers, and attackers continue to continuously improve it. Every month, new, even more dangerous modifications appear, which gain additional opportunities to circumvent anti-fraud solutions and restrictions, disguise and steal users' money. The scale of NFCGate's spread in Russia indicates its active use by cybercriminals," said Dmitry Ermakov, Head of Fraud Protection at F6.
Experts recommended not to communicate in messengers with unknown people, not to follow links from SMS and messages in messengers, even if they look similar to messages from banks and other official structures. Also, you should not install applications based on recommendations from strangers, links from SMS messages, instant messengers, emails, and suspicious sites.
If someone offers to install or update the bank's application and sends a link, it is worth calling the hotline indicated on the back of the bank card and clarifying whether the offer received actually comes from the bank.
It is forbidden to disclose to outsiders the CVV and PIN codes of bank cards, logins and passwords for online banking. If your bank card is compromised, you should block it immediately.
You should not delete banking applications from your phone at the request of third parties. They have built-in protection against fraudulent attacks and can protect against the actions of criminals.
Earlier, on January 20, it was reported that the most common scenario of telephone fraud in 2024 was the proposal to allegedly extend the contract with the telecom operator. Scammers also often promised to issue or increase the benefits paid, increase the pension amount, or recalculate payments based on previously missed seniority or data. This follows from the data provided by Yandex.
Переведено сервисом «Яндекс Переводчик»
