Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign

A SecAlliance report reveals Chinese smishing syndicates compromised 115M US payment cards by bypassing MFA to exploit Apple Pay and Google Wallet.

A new report from cybersecurity firm SecAlliance has revealed a highly organized criminal operation run by Chinese syndicates that may have compromised as many as 115 million payment cards in the United States. According to the research, these attacks, which occurred between July 2023 and October 2024, have resulted in billions of dollars in losses. 

The report, published on August 5, highlights a fundamental change in how these hackers operate. They turn stolen credit card details into digital tokens for mobile wallets like Apple Pay and Google Wallet. This shows a shift from basic scams involving text messages pretending to be from delivery companies or toll services to large-scale, professional criminal enterprise. 

Researchers explain that a key figure, operating under the name “Lao Wang,” created one of the ...