Scam of the day – November 23, 2016 – Increased threat to ATMs

For years I have been warning you about the dangers of skimmers, which are small devices installed at ATMs, gas pumps and other card readers that are used to steal the information from your credit card or debit card to gain access to your credit or your bank account respectively.  However, recently a new threat is emerging around the world that poses a greater threat to ATM security.  Cybercriminals including the Russian cybergang known as Buhtrap are using newly developed malware to target not just individual accounts, but the internal networks of banks and ATMs in order to program the ATMs to spit out huge amounts of cash at a specific time.  This technique has been used in Taiwan and Thailand earlier this year to deliver cash to the criminals who go to the infected ATMs at a specific time when the ATM’s programming has been altered  programmed to spit out cash to the awaiting criminals.  The threat to banks around the world is quite real and has been the subject of multiple FBI warnings to financial institutions in the United States since the summer.

TIPS

In the recent attacks against banks in Taiwan and Thailand, the malware infecting the banks’ internal networks and ATM systems was installed when bank employees clicked on links in phishing emails that appeared to come from other banks or ATM vendors and unwittingly downloaded the malware enabling the cybercriminals to take over the banks’ internal systems and ATM systems.    The danger of phishing cannot be overestimated.  According to Jeh Johnson, the Secretary of the Department of Homeland Security, “the most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing.”

This is a lesson to us all.  Whether at work or at home, the danger of phishing emails is tremendous, but it is easy to avoid.  Install anti-phishing security software on all of your electronic devices, however, you cannot depend on this software to keep you totally safe so the best rule to follow is to never click on any link or download any attachment in an email or text message unless you have absolutely confirmed that it is legitimate.

Scam of the day – January 31, 2014 – Identity theft ring busted in New York City

Recently Manhattan District Attorney Cyrus R. Vance, Jr. announced the arrest of thirteen people for identity theft perpetrated through skimmers installed in gas pumps at gas stations in Texas, Georgia and South Carolina.  Skimmers, as I have told you many times previously are small electronic devices that are often installed by identity thieves to ATMs and other devices, such as gas pumps that have credit card swiping capabilities.  The skimmer captures the information from the inserted credit card or debit card and transmits the information to the identity thief who is then able to use that information to make phony credit cards and debit cards to steal money from the victim of identity theft.  In this case, the skimmers were installed on gas pumps at Raceway and RaceTrac gas stations in Texas, Georgia and South Carolina.  The stolen information was transmitted from the skimmer using Bluetooth technology to the identity thieves who then made phony credit cards using that data which they then used to withdraw cash from ATMs in New York City.

TIPS

Certainly if you used a credit or debit card at a Raceway or RaceTrac gas station in Texas, Georgia, or South Carolina in 2012 or 2013, you should check your credit card statements and bank account statements for evidence of any fraudulent use although frankly we should all check our credit account statements and bank account statements at least once a month and preferably more often.  If you find irregularities, report them to your bank or credit card company immediately.  Also, whenever you use a credit or debit card swiping device, you should always carefully inspect the device for any evidence of tampering.  Skimmers can be quite thin, but are most often visible if you carefully inspect the device you are using.  If the device seems at all peculiar, don’t use it.