A new ATM scam has been reported in which attackers have made use of ‘insert skimmers’ to steal credit card information directly from ATMs when users insert their cards. The scam makes use of cameras that receive information through an infrared connection.
Insert Skimmers are thin pieces of devices that can be inserted in the card acceptance slots found in ATMs. The devices are not visible once they are in and record data present on the card of an unsuspecting user.
The devices are fitted with small flash drives that store the data stolen from cards. The data is then transmitted to hidden cameras through an infrared connection. Essentially, it is reported that the devices contain small antennas that are responsible for the transmission.
How does it work?
According to KrebsonSecurity, apart from having insert skimmers inside the ATM to steal credit card data, there are hidden cameras that are placed very strategically around the ATM or outside.
Some of the places identified include behind brochure racks or safety mirrors which are right on top of the ATM. Such mirrors are put in place so as to alert the user standing in front of the ATM if someone is standing behind them.
Kfor reports that the cameras have been found placed near the PIN pad so that they can easily record the PIN the user is typing in.
These cameras apparently serve a dual purpose. This is because not only do they record the information transmitted through infrared by the insert skimmers, but also spy on the PIN numbers entered by users near the ATMs directly.
What if the batteries die?
Quite expectedly, the scammers seem to have thought of it well before all of us. Cameras indeed run on batteries that need to be replaced. However, since they are hidden, it is fairly easy to replace.
As far as the insert skimmers are concerned, they are designed so that they only operate when a user inserts their card. This saves on the battery life.
Although not a very hi-tech method, it is still dangerous, and users are reminded to hide their PINs with their fingers at least to prevent unnecessary spying.
Indeed, given that insert skimmers are expensive, it is more than likely that the scammers must have relied more on these cameras to record the PIN directly rather than have it sent over through infrared.
Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.