The U.S. Secret Service has sent out a warning about a difficult type of ATM skimming that could take days for criminals to set up.
According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by another source, the Secret Service has received multiple reports about a form of skimming often called ATM “wiretapping” or “eavesdropping.”
The attack involves thieves using a drill to make a large hole in the front of a cash machine, which is then hidden by using a metal faceplate, or a decal featuring the bank’s logo or boilerplate instructions on how to use the ATM. Thieves will then fish the card skimming device through the hole and attach it to the internal card reader via a magnet.
Once the skimmer is in place, thieves often need to wait a day or two before attaching the pinhole camera. “The delay is believed to take place to ensure that vibrations from the drilling didn’t trigger an alarm from anti-skimming technology,” the alert reads.
The hidden camera is usually a false fascia directly in front of or above the PIN pad, recording victims as they enter their PIN in a time-stamped video.
Another method involves thieves replacing the PIN pad security shield on the ATM with a replica that includes a hidden pinhole camera, hiding the camera components behind the cut hole and fishing the camera wiring and battery through the hole drilled in the front of the machine.
“Several sources who spend a great deal of time monitoring cybercrime forums and communications have recently shared multiple how-to documents apparently making the rounds that lay out in painstaking detail how to execute these wiretapping attacks. So that knowledge is definitely being shared more widely in the criminal community now,” wrote Brian Krebs.
While it’s getting harder to spot skimming devices, Krebs noted that one of the most important steps a consumer can take to protect their accounts is to simply cover the PIN pad with your hand when entering the PIN. “You’d be amazed at how many people fail to take this basic precaution,” he added.