Fraudsters used Kykyryza (Corn) cards to steal money from users’ bank accounts. Corn cards are prepaid payment Mastercards, issued by Svyaznoy/Euroset, and used by many in Russia to make payments and transfer money. It is manufactured by NovaCard, and it provides customers with bonus points when used to make purchases.
Shortly after connecting their card to Apple Pay, victims received a text message confirming the connection. Hackers then withdrew funds to a Tele2 number, attempting to login into Apple Pay with credentials obtained from a social service. Customers who used the same credentials for their online banking accounts found money missing from their accounts immediately after. The attack affected 83 cardholders, summing a total of around GBP 24,285 stolen.
Euroset has since resolved the problem, and the affected cardholders have received their money back. Also, new controls, such as stepping up monitoring procedures, resetting client passwords, and adding two-factor authentication for Apple Pay connections, were in place to deter further incidents.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now