The digital world has always promised us more convenience. Smartphones let us pay for coffee, manage work, and stay in touch wherever we go. But that convenience comes with risk—and right now, a dangerous new scam is sweeping across the UK and beyond, targeting anyone with a mobile phone. At Labyrinth Technology, we see how quickly these threats evolve. We also know that smart advice, clear policies, and the right technology can make all the difference.
The latest scam isn’t your run-of-the-mill phishing attempt. Organised cybercriminal groups, many operating out of Asia, are launching highly sophisticated attacks that blur the lines between text, email, and voice fraud. Here’s how it works: you receive a text, often appearing to come from your bank, a delivery service, or even law enforcement. The message claims urgent action is needed—a suspicious payment, an unpaid toll, or a blocked account. The next step? It asks you to call a specific number.
What happens if you call? On the other end is a scammer, highly trained, sometimes posing as a bank security specialist or even a police officer. They’re convincing, calm, and have all the right answers. Their goal is to manipulate you into confirming sensitive details or installing a malicious app on your phone. The latest twist? These scammers use advanced tools, including malware that leverages Near-Field Communication (NFC) on your device. By getting you to hold your bank card near your phone, they can steal your card’s data and carry out contactless fraud—often without you even realising. This is the new SuperCard X malware.
SuperCard X is a newly identified Android malware that leverages Near-Field Communication (NFC) technology to execute fraudulent transactions. Distributed through deceptive messages—often impersonating banks or security alerts—victims are tricked into installing malicious applications. Once installed, the malware captures sensitive card information via NFC when the victim brings their card close to the infected device. This data is then relayed to cybercriminals who use it to perform unauthorised transactions at Point-of-Sale (POS) terminals and ATMs.
Smishing, or SMS phishing, is a tactic where attackers send fraudulent text messages to lure individuals into divulging personal information or installing malicious software. These messages often appear to come from legitimate sources, such as banks or delivery services, creating a sense of urgency that prompts immediate action. The Smishing Triad, a Chinese cybercriminal group, has been particularly active, targeting victims in over 120 countries with sophisticated smishing campaigns.
At the heart of these attacks is social engineering—the art of tricking people into giving up their secrets. These cybercriminals are trained in psychology. They know how to use fear, confusion, or even helpfulness to their advantage. For businesses, this means every employee is a potential weak link. No matter how good your firewalls are, one well-meaning team member can accidentally open the door to an attack.
It’s easy to think, “I’d never fall for that.” But these scams are more sophisticated than ever. The criminals use real customer service language, and their texts or calls can be almost impossible to distinguish from genuine ones. Sometimes, they’ll walk you through a supposed security process, instructing you to “confirm your PIN” or “verify a transaction.” All the while, they’re collecting everything they need to access your money or compromise your company.
In the business world, the stakes are even higher. Employees might be targeted on their work phones, or you may have a team member who simply wants to do the right thing—only to be manipulated by a scammer. This is not just a problem for individuals. If your company relies on mobile banking, remote work, or BYOD (Bring Your Own Device) policies, you need to be vigilant.
The most important advice: Never call a number from an unsolicited message, even if it looks official. Real banks, tech support, and police will never ask you to do this. If you’re unsure, always look up the official contact details separately and call through the publicly listed number.
Be cautious of any message or call that:
At Labyrinth Technology, we believe prevention always beats cure. Here’s what we recommend:
Employee Awareness: Regular training is vital. Staff need to know what to look for, how to respond to suspicious messages, and who to report incidents to internally.
Multi-Factor Authentication (MFA): Adding extra security for logins, banking, and critical apps helps protect you even if credentials are stolen.
Strict Device Policies: Limit app installations on work devices. Only allow trusted software, and keep everything up to date.
NFC and Payment Controls: Review your policies around NFC payments and remote banking. Disable unnecessary features on business phones.
Clear Reporting Channels: Make it easy for staff to ask questions about potential scams, without fear of being blamed if they make a mistake.
Managed IT Support: Working with a trusted IT support partner like Labyrinth Technology means you can put the right technical controls in place and keep your systems monitored around the clock.
It can feel overwhelming to keep up with cybercrime. The reality is, criminals are always looking for new angles, and mobile scams are only going to get more convincing. But by building a culture of security awareness, setting clear boundaries for device usage, and having a reliable IT support partner by your side, you put your business in the strongest position possible.
When in doubt, don’t call back. Don’t click. Don’t panic. If something doesn’t feel right, check through official channels. Share these messages with your colleagues. And remember: your best defence is knowledge, vigilance, and a proactive approach.
If you’d like more guidance on protecting your business from these new mobile threats, or need help reviewing your company’s mobile security strategy, get in touch with Labyrinth Technology. We’re always here to give you honest advice, technical expertise, and real-world solutions—so you can focus on running your business without worrying about the next scam message hitting your phone.
© 2025 Labyrinth Technology Limited. Company number 04326900. Web Design by Netzoll
Empowering London Businesses with Efficient IT Solutions to Save Time and Stay Ahead of the Competition.
