Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Careful about entering that ATM pin...

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323

    Careful about entering that ATM pin...

    Ok. I think I'm going to be looking around my ATM machines more and checking that everything is where it's supposed to be.

    Urban Legends says it's true (with Pics)

    Since the advent of the Automated Teller Machine (ATM) a few decades ago, banks and their customers have had to deal with a new form of theft: card-skimming. Card-skimming is the collection of ATM card numbers and PINs for the purpose of stealing money from bank accounts, a scheme accomplished through methods as low-tech as simply watching customers as they use ATMs (a technique known as "shoulder surfing"), or methods as high-tech as installing false card readers (or whole false fronts) on top of existing ATMs. With the purloined information, scammers can manufacture counterfeit ATM cards and use them to withdraw money from accounts. (In some cases the thieves may steal the original ATM cards, then use some form of card-skimming to collect the appropriate PINs.)

    The scheme described in the e-mail warning quoted above is one of the decidedly high-tech variety: a phony card slot installed over the real one scans information from an entered card's magnetic stripe, and a small camera hidden within an adjacent pamphlet holder records information from the ATM's display screen and keyboard. The pilfered information is sent via a wireless transmitter to waiting thieves, who can capture it on a laptop from up to 200 meters away.

    The very scheme pictured here was indeed used in South America to steal information (and money) from customers of Bradesco, a Brazilian bank:

    An e-mail, which has been widely circulated in the past week, shows how a fake card slot containing a scanner can be attached to an ATM machine to record data from a credit or debit card's magnetic stripe. A camera attached to the side of the ATM and disguised as an information box is positioned to record information on the screen and the keypad.

    A wireless transmitter inside the box then sends the video to the scammers, who can capture the information on a computer in a nearby car or building. The thieves can be up to 200 metres away.

    A spokesperson for NCR, the ATM giant which produced the cash machine shown in the e-mail, said the scam had been reported several times in South America. The machine shown in the document belonged to Brazilian bank Bradesco.

    Police in Canada, the United States and Malaysia have reported cases of fraud using similar hi-tech methods.1

    Similar card-skimming equipment was also found on ATMs in Hong Kong in January 2004:

    Two hi-tech pinhole cameras concealed in two automatic teller machines outside a branch of the Hang Seng Bank branch in Tsuen Wan were discovered when a repairman was fixing a blown fluorescent light, it was revealed yesterday.

    Each camera, equipped with a transmitter and batteries, was hidden behind a fake panel affixed to the top of the ATM casing, a source said. The machines were at the bank's Tai Ho Road branch.

    The home-made panels were described by the source as highly sophisticated and not easily seen.

    They were very thin and only about 7cm high, matching the width of the ATMs and painted the same colour.

    The cameras were positioned to view the keypads and monitors of the machines to spy on cardholders as they entered their personal identification numbers.

    The devices are understood to have been able to transmit images to a remote receiver in the area and had been there for two or three days.2

    In the United States, where independent ATMs (i.e., machines not maintained by banks) are more common, some crooks have resorted to even more thorough methods for stealing money. In December 2003, U.S. Secret Service agents arrested Iljmija Frljuckic, who had bought and installed more than 55 ATMs in California, Florida, and New York. Frljuckic used the machines to collect information on more than 21,000 accounts from 1,400 different banks, which he used to appropriate over $3.5 million from customer accounts.

    For now the best defense is for ATM customers to remain cautious and vigilant when using their cards, but distinguishing a rigged machine (especially one of the independent variety) from the real thing can be extremely difficult even for the most careful of users. NCR hopes that the introduction of "smart cards" (i.e., cards with embedded chips) will eliminate the problem of counterfeit fraud.

    Good advice would be to get into the habit of using the same ATM for almost all of your transactions so as to better recognize when something is different with the machine. Be wary of any changes you see on its outside. If it's affixed to a bank, walk in and ask why the changes were made.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Thanks for the interesting heads up MsM!

    I just had a look at my cards......over here we have the usual credit cards, and "debit cards". The debit card is a direct link to your bank account, but you have to have the money there, or an overdraft agreement with your bank

    I have one that has just expired, and I notice that it ran from 2000...........it has an embedded chip, as does its replacement, and I seem to recall that the one before from 1998 also had the chip.

    My credit card is fairly new and does not, and I just checked a couple of my wife's store cards, and they don't either!

    How is it over in Canada?

    Well, let's be positive.............the bank is protecting my overdraft ....someone might steal it?

    And I just won $ (US) 103 on our National Lottery so I am rich?

    Cheers

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Well, I don't think it's as much monetary theft as Identity theft that I'd be concerned about. People often use the same passwords for online access as they do for their PINs. AFAIK, for the most part, credit cards and ATM cards don't have embedded chips here except for AMEX. I know my ATM card doesn't since I've had the same card for about 10 years.

    And even if it is monetary theft, it doesn't mean that you have to have a lot. 1000 people with $100 means $100,000. And you'd be hard pressed to prove it wasn't you that removed that money especially if it was an ATM without a camera or with a broken camera.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    I remember watching a programme not that long ago about people renting a small business property in the middle of town and fitting a false ATM machine. What happened was that it took the card, waited for the PIN to be input and then recorded all the information on the magnetic strip and of course the PIN. To stop people figuring this out, the machine just threw back the card and said something along the lines of 'sorry, this machine does not have sufficient funds to deal with your request'. Most people would just think that there was a temporary fault and try another machine, but in reality the criminals came back every night, took all the information from the machine and made duplicate cards. They got away with it for a while too, but I think they were caught in the end because in order to fit the false front (and it was an entire false front, not a small card reader or anything like that) they had to rent that business property and so they were tracked down that way.

    The easiest thing to do is to use the machines in shopping centres wherever possible, because they close at night and so would be difficult to tamper with (and it would look a bit suspicious if you were fiddling with an ATM during the day).
    Paul Waring - Web site design and development.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Unless you are dressed as a Brinks guard or some other "official looking security guard" (not the Rent-a-Cop specials but the big ones). Social engineering tied with this could go a long way.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    This isn't a new story over here - see http://news.bbc.co.uk/1/hi/uk/3157214.stm for a story published on 9 October last year for more details. And, no, this isn't an urban legend ...

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Nice one pwaring!!!

    I remember watching a programme
    We use "program" for computer instruction sequences, and "programme" for a TV presentation, or that which one obtains at the entrance to the theatre/opera.

    I do not think that "identity theft" is that much of a problem here?...just steal card and get £200 ($500), depending on local limits.......then run?

    You must have good equipment or don't drink like me if a card will work for 10 years MsM

    Cheers

  8. #8
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    One of my books tells the story of an actual case involving a group setting up fake ATM machines in public areas to do just this. Maybe the one pwaring was talking about...
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  9. #9
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    I worked in a back for about 3 years, and once i came across something like this. I wasn't sure how they did it, but the "attackers" were stealing money from our customer's ATM cards. I'm guessing they probably used the same technique mentioned in those pics. The bank I worked for was quite irresponsible and the Management was quite ignorant to these kinds of crimes. Thank you for the information mittens. LOL finally i understand how they "might" have done it .

  10. #10
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    They never cease to amaze me. Snooping on 802.11 with a Pringles can, fake card readers, the list goes on and on. Bet I'll thik twice about using the ATM. As always, a good post.

    Kudos, MsMittens.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •