Scam of the day – April 9, 2017 – New vulnerability with ATMs exposed

A famous bank robber was quoted as saying that he robbed banks because “that is where the money is” which is also a good explanation for why ATMs have been such a favorite target of cybercriminals for years.  A wide variety of techniques from commonly used skimmers which capture data from the debit cards as they are inserted in the ATM to actually hacking into the bank’s computer software that control networks of ATMs have been effectively used to steal vast amounts of money from ATMs.

At the recent Kaspersky Analyst Summit, a Kaspersky researcher disclosed a new way hackers have successfully attacked ATMs since the Fall of 2016 which involves drilling a hole in the ATM next to the PIN pad and inserting a wire connected to a  small computer that is snaked in through the hole to connect to a part of the ATM where the hacker could send commands from his computer to the ATM to disperse  a flood of cash.   This technique exploits technical vulnerabilities of the ATMs and is simple, effective and, according to the security company Kaspersky, requires only about fifteen dollars of equipment.


As a responsible security company, Kapersky, upon becoming aware of the precise manner in which this ATM hacking can be accomplished notified the maker of the affected ATMs, however, fixing the problem cannot be done remotely and will require replacing hardware in all of their ATMs.

As for we, the consumers, there is nothing we can do about this type of problem, but frankly, it is not our problem.  The money taken from the ATM is not from a particular account so we as individual consumers are not at risk.

Scam of the day – April 18, 2015 – TD Bank hit by a skimmer

The Chelmsford Massachusetts police are investigating a skimmer that was found installed on a branch of TD Bank in Chelmsford Massachusetts.  Skimmers are small electronic devices that are easily installed by an identity thief on ATMs and other card reading devices, such as at gas pumps.  The skimmer steals all of the information from the credit card or debit card which then permits the identity thief to access that information to access the victim’s bank account when the skimmer is used on a debit card attached to a bank account.  Each skimmer can hold information on as many as 2,400 cards.


Always look for signs of tampering on any machine through which you swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, which are used at ATMs when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if they do not report a theft promptly.   Skimmers at ATMs are often coupled with a thin, clear electronic device that goes on top of the keyboard to capture the victim’s PIN to enable the identity thief to access the account of the victim whose account number was captured through the skimmer.

Scam of the day – December 31, 2013 – International hacking network busted

This week Spanish law enforcement working closely with American law enforcement broke up a major international hacking effort that had been responsible for stealing more than sixty million dollars from ATMs throughout the world.  Among those arrested were six Romanian citizens and two Moroccan citizens, all of whom were arrested in Spain.  When arrested, the individuals had a large amount of cash, jewelry, computers and approximately 1,000 counterfeit ATM cards.

This same criminal group, it is alleged stole 40 million dollars throughout the world in a coordinated and swift attack that took place in just four hours in 23 different countries early in 2013.  It is alleged that the data breach necessary to obtain the card information was done through hacking into the data bases of credit card processing companies, which in recent years have become known to be the weakest link in the electronic payment system.


This particular story underscores that regardless of how careful you are, you are only as safe from identity theft as the places holding your personal information with the weakest security.  Unlike many other major ATM security breaches, the information necessary to accomplish the scam was not obtained through skimmers capturing card data when cards were inserted into tampered ATMs.  Rather the information was stolen from credit card processing companies and then used to make counterfeit cards which were then taken to ATMs to access the accounts of the people whose identities were stolen.

Certainly you should follow good personal security steps as described in my book “50 Ways to Protect Your Identity in a Digital Age,” but you should also recognize that merely following those steps will not totally protect you.  You should limit the use of your debit card to ATMs and not use the card for retail purchases where you do not receive the same level of protection from fraudulent charges that you have with a regular credit card.  In addition, you should monitor your credit card regularly for fraudulent charges to catch any security breach early.