- Статьи
- Economy
- Wrong transfer: stealing money via NFC from Android has become one of the most common deception schemes
Wrong transfer: stealing money via NFC from Android has become one of the most common deception schemes
Fraudsters began to massively steal money from Russians with Android smartphones via NFC. This technology is used for non-cash payments, but it also allows you to deposit money into your account. In the second half of 2025, this scheme accounted for half of all remote theft using malware, the Interior Ministry told Izvestia. The attackers convince people to link a card to NFC on their phone and transfer funds to it through an ATM to withdraw money to a supposedly secure account. The trend continues in 2026. How the scheme works and whether it is possible to protect yourself from deception is in the Izvestia material.
Another scheme with a "secure account"
One of the most popular deception schemes was the theft of money through NFS technology. In the second half of 2025, it was used in about half of all recorded cases of remote theft using malware, the Interior Ministry told Izvestia.
The agency explained how this scheme works. First, the attackers convince the victim to withdraw cash from the cards, then, under the false pretext of transferring to a "secure account", they ask him to install a special program on his mobile device that disguises itself as a real banking application — it is called a "Trojan". The utility requests and obtains the rights to use the NFC module for contactless payments.
— The victim of fraudsters is convinced that the NFC—linked card is his own. However, the malicious application connects the fraudsters' card to the NFC module," explained Denis Ushakov, a Spikatel presale engineer.
Next, the person is persuaded to deposit cash through an ATM using a phone, the Interior Ministry said. The money is eventually credited to the attackers' tokenized card, which is linked to the victim's smartphone.
Card tokenization is a technology in which real bank card data is replaced with a unique digital token used for payment instead of the real plastic number. The user adds the card details to Google Pay. The payment system or bank generates a unique token based on the card data. For subsequent payments, only the token is transferred.
Until 2022, iPhone owners could also withdraw money from ATMs using Apple Pay, but now this feature is not available. Therefore, fraudsters will not be able to deceive the owners of devices of this brand in this way.
Banks are actively fighting the use of such schemes. The vulnerabilities of NFC technology are taken into account by anti-fraud systems, representatives of VTB and DOM Bank said.Russian Federation and Novik.
The number of such attacks continues to grow, said Kontur, an information security expert.Aegis" by Daniil Borislavsky. This can be seen from customer requests and company reports. On average, the frequency of such cases increases by 10-20% per year.
This deception is called the "reverse NFC" scheme, explained Sergey Golovanov, chief expert at Kaspersky Lab. Previously, attackers sought to obtain the victim's bank card data through attacks on the NFC infrastructure and conduct operations on their own - this is a "direct NFC" scheme. However, such actions are easier to detect by banks, so fraudsters are increasingly forcing people to deposit money on their own.
The new scheme fits well into the legend of "transfer to a secure account" and allows you to hide your tracks, explained Ashot Oganesyan, founder of the DLBI leak intelligence service. To determine which card the money went to, it requires an analysis of ATM logs and camera recordings, so such attacks continue to gain momentum.
A noticeable increase in attacks on owners of Android phones using NFC tools was observed in the second half of 2025, Sergey Golovanov emphasized. In the third quarter alone, the number of NFC Trojan infection attempts exceeded 44,000, an increase of more than one and a half times compared to the second quarter. In 2026, the interest of intruders in such schemes remains.
At least 1.6 billion rubles were stolen from Russians through NFC-based schemes in the first ten months of 2025 alone, said Dmitry Sytsko, Information Technology Director at BKS Bank.
This year, the scheme has become even more popular, Denis Ushakov believes. At the same time, the total number of threats to Android in 2025 increased by almost 50%, and attacks using NFC have become one of the key ones in this dynamic.
How not to get caught by divorce scammers
The Ministry of Internal Affairs, together with financial market participants, is working on measures to counter the scheme, the ministry said. The introduction of a limit on a one—time replenishment of a tokenized card via NFC is being discussed - for example, 50 thousand rubles. If you need to deposit a large amount, you can use a regular card. This should create additional barriers and make it easier to identify suspicious transactions, they say.
Such restrictions can reduce risks, but they do not solve the problem completely, said Vladimir Ulyanov, head of the Zecurion analytical center. Most of the fraudulent transactions already amount to up to 50 thousand rubles. According to the Central Bank, the average transaction size without the client's voluntary consent in 2025 is about 18 thousand rubles.
— You can't rely on the limit as the only or main way to reduce risks, — said Vladimir Ulyanov.
A similar restriction is already partially in effect, Denis Ushakov recalled. Starting from September 1, 2025, after tokenization of the card, replenishment in the amount of 50 thousand rubles or more is possible only after 48 hours. This hinders fraudsters and slows down their work, but two days after the release of the NFC card, it will still be possible to fully put it into operation.
— Only a complete ban on contactless transactions at ATMs will help here. Withdrawals and deposits via NFC are not very popular services," says Ashot Oganesyan from DLBI.
The key protection is the attentiveness of users, noted Daniil Borislavsky. It is especially important to explain the principles of fraudulent schemes to children and the elderly, who are more likely to become their victims.
"If you are sent a file and they say that it is, for example, a picture, but it does not open as an image, but offers to install something, this is a serious reason to be wary," the expert explained.
Users should not install programs from unverified sources and change contactless payment settings at someone's request, Sergey Golovanov emphasized. It is also not necessary to perform financial transactions according to the instructions of third parties.
— You should be alerted if a person posing as a "bank employee" or a "security service" behaves in an unusual and strange way — for example, he talks rudely to you, tries to exert moral and psychological pressure, threaten or blackmail, - added Natalia Milchakova, a leading analyst at Freedom Finance Global.
Any application that is offered to be installed via a link from an SMS, messenger or during a call carries a risk, said Dmitry Sytsko from BKS Bank. The real services are only available in the official app stores — RuStore, Google Play or the App Store.
People become victims of such schemes not out of naivety, but out of stress. Scammers put pressure on the fear of losing money and demand immediate action, which turns off critical thinking. The expert summarized: if a conversation with a "bank employee" or an "investigator" follows this pattern or is moving towards urgent transfers or going to an ATM, hang up.
Переведено сервисом «Яндекс Переводчик»
