#Due to the health contingency due to #Covid-19, many of the daily activities had to be transformed, including purchases. #People found e-commerce and digital wallets the best alternative to stay away from the disease and get everything they needed. #However, cybercriminals found a golden opportunity to take advantage of it and that is why it is so important to learn to protect ourselves.
#According to a recent survey by the #United #States #Federal #Reserve, cash payments accounted for only 26% of all payments, while payments using credit and debit cards, as well as electronic payment methods, were in the 65%. #In this sense, ESET, a proactive threat detection company, analyzed the risks of payments through telephones and digital wallets, which have also become targets of cybercriminals.
The company explains that, from the point of view of applications to make payments with the phone, one of the greatest risks is the loss of the device, since it contains sensitive information. #And is that, in case the user does not protect this information correctly, cybercriminals could accumulate charges on the cards or use payment applications to make purchases.
#In addition to ending the funds in a bank account or overloading the balance, the incident can damage the credit rating with the bank, with other consequences, such as difficulty in obtaining a loan or mortgage in the future.
#Also, one of the risks that is not always present in the minds of users is that smartphones, like other electronic devices, can also be infected with different types of malware. #For example, keyloggers can record and transmit every keystroke made on a smartphone, allowing cybercriminals to obtain passwords or account access credentials used to access payment applications.
#Malware can also deploy rogue applications posing as legitimate programs and attack paid applications. #As an example, ESET researchers discovered a #Trojan posing as an app to optimize battery performance, targeting users of the official #PayPal application and attempting to transfer 1,000 euros to the attacker’s accounts.
#Beyond device theft or malware infections, cybercriminals also use traditional means of accessing wallets: cyber scams. The premise is usually to impersonate a trusted contact and request help during an emergency. The scammer can also gain access to your contact list and pretend to be someone who has already had money sent using a mobile payment application. #In addition, they can resort to other types of fraud, such as the use of dating applications to meet people and once a relationship is established, they try to get money from their victims using all kinds of excuses.
#On the other hand, the sweepstakes scam is a frequently used tactic, where potential victims are informed that they have won a major prize, but will have to pay a transaction fee to receive it. #Of course, the purported prize from the drawing that was never entered is never received, and the purported “transaction fee” money will probably not be recovered either.
Then there are the phishing attacks in which the criminals pose as the company responsible for the mobile payment application. #Scammers make replicas of legitimate websites as part of their strategy to try to trick victims into entering their account access credentials, then steal money from them or sell their login keys on the dark web.
#Another threat is spam messages with requests to send money that appear directly in user accounts. #If a user accidentally touches one of these notifications, it may trigger a money transfer to scammers.
#How to protect yourself?
The first thing that according to ESET should be done to protect phone money and digital wallets is to enable all the security measures that smartphones provide. #This includes enabling biometric unlock (face scan, retina scan, fingerprint scan) and pattern lock. #Once this is done, it is difficult for someone to enter the phone or use the payment applications, since these require the user to verify their identity each time they want to access them, make a transaction or buy something. #On the other hand, #Android and #Apple devices are compatible with the functions “#Find my phone”, which allows you to deactivate the phone remotely if it is lost or stolen, you can even erase the data remotely.
#Most payment applications also allow you to activate additional security features, such as double factor authentication. #Applications can also be locked with additional security measures, such as biometric, pattern or PIN locks, as well as enable these functions for transactions as well. #It also recommends activating notifications every time a transaction or payment is made. #In this way, if suspicious activity occurs, an alert will be received almost in real time.
#To avoid downloading malicious applications that target the wallet, ESET always advises to examine what is being installed to avoid downloading a fraudulent application disguised as something else. #Another good rule of thumb is to check the permissions that applications request.
#Last but not least, consider using security technology on your phone to protect yourself against most threats and stop malicious activities. #An additional benefit is that many security products include payment protection functionalities that monitor banking and payment applications.
#Although there are risks associated with the use of mobile payment applications, some are more secure than others: “The use of services such as #Apple #Pay or #Google #Pay is a bit more secure than the use of a real credit card with contactless payment because these services do not provide actual credit card numbers to the merchant; instead, they only provide virtual account names that are generated for each payment, “says ESET malware researcher #Lukas #Stefanko. #He also praised the fact that, “#As an additional security measure, users who want to prevent a criminal from abusing the card data loaded on their phones by proximity can disable NFC to improve security.”
[ source link ]
#steal #purchases #payments #cell #phone