CyberThreats Daily: ATM skimmers – drive-by ATM card theft

If you keep up on the subject, FBI has been recently cracking down on ATM card data theft rings, where scammers attach fake hardware to the front of ATM’s and trick users into entering PIN information, then record the data to logging devices which can be retrieved later. In some cases the attackers use Bluetooth communication to retrieve the information from a laptop in a car parked close to the ATM. A drive-by of sorts with a high-tech twist, and one that has been harvesting much more haul than a bad guy with a mask and gun, all without shots fired.

The process, called ATM skimming, is certainly not a new concept (but then as Randy Abrams points out, very few scams are TRULY new, they’re usually repurposed from some other venue). Since long ago, bank tellers, wait staff and other public facing folks have tried little scams to pocket a penny here, dollar there. Hopefully, it’s not enough so the system (or boss) will notice, but net a tidy sum over time. The twist here is that technology allows scammers to do so largely automatic, undetected, and relatively anonymously once the equipment is in place.

Once they haul the data down to their laptop, it’s either acted on directly by attempting to remove cash after imprinting your information on to fake cards, or sold in bulk on the dark markets for a tidy sum to other scammers.

ATM’s vary in style, depending on model and manufacturer. This plays into the scam, because if a fake keypad is mounted on top of the real keys to intercept key presses, people may not notice something looks “out of place” for that model of ATM. Also, the real card slot may be blocked with a professional looking plate, and a fake scanner mounted above it, looking real. The FBI has a nice image (below) which shows the subtle differences on a typical compromised ATM. Note the fake camera above the screen, the fake keypad overlay and the blocked card slot. Not bad, for fakes, and certainly easy to overlook if you’re in a hurry.

Typical skimmer technology on an ATM (courtesy FBI)
By the numbers, several cased have been prosecuted by the FBI including one example where a Bulgarian national was “sentenced yesterday to 21 months in prison for his role in a scheme that used sophisticated skimming devices on ATMs to steal over $1.8 million from at least 1,400 customer accounts at New York City area banks.”

They recommend users “Inspect the ATM, gas pump, or credit card reader before using it…be suspicious if you see anything loose, crooked, or damaged, or if you notice scratches or adhesive/tape residue.” Also, be on the lookout for hacked equipment in tourist traps, a popular target, and use an ATM at an inside location, they are more likely to be closely monitored for tampering. Also, they say “If your card isn’t returned after the transaction or after hitting ‘cancel,’ immediately contact the financial institution that issued the card.” So be aware this summer when you’re traveling, stolen financial information could be a most unwelcome surprise during your journeys.

Cameron Camp
ESET Research Systems Manager

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s