Ghost Tapping

Hello, fellow squirrels. Today, I will be opening the nutshell about Ghost Tapping.

What is Ghost Tapping?

Ghost tapping occurs when fraudulent chipmunks exploit the wireless nature of tap-to-pay systems. They use these connections to trigger transactions without physical contact, often in crowded or rushed settings, stealing your acorns in the process. This scam was first noticed in late 2023 and has since climbed the tree of common scams.

How Does it Work?

Ghost tapping is a blend of technical exploitation and social engineering. This scam has four major parts.

The first part of the scam is the setup. Scammers use portable point-of-sale (POS) terminals or custom NFC readers. POS devices are commonly found in food trucks or pop-up shops, while NFC readers are seen in places like healthcare facilities or gyms. The scammer uses these tools to access your phone or card’s tap-to-pay feature. They program the devices to charge amounts small enough to avoid fraud alerts but large enough to accumulate losses over time.

The second part of the scam comes in two forms. The first is proximity exploitation, which occurs in crowded areas like buses, subways, concerts, and festivals. These locations are ideal because tap-to-pay only works when the card or phone is within 1–4 cm of the reader or terminal. Scammers will “accidentally” bump into their target to get close enough for the scam to work.

The second form involves social engineering tactics. In this case, the scammer acts like a vendor to get you to willingly pay. They rush the transaction to pressure you into tapping quickly, often hiding the amount or merchant name so you don’t know how much you paid or to whom. They may pretend to be collecting for charity but charge more than they claim if you try to help.

The third part, which overlaps with the others, is the actual transaction. When your card is close enough to the reader or terminal, the scammer may also use a “pre-authorized” charge that appears as pending, making it harder to spot the scam right away.

The final step is avoiding detection. Scammers often start with small charges to test the card before making larger ones. They use generic merchant names, so the charges look legitimate and blend in with your other transactions. These scammers are also constantly on the move to avoid being tracked or caught.

How to Stay Safe?

There are many ways to keep your acorns safe, but here are five simple ones. First, get an RFID-blocking wallet, sleeve, or bag. These are becoming more common, so finding one should not be too difficult. Second, turn off tap-to-pay or NFC on your phone when you’re not using it. Third, enable biometric confirmation so that nothing can be charged without your approval. Fourth, turn on transaction alerts so you’re notified whenever a payment occurs. Finally, before you pay, always check that the amount is correct before you tap.

That’s all for today’s cyber-stuffed nutshell! So, remember in this digital forest, we the squirrels need to stay alert and protect our stash, while chipmunks try to sneak in and swipe it when we are not looking.

For more information:

What is ‘ghost tapping?’: New scheme targeting tap-to-pay users

Ghost tapping: Protect your tap-to-pay cards from this wireless scam

‘Ghost Tapping’: What to Know About New Scam Warning – Newsweek

What to Know About the New Ghost Tapping Scam and How to Avoid It

What is Ghost Tapping: How Contactless Payment Scammers Are Stealing Money

BBB warns of ‘ghost tapping’ scheme targeting tap-to-pay users