Apple Pay & Google Pay Scams
Scams that exploit mobile payment apps — and how to protect your wallet.
Last reviewed: 1 June 2026
Apple Pay and Google Pay make contactless and online payments fast and convenient, but that same convenience is sometimes exploited by fraudsters. Because these services link directly to payment cards and bank accounts, gaining access to them — or tricking a user into making a payment — can result in significant financial loss.
SIM-swap attacks, phishing for device verification codes, and social engineering are common methods used to add fraudulent cards or take over accounts tied to mobile payment services. Marketplace and social media scams also sometimes direct victims to send payments via Apple Pay or Google Pay where no buyer protection applies.
This guide covers the key risk scenarios, the warning signs, and the steps to protect your mobile wallet.
Common scams using Apple Pay & Google Pay
SIM-swap to access mobile wallet
A fraudster convinces a mobile carrier to transfer the victim's number to their SIM, then uses it to verify and access linked payment services.
Phishing for device verification codes
Fake messages or calls ask for the one-time code sent during Apple Pay or Google Pay card setup, allowing the fraudster to add the card to their device.
Marketplace payments with no buyer protection
Sellers insist on Apple Pay or Google Pay for informal transactions — these payments can be as hard to recover as cash.
Fake tech support and unauthorised wallet additions
Scammers posing as bank support remotely guide victims into adding their card to a fraudster-controlled device.
Common red flags
- A text or call asking for a verification code that was sent to your phone — any code is for your eyes only
- Unexpected notifications about a new device being added to Apple Pay or Google Pay
- Sudden loss of mobile signal that could indicate a SIM swap
- Sellers who insist on receiving payment exclusively through Apple Pay or Google Pay
- A caller claiming to be from your bank who asks you to verify a device link
How to protect yourself
- Never share a verification code sent by your bank or device — even to someone claiming to be support
- Set up a SIM PIN with your mobile carrier to prevent unauthorised SIM swaps
- Review the devices linked to your Apple Pay or Google Pay regularly
- Enable transaction notifications from your bank and Apple or Google account
- If you lose mobile signal unexpectedly, contact your carrier to check for a SIM swap
How to report it
- Report unauthorised transactions to your card issuer or bank immediately
- If a SIM swap occurred, contact your mobile carrier's fraud team
- Report to your national fraud authority
Frequently asked questions
Are Apple Pay and Google Pay safe to use?
Both services use strong security features including tokenisation and biometric authentication. The main risks come from social engineering — being tricked into sharing codes or authorising device links — rather than weaknesses in the payment technology itself.
What is a SIM-swap attack?
A SIM swap happens when a fraudster convinces your mobile carrier to move your phone number to a SIM they control. Once they have your number, they can receive verification codes intended for you and access accounts linked to that number.
I see an unexpected device in my Apple Pay — what should I do?
Remove the unrecognised device from your Apple Wallet immediately via Settings > Wallet & Apple Pay. Change your Apple ID password, enable two-factor authentication, and contact your card issuer to report the incident.