The U.S. Secret Service issued a non-public alert to the country’s banks this week informing them of recent reports of a complicated kind of ATM-skimming that involves thieves cutting a hole in the front of an ATM and inserting equipment that allows them to capture customer data directly from the ATM’s card reader.
Prior ATM-skimming attacks involved inserting a device in the card reader slot that captured account numbers and PINs and then transmitted them to the thieves.
Brian Krebs at Krebs on Security has seen the alert and describes the new “ATM wiretapping” attacks:
This type of attack … starts when thieves use a drill to make a relatively large hole in the front of a cash machine. The hole is then concealed by a metal faceplate, or perhaps a decal featuring the bank’s logo or boilerplate instructions on how to use the ATM.
Skimmer thieves will fish the card skimming device through the hole and attach it to the internal card reader via a magnet.
Once the skimmer is in place and the hole is patched, thieves wait a day or two to make sure the drilling has not activated an internal alarm. When they are sure that they have not been discovered, they return to install a hidden camera on the ATM.
The camera may be hidden in front of or above the keypad to record a time-stamped video of a customer entering a PIN code. In other cases, thieves replace the keypad security shield with one of their own devising that includes a pinhole camera.
Krebs recommends using your hand to cover the keypad when entering your PIN code. This simple maneuver sharply reduces the chance of having your PIN recorded by a hidden camera. It won’t stop a more sophisticated and costly PIN-pad overlay device, but those are far less common than a simple camera.
For photos and more details, visit the Krebs on Security website.