On the heels of findings that skimming attacks recently hit a 20-year high comes even more risk at ATMs thanks to innovations by evil-genius crooks.
The first whammy: a new breed of wafer-thin card-reading “insert skimmers” placed directly into the mouth of ATMs, making them harder to detect than old-school, sometimes-obtrusive devices planted on the front or back of the slot. One type, found in Mexico, reads data on newer, more secure chip-enabled cards. It’s called a shimmer because it wedges “between the chip on the card and the chip reader in the ATM, recording the data on the chip as it is read by the ATM,” explains respected cybersecurity blogger Brian Krebs.
Krebs, whose posts are worth reading regularly (he broke news of the infamous Target breach), also details other insert-skimmer innovations, including another stealthier-than-ever type found in an ATM in Europe.
“Of course, an insert skimmer alone isn’t going to capture your PIN,” he notes. “For that, thieves typically rely on cleverly hidden tiny cameras. Often, the spy camera is tucked inside a false panel above or directly beside the PIN pad. Crooks often get very creative, hiding cameras behind things like convex mirrors or even phony fire alarms.”
The other whammy is a new strain of malware recently discovered by security firm Proofpoint. Once installed, aptly named GreenDispenser displays an out-of-service message on the ATM — but the tech-savvy thieves can walk up to the compromised machine, enter a special PIN code and drain its cash before deleting the malware, leaving little trace of how the ATM was robbed.
“ATM malware such as GreenDispenser is particularly alarming because it allows cybercriminals to attack financial institutions directly, without the extra steps required to capture credit and debit card information from consumers — and with correspondingly less traceability,” according to a Proofpoint official quoted in the International Business Times. There’s no evidence that self-destructing GreenDispenser has hit machines in the U.S., but this and other innovations in ATM malware are popping up in Central America, Europe and Russia.
Seems these days, ATM may more aptly stand for Another Tricky Mess. So all the more reason to be extra vigilant and take these precautions when getting cash or making other transactions.
* Always cover the keypad as you enter your PIN. “That way, even if the thieves somehow skim your card, there is less chance that they will be able to snag your PIN as well,” explains Krebs. “You’d be amazed at how many people fail to take this basic precaution.”
* If you see an out-of-service message, go elsewhere. In addition to the GreenDispenser scam, out-of-service signs have been placed on noncompromised ATMs to steer cardholders to nearby machines that have been rigged with skimming devices that collect data from a payment card’s magnetic stripe. With PINs recorded with overhead spy cameras, cloned cards are made to drain bank accounts and make online purchases, or the info is sold on the black market.
* Before entering your card, examine the ATM. Beware of slots that have a different color from the rest of the machine, as well as of unusual equipment on the mouth, keypad, sides or overhead (which could hide fraudster-placed cameras). Wiggle the slot, and don’t use it if it isn’t securely attached. Newer ATMs have a flashing light at the card slot. If the light is obscured, suspect tampering.
* Before inserting your card, try several keys, especially “enter,” “cancel” and “clear.” A sticky keypadcould indicate a nonskimming ruse that prevents you from completing a transaction after inserting a cash card and keying in a PIN. As you leave to report the problem, a nearby fraudster can use the touchscreen or other buttons on some machines to complete a cash withdrawal.
Source: AARP / Sid Kirchheimer
