The Singapore Police Force has issued a warning regarding an increase in scams involving phished card credentials and mobile wallets.
Between October 1 and December 31, 2024, at least 656 reports of compromised card credentials linked to mobile wallets have been received, resulting in losses of over $1.2 million. Notably, at least 502 of these incidents involved cards associated with Apple Pay.
The scam typically begins when fraudsters obtain a victim’s card information through phishing websites related to e-commerce, including misleading social media advertisements. The scammers then add the stolen card details to their own Apple wallet and intercept the One-Time Password (OTP) sent via SMS to the victim while they are on the phishing site.
Once they gain control of the victim’s card, the scam syndicate collaborates with a money mule to purchase high-value electronic items or luxury goods. This is achieved by connecting the mule’s mobile device to the scammer’s Apple wallet.
In a joint statement with the central bank and the cybersecurity agency, the Singapore Police Force emphasized their collaborative efforts with banks, mobile wallet providers like Apple, and card service providers to implement measures aimed at curbing this trend. They urged all stakeholders to work together to enhance customer protection.