The New York State Sheriffs’ Association is warning Android users about a new scam that could lead to your credit or debit card information being stolen.
The association says a form of malware called NGate, which targets Android devices, can steal card details and PINs using a short-range wireless technology (Near Field Communication), allowing criminals to tap into your phone. The information can be used to make ATM withdrawals without ever having your physical card, investigators say.
According to authorities, if your phone is infected and you’re tricked into using a fake tap-to-pay or card verification screen, and you enter your PIN, the malware captures that live payment data and sends it to criminals waiting at an ATM to cash out.
How to protect yourself:
- Only install banking apps from Google Play or your bank’s official site/app
- Your bank will never send you an app link by text or ask you to download from a random website
- Hang up on unsolicited calls claiming to be your bank; call back using the number on your card
- Do not click links in unexpected texts or emails about “account problems”
- Use reputable, up-to-date mobile security on your phone
- If you think you’ve been scammed, contact your local sheriff’s office and file a report with the FBI Internet Crime Complaint Center (IC3) at ic3.gov
- If anything about a “verification” or app download feels off, stop and contact your bank directly
