The Singapore Police Force (SPF) has issued a warning about a surge in mobile wallet scams, where phished card credentials are being misused to facilitate fraudulent transactions.
Between October 1 and December 31, 2024, at least 656 reports of phished card credentials being linked to mobile wallets were lodged, resulting in losses exceeding $1.2 million. Notably, 502 cases involved cards associated with Apple Pay.
How the Scams Work
- Phishing Tactics: Scammers acquire victims’ card credentials through e-commerce phishing websites, often promoted via social media ads.
- Apple Wallet Exploit: The stolen card details are then added to the scammer’s Apple wallet. The scammer intercepts the SMS One-Time Password (OTP) entered by the victim on the phishing site.
- Executing the Fraud: Collaborating with money mules, the syndicate uses the victim’s card to purchase high-value electronics and luxury goods through the mule’s mobile device linked to the scammer’s Apple wallet.
Authorities and Stakeholders Respond
In a joint statement with Singapore’s central bank and the Cyber Security Agency (CSA), the SPF highlighted ongoing efforts to tackle the trend:
“The SPF, CSA, and MAS have been working with banks, mobile wallet providers like Apple, and card service providers to implement measures to curb this trend. We urge all stakeholders to collaborate and enhance customer protection.”
As authorities ramp up measures to combat digital payment fraud, consumers are advised to stay vigilant, avoid suspicious websites, and safeguard their personal and financial information.
