Chinese phishing groups exploit stolen card data to create mobile wallets (Apple/Google Wallets) for fraud. Phishing messages, likening to legitimate service alerts, gather victim data via fake sites, leading users to give one-time verification codes. This links their cards to wallets controlled by scammers. Criminals cash out using real and virtual means, including a ghost tap app that enables distant NFC transactions. Despite improved security via chip cards, phishing techniques have evolved, grossing potential losses of $15 billion annually. Enhanced authentication methods are needed to combat this surge in digital wallet fraud.
https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/