Chinese cybercriminals engage in NFC-enabled fraud by using POS terminals and merchant accounts for illegal transactions. They manipulate money laundering chains via compromised accounts and stolen payment data while exploiting lax verification methods in contactless payments. Affected: financial institutions, legitimate businesses, cybercriminals
Keypoints :
- Chinese cybercriminals are increasingly involved in NFC-enabled fraud.
- Fraudulent activities are facilitated through NFC-enabled POS terminals and compromised merchant accounts.
- Recruitment of money mules occurs through various scams, including job offers and social media.
- Fraudulent merchant accounts are used to process stolen credit card transactions and launder money.
- CVM limits in contactless payments are exploited by executing multiple low-value transactions.
- There is a high demand for fraudulent merchant accounts and NFC-enabled terminals on the Dark Web.
- Cybercriminals use tools like Z-NFC to automate transactions with stolen payment data.
- Legitimate businesses may have insiders involved in fraudulent activities.
- Compliance challenges arise for legitimate businesses, impacting financial institutions and money mules.
- Non-compliance poses significant risks, including regulatory penalties for financial institutions and damage to reputations.
MITRE Techniques :
- T1071.001 β Application Layer Protocol: Use of fraudulent merchant accounts to facilitate payment processing.
- T1566 β Spear Phishing: Recruitment of money mules via email and social media scams.
- T1556 β Modify Existing Code: Cybercriminals use fake or deepfake business documentation for merchant applications.
- T1203 β Exploitation for Client Execution: Utilizing NSC-enabled terminals turned into payment devices to exploit vulnerabilities.
- T1077 β Windows Admin Shares: Use of compromised payment data recorded by ATM skimmers and stored for execution on POS systems.
Indicator of Compromise :
- No IoC Found