3 ways scammers are using ATMs to steal from you
We seem to be in a never-ending battle against criminals these days. Whether it’s the common thief breaking into homes or sophisticated hackers coming after us digitally, there’s always some threat we need to watch for.
Other than our home, the place that it’s most important to feel safe is our financial institutions. Having your bank account or credit/debit cards breached is a horrifying thought. Imagine trying to make a purchase one day only to find out that your checking account has been drained. Yikes!
It’s not just cybercriminals that we need to be wary of going after our accounts. There are also ATM scammers out there ripping off anyone who dares to use one of these cash machines.
That’s why you need to know these three ways scammers are using ATMs to steal from you.
1. Are the bad guys watching you?
A recent trend in criminal activity is the use of expertly installed pinhole cameras on ATMs to record your every move. Believe me when I tell you they are extremely difficult to spot.
It’s amazing how cameras have shrunk through the years. They’re so cheap and small now, you can place them almost anywhere.
Unfortunately, criminals are also using these qualities to their advantage. They are using these virtually invisible cameras to spy on you and siphon out your money!
Police in London recently tweeted an image of one such device and warned the public to be extra cautious when using their account on ATMs.
You won’t believe how tiny the camera is!
London’s Metropolitan Special Constabulary (MPS Specials) tweeted “Off duty @MPSNewham Special Constable has sniffed out a covert camera recording the pin pad of this ATM in @MPSWestminster.
“This is why it is so important to #CoverYourPin when taking out cash.”
An off-duty London policeman spotted the cleverly hidden pinhole camera on an ATM in Westminster. The camera was positioned to spy on customers entering their PIN on the machine’s keypad.
The tiny camera and its components were hidden behind a false cover installed on the ATM’s receipt slot.
If the criminals manage to get a hold of your card, they can then use your PIN information to make large withdrawals from your account before you can take action.
These cameras are so tiny that they’re difficult to spot. All it takes is a very tiny hole for it to accomplish what it’s set to do – capture your PIN.
2. ATM jackpotting
The U.S. Secret Service recently issued warnings against an ATM attack known as “jackpotting.” This hacking technique involves thieves installing malware on an ATM to force it to spit out cash on demand.
The U.S. Secret Service sent out an alert to multiple financial institutions about potential jackpotting attacks on targeted stand-alone ATMs that are “routinely located in pharmacies, big-box retailers, and drive-thru ATMs.”
And it looks like the jackpotting attacks are spreading fast. At least six attacks were recently reported in one week across the U.S. with thieves stealing over $1 million.
How ATM jackpotting works
Here’s how an ATM jackpotting attack is carried out.
Thieves first have to gain physical access to an ATM, either by picking its locks, duplicating a master key or by removing or destroying part of the machine. Models with front-facing panels are common targets since they’re easier to access.
The thieves then use a medical endoscope to locate the internal port of the ATM. That will allow them to connect and sync their own laptops loaded with a mirror image of the ATM’s operating system.
At this point, they either replace ATM’s hard drive with their own or infect its operating system with malware known as Ploutus.D. Once the malware is deployed, they can remotely control the ATM and force it to spit out cash on demand while appearing to be out of service.
The criminals usually pose as ATM technicians during the entire procedure to avoid suspicion.
3. Shimmers are the new skimmers
One of the most effective ATM scams uses what is known as a shimmer. It’s a smaller version of the skimmer that can steal both magnetic stripe and chip data from credit and debit cards.
The Better Business Bureau (BBB) recently warned that shimming is the “new skimming.”
Shimmers are much smaller versions of a skimmer that fit easily inside an ATM or POS card reader’s slot. They are paper-thin and card-sized devices that criminals can easily slide into any card slot discreetly.
They are also embedded with a microchip and flash storage, which allows them to directly access your card’s EMV chip and intercept your information, including the card number and even the PIN.
These devices are sandwiched directly between your card’s chip and an ATM or POS system’s card reader (hence the nickname “shimmer”).
This data is extracted at a later time when the thief returns and inserts a specially designed card that downloads the information.
Although it’s extremely difficult to clone an actual EMV chip card, scammers can still use the information to create a cloned magnetic stripe card.
Image: Shimmer found inside retailer’s checkout card reader. (Source: RCMP)
The shimmer is super easy for the thief to install and it is so thin, you won’t be able to tell that it’s inside the card reader. It also won’t block the normal usage of your card.
Because these new devices are so small, they won’t be limited to gas stations and ATMs. You can expect to see them popping up at grocery stores and retail locations, especially ones that offer self-checkout. You also need to be aware of shady employees of a restaurant or store who might have handheld shimmers that you’ll never see.
Fortunately, if banks and retailers completely switch over to EMV systems and they follow industry card security standards, even shimmed cards will be less of an issue.
How to protect yourself from these ATM scams
Shield your PIN – When you’re at an ATM, gas pump or POS system, always assume that someone is watching you. Always cover your hand when typing your PIN.
Check for false covers – ATMs shouldn’t have loose parts. If anything jiggles, then err on the side of caution and don’t use it. Keep in mind that crooks can also use keypad overlays to capture your PIN.
Inspect for tampering – Before putting your card into a reader, always check it for tampering. Look for anything different or misaligned. Check for anything unusual like gaps, holes, glue and even wires. If it looks suspicious, do NOT use the machine.
Stay away from stand-alone ATMs – It’s safer to use an ATM that’s well monitored and inspected, like those located inside a bank’s lobby. If you can avoid it, don’t use ATMs that are out in the open and not monitored closely.
Use contactless payments – Contactless payment systems like Apple Pay, Android Pay, or NFC are immune from shimming. With this method, you can use your smartphone, your smart watch or the “tap-and-go” features of your card on compatible systems.
Like EMV, contactless methods like these issue a unique code for each transaction and is definitely safer than card swiping. Here’s how to pay on the go using your Android or Apple smartphone.
Frequently check bank statements – Criminals are becoming more sophisticated, which means you need to stay vigilant. Stay on top of your bank statements and report any suspicious activity ASAP.
Report the theft – If you are a victim of an ATM scam, report it immediately to your financial institution and authorities.
5 MUST-DO SPY HACKS YOU NEED TO USE NOW
No matter what the situation, you don’t want critical data falling into the wrong hands. Fending off these attacks is something everyone should know how to do. That’s why we’re going to tell you about five must-do spy hacks you didn’t know until now.
Tags: Apple, cybercriminals, hackers, malware, operating systems, security