- Статьи
- Economy
- In one touch: theft of money due to attaching a card to a smartphone has become widespread
In one touch: theft of money due to attaching a card to a smartphone has become widespread
Fraudsters have stepped up the theft of Russians' money using the already familiar NFC technology: funds disappear after the card is attached to a smartphone, Izvestia found out. People install phishing utilities that disguise themselves as banking tools. In the application, they ask you to put a "plastic" against your phone, ostensibly to log in and enter a PIN. This is how the virtual card is linked to a completely different smartphone of the criminal, who is already standing at the ATM and emptying it. The scheme is spreading massively: the number of such scams in 2025 has already doubled the level of the entire 2024, Kaspersky Lab said. The damage may exceed 100 million rubles. How to protect yourself from such deception is in the Izvestia article.
Why is it dangerous to attach a card to your phone
This year, the popularity of fraudulent schemes that are carried out using malicious programs via NFC (this module provides payment from a smartphone) has increased significantly, Sergey Golovanov, chief expert at Kaspersky Lab, told Izvestia. According to him, the deception scheme works as follows: first, the scammers call the victim and, under various pretexts, persuade them to install a fake banking application. It may contain the name and logo of any credit institution or even the Central Bank.
After a person launches the application, it asks them to attach a bank card to the back of the phone and enter a PIN code, continued Sergey Golovanov. The victim applies the card, and the data about it is transferred to the fraudster's phone. He is already at the ATM and remotely withdraws money from the person's "plastic" through his own smartphone.
The Central Bank is also aware of a similar fraud scheme. They explained that the malware allows you to create a virtual image of the victim's bank card on the fraudsters' phone. As a result, attackers using this virtual image can withdraw money in ATM machines that support contactless technology: instead of a bank card, they attach their smartphone.
This scheme has been actively gaining popularity in the past year. And over the past period of 2025, the number of scams involving its use has already doubled the level of the entire 2024, added Sergey Golovanov from Kaspersky Lab. The problem has not been solved yet. Now the number of such attacks could already exceed a thousand, and the damage could exceed 100 million rubles, Anton Meltsov, founder of Insurance Broker AMsec24, estimated.
Basically, the attackers use devices running on the Android operating system with an NFC module to transfer the victim's bank card data to their phone, the PSB press service said.
For example, the MirPay application allows you to issue a virtual card token (its electronic equivalent): moreover, the "plastic" itself can physically be in the customer's possession, and the token is created by another person (for example, an attacker), explained Alexander Petrovsky, Deputy head of the Information security Department of the BBB Bank. To do this, it is enough to inform the fraudster of the confirmation code for creating the token at the time of release. Next, the victim deposits funds into the account (it is the same for the card and the token), and the criminal withdraws funds through the token.
Fraudsters can call the victim with any cover story — allegedly to install antivirus protection, applications from government agencies, the Gosuslugi portal, mobile operator services, utilities for working with digital rubles, services for obtaining information about their organization and its participants, or anything else, the PSB press service added. In fact, the app turns out to be phishing.
The popularity of such a deception scheme is due to the fact that, against the background of sanctions from the West, banking utilities were removed from application stores, explained Alexander Bleznekov, head of the information security integrator Telecom Exchange. According to him, this gave additional opportunities to scammers. Now it is not always possible to transfer already installed applications to a new phone or update them, users try to download utilities again and stumble upon fakes.
The attackers use technologies that seem legal and secure, which reduces the vigilance of Russians, Anton Meltsov from AMsec24 emphasized. For example, real banking applications often suggest reading card data by holding it up to the camera so as not to fill in all the numbers yourself, so such an action does not seem unusual.
How banks prevent money theft
Now, only the largest banks can fight this method of deception, when the victim is asked to attach a card to the phone after downloading a fake application to steal money, added Sergey Golovanov from Kaspersky Lab. He explained: they have large budgets, and their anti-fraud systems have learned to recognize such scams.
At the time of money withdrawal, a financial institution can detect a delay in the signal between the card and the ATM or determine that the customer is in one city and the operation is taking place in another. Then the bank is able to decide that the process needs to be slowed down, explained Golovanov. However, only big players can do this.
This scheme is well-known on the market. Banks can track such transactions by indirect signs, the press service of the Post Bank confirmed.
Transaction monitoring systems also help, the VTB press service noted. They clarified that they promptly identify suspicious activity on customer accounts and cards, as well as analyze their behavior on various transactions. If the system detects atypical actions, it automatically locks the cards for protection.
Banks should regularly monitor whether fake applications of their credit institution appear, believes Alexander Petrovsky from BBR Bank. Zenit considers the main task for banks in such cases to raise customer awareness. Every user must follow the basic rules of cyber hygiene, Alexander Petrovsky also confirmed.
— We have encountered such a situation. To solve the problem, we have limited the number of tokens issued per card and the conditions of their use. Ordinary customers were not harmed, and the attackers became uninterested," he stressed.
How to protect yourself from scammers
Users should remember that in no case should they click on links and install software on the instructions of third parties, the press service of Novik Bank noted.
In addition, it is strictly forbidden to transfer data about the card itself, primarily the PIN code and CVV, continued Vladimir Ulyanov, head of the Zecurion analytical center. According to him, in some cases it even makes sense to abandon NFC devices, for example, for older people. This can be not only safer, but also more convenient — payment at the checkout will be faster with a regular card.
— Among other recommendations for reducing risks relevant to other schemes, set limits on card transactions and generally do not keep large amounts in the account. It is better to transfer money that you are not going to spend in the near future to savings accounts and deposits. It is more difficult to steal them from there, and the banks themselves also charge interest," added Vladimir Ulyanov.
If a person has nevertheless become a victim of fraud, then he must immediately block the card through the bank's application or by calling the hotline indicated on the back of the "plastic", Alexander Petrovsky from BBR Bank reminded. And then — submit an application to a credit institution to challenge transactions and contact law enforcement agencies with copies of documents — receipts, screenshots and correspondence.
Переведено сервисом «Яндекс Переводчик»
