In keeping with our focus on Cybersecurity awareness and playing into the Halloween theme, let’s take a look at a type of cybercrime with a spooky name….Ghost Tapping or Ghost Touching. While their names sound the same, there is a distinct difference in the two. Ghost tapping refers to payment scams while ghost touching is actual phone hacking. Both are dangerous, scary, and can lead to financial loss or unauthorized access to a device. Financial consequences can include unauthorized charges to debit or credit cards, most often through contactless payment systems. As for your devices, scams can result in remote takeover, unlocking the phone, making calls, and installing malware. The scariest part is that any and all of this can be done without physical contact. So, what are ghost tapping and ghost touching? How do these scams work and what protections do we have against them?
Ghost tapping is a physical scam where fraudsters use a contactless payment terminal to charge a victim’s card without them being aware. It targets tap-to-pay cards and mobile wallets. Tap-to-pay works through Near Field Communication (NFC), this allows devices to exchange data at a close range. NFC is usually safe, but of course scammers have found a way to exploit it in crowded situations. Most debit and credit card scams require actual physical contact with the card, ghost tapping eliminates this need. According to the BBB, individuals participating in ghost tapping will try to trick unsuspecting people in public places to gain access to their funds. They do this by getting close to their victims in public spaces, pretending to be a vendor at a public event, or running charity scams. Each of these instances see the scammer rushing the victim, they count on people just tapping the card to pay without checking the business name or amount. Then the fraudsters began making charges to the card, small at first and then increasingly larger. Here are some red flags and warning signs of ghost tapping:
- Bank alerts about small or unusual “test” charges.
- A request to tap-to-pay that doesn’t show the total or offer you a receipt.
- Suspicious charges after you have been in crowded areas like festivals, amusement parks, markets, or transit stations.
Tips on how to protect yourself:
- Use a Radio Frequency Identification (RFID) blocking wallet or sleeve
- Always confirm payment details like merchant name and amount before using tap-to-pay
- Set up Notify Me alerts
- Keep an eye on your account
- Limit tap-to-pay use in high risk areas
Ghost Touching happens when malicious signals are used to control a smartphone or tablet’s touchscreen remotely. That is a pretty scary thought! Basically hackers can use electromagnetic interference to send signals to a phone or tablet’s touchscreen. The signals then make the device act as though it is being touched and in turn allows the hacker to perform actions without any physical contact. The hacker can unlock the device, make calls or send texts, even enter your passwords all without you ever knowing. Basically, the phone starts working on its own. If this happens to you, first instinct may be that there is something wrong with the devise causing it to glitch. While that is sometimes the case, never rule out Ghost Touching as the culprit. Ghost Touching allows the attacker to access data, install malware, or have complete control over the device.
How to protect yourself:
- Be cautious with charging: Avoid using unknown or public charging ports
- Stay updated by keeping your phone’s operating system and all apps updated to the latest versions
- Be aware of your surroundings!
- Use strong passwords or pass phrases
- Use a phone case or screen protector that can help block or reduce electromagnetic interference.
Ghost Tapping and Ghost Touching may sound like something made up for Halloween, but unfortunately they are all too real. Don’t let yourself get scammed this spooky season!
