You're getting a bit too excited about your phishing phonecall idea. That isn't what happened. Please read my posts properly.This is my read on this situation, based on the discussion in this thread:
—————
- The phone call was a phishing attempt. Visa is a business-to-business company. Its clients are card issuers and transaction processors, not card holders. So, Visa does not have any direct contact with card holders. Card holders receive customer service from their card issuer (typically a bank).
- Phishers have many ways to gather personal information, including scanning social media sites, buying data from hackers, and persuading people with access to contact information to reveal the information, that can be used during phishing attempts.
- In any case, the match between the phisher's clam to be calling "on behalf on XXX Bank" and the victim's actual bank probably was a lucky guess. Further, it's easy to guess a person's card issuer in markets with a small number of card issuers.
- The other "details" claimed by the phisher are common activities online. Also, it would be very unusual for a financial services call center rep to provide tech troubleshooting or do detective work.
- I don't think the victim in this case had their phone or computer compromised. If the victim's card number was indeed stolen, it is much more likely it was in a place the card was physically presented, such as a restaurant, a hotel, or a store.
- It is very unlikely a fraudulent transaction would happen via Apple Wallet due to multiple factors, including the requirement that the iPhone has to be physically present for the transaction and the way the account details are presented to the merchant.
ETA
If I were facing a situation similar to the OP’s, here are some of the things I would do:
----------
- Call the card issuer, using the phone number on the back of my card or on one of my monthly statements, to ask if any fraudulent or suspicious activity has been detected on my account.
- Remove all stored passwords and payment information from the browser that was in use at the time of the potential breach.
- Download and install a second web browser that is only used for online shopping and on trusted websites. Use the older browser for general web surfing and social media.
- Anytime I receive a phone call I did not initiate that involves anything confidential or sensitive, I’ll immediately hang up. Then I’ll call the company or provider myself, using a phone number I already have on hand (for example, on a bill or a business card).
ETA 2
From Visa's website:
I was contacted by someone claiming to be from Visa. Is this real or a scam?
If you receive a call or email asking for your information, do not provide it. You can report a phone scam that uses Visa’s name by emailing us at abuse@visa.com. Visa doesn’t call or email cardholders and request personal information.
and
*Please note, Visa does not set up, service, or have access to cardholder or merchant accounts. This is done through our client financial institutions (the banks). Each financial institution has its own criteria for issuing Visa cards, how it manages statements, etc.
(source: VISA FAQ - Individuals )
But I agree. Filled credit cards in MacOS Safari is most likely responsible. Nothing to do with Apple Pay.
