Just when you thought tapping your card or phone to pay was the safest and easiest way to get through the day, along comes a new NFC scam that uses SuperCard X malware. This scam uses NFC (near-field communication), the same technology behind contactless payments (think card tapping or digital wallets), to quietly rip off your banking info without you even realizing it.
Here’s how it works: You receive a WhatsApp or text message, supposedly from your financial institution with an urgent warning about an outgoing payment. There’s a number to call to “dispute” the payment. When the number is called, the user is convinced to sign into their banking app and confirm their PIN, by holding their banking card near the phone.
Well, that is a bit odd, you might be thinking. And you would be correct. It’s also very clever. Through this whole phone call, the attackers have managed to convince users to download another app that is supposedly for their security. That app actually contains the SuperCard X malware, which uses NFC to take the information right off of the card. Then, it can be used for all kinds of fraud, including making ATM transactions using the contactless feature that is so common for these cards now.
Your defense? Don’t call phone numbers provided to you in messages like these. Contact your financial institution using a number you find independently off their official website or app and check to see if the charge is actually legitimate. They will not ask you to download a separate app in this manner either.
If you think you’ve encountered or engaged in an NFC scam, or any scam, be sure to contact Diamond Credit Union immediately.
