[Coco] A note to Android phone users

Dave Wade dave.g4ugm at gmail.com
Wed Oct 31 04:49:23 EDT 2018 

> -----Original Message-----
> From: Coco <coco-bounces at maltedmedia.com> On Behalf Of Gene Heskett
> Sent: 31 October 2018 02:17
> To: coco at maltedmedia.com
> Subject: Re: [Coco] A note to Android phone users
> 
> On Tuesday 30 October 2018 19:18:57 Ken Flanagan wrote:
> 
> > If you don't have a Samsung phone, there's no way it was Samsung Pay.
> > It only works with their phones. Also, it wouldn't be an actual
> > Samsung employee doing the phishing, just like Microsoft doesn't call
> > up people to say their computers are infected. I would say someone got
> > the info from a telephone order or you were the victim of one of
> > several online data thefts that have happened.
> 
> Thats a more believable scenario, probably. But I mean it as a warning to my
> fellow coco-nuts who do have such a phone. Keep a paper record, even if
> you are like me and can't read your own scribbles 6 months later, for EVERY
> time you use that service to pay for something even if its just your morning
> coffee. Then log into your account and verify. It could save you an account
> cleanout.
> 

Why paper records? I assume Samsung Pay can be set up the same as Android Pay so you get an e-mail each time its used. 
The card number can't be stolen from the phone, it does not store it. It generates a "Digital Card Number" which is used for the transaction

https://www.westpac.com.au/faq/samsung-pay-digital-card-number/

the phone only knows the last four digits of the card. You are assuming that the phisher told the truth. This is almost never true.
The card details were almost certainly obtained in another way. Either from the stripe by swiping it twice in say a petrol 
station or restaurant. Have you let it out of your sight is such a place? 

Or as others have said it could have been sniffed in an on-line purchase? I try to avoid directly entering my card into any web site. 
I always use PayPal so the retailer never sees card number.

Payment methods like Samsung Pay, Apple Pay and Android pay are amongst the hardest to crack. 
Of course physical ownership of the device using it allows it to be forged, 

Dave


> --
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page <http://geneslinuxbox.net:6309/gene>
> 
> --
> Coco mailing list
> Coco at maltedmedia.com
> https://pairlist5.pair.net/mailman/listinfo/coco

More information about the Coco mailing list