Cyber criminals have a tactic that allows them to make ATM withdrawals from your credit or debit card. However, they don’t physically need your card to do it. By remotely targeting your Android phone, these criminals can gain access to your card information and you might never be aware that you’re giving it to them.
This scam is referred to as NGate, named after the Near Field Communication (NFC) Relay feature that allows you to tap your card or phone at the checkout counter to pay for purchases. Your Android phone has a lot of good features to help protect you from scams, but NGate relies on social engineering to negate these safeguards. This particular scam happens when you respond to a message and download an app that links to your credit card. Typically, these messages will pretend to be from your bank, making the entire thing seem legitimate and urgent. The app, though, is engineered by the criminal and thus when you connect it to your credit card, they get all the information from it.
It can be an easy scam to fall victim to because of how legitimate it might seem. The scammers will often use a bank’s logo and give a contact phone number, as well. However, with some preparedness and doing your own research into suspicious messages, you can ensure you don’t fall victim to the NGate scam.
How the NGate scam works
The first thing that will happen is you will receive either a text or email message pretending to be a bank. It may claim there is a security breach or other technical incident that requires you to immediately act. Within the message will be a direct link to download an app. Note that this link doesn’t take you to trusted stores such as Google Play. That is a red flag to look out for. Android 16 also has a new Circle to Search feature to help you identify scam messages.
After you have downloaded the app, you will receive a phone call from a supposed bank employee as well as a text message to verify it’s you downloading the app. This is all to keep an air of legitimacy and extra identity verification that you would expect from a bank.
After this, you will be directed to verify your payment information within the downloaded app. It will ask you to place your credit card against your phone and then enter your PIN, a process similar to tapping to pay at a grocery store checkout counter. When you perform this tap, the app relays this information to the criminal who will be waiting near an ATM. This allows them to instantly take cash out of your bank account.
How to protect yourself
It’s good to be aware of any security features, apps, or settings that your Android phone comes built-in with to take advantage of. For example, a new Android feature helps scan calls for financial scams. If you get an unexpected email or text message, especially one that is asking you to disclose financial information, always approach it with doubt. Take the time needed to verify how real this is before taking any action.
One of the best approaches is to call your bank yourself and ask if they sent the message to you. Don’t use the contact information within the message. Go to the bank’s website and get its phone number or physically visit the bank to speak in person. If you get an unknown call from a scammer claiming they are from your bank, don’t provide sensitive information. Hang up and then call your bank yourself, but do not call back that same number.
Only download apps from trusted app stores such as Google Play. If you receive a link to download an app, don’t assume the sender is legitimate just because their message may look very convincing. Ultimately, by double-checking any information you are presented with and not rushing into action, you can ensure you never fall victim to the NGate scam.
