The process begins with phishing kits, sold by Chinese vendors, that deliver messages through Apple iMessage and RCS. The messages commonly impersonate legitimate organizations like the U.S. Postal Service or toll road operators to collect payment card information from victims. The pattern matches recent toll payment scams targeting Massachusetts drivers. When victims enter their payment card data, the system captures a verification code sent to their mobile device by their financial institution. The stolen card data is then converted into a digital image matching the victim’s bank, which can be scanned into Apple Pay or Google Wallet. The exploitation of one-time codes comes as Mastercard and other providers move toward more secure biometric authentication methods to replace traditional OTP systems.