Tag: skimmers | SpinSafe

In Worrisome Development, ‘Skimmers’ Hack Gas Pumps to Read Credit Cards

August 14, 2021/in Computer Security

A “skimmer” circuit board found inside a gas pump in San Diego County. Courtesy San Diego County Agriculture, Weights and Measures

A former San Diego Police Officer, Larry Avrech, had gotten a heads up from another former cop about keys being sold on the Internet that could open up gas pumps. Their first question was, is this legal?

Their second question was, why would anyone want to open up a gas pump?

The images Avrech found online showed two “gas pump replacement lock keys.”

The answer comes from Brian Krebs, a former newspaper reporter who is an expert on computers and Internet security.

“For decades, only a handful of master keys were needed to open the vast majority of pumps in America,” Krebs said. “That has changed, but I bet there are some older stations that haven’t yet updated their locks.”

It’s “entirely possible and plausible,” Krebs said, that ”the keys are being used to open pumps. The purpose, he said, is for thieves who use “skimmers.”

Skimmers are a cleverly disguised electronic technology that thieves attach to cash machines, gas pumps and self-service checkout stands to steal credit card data. Krebs, a former Washington Post reporter, explained that the types of skimmers range in sophistication.

In some cases, the thieves must return to the scene of the crime to retrieve the data. More sophisticated strategies use texting to send the data.

In San Diego County, skimmer devices are spot checked as part of 700 inspections of gas stations done annually by San Diego County’s Agriculture Weights and Measures office. Typically, the locations chosen to place skimmers are close to freeways, have easy in-and-out access to a road, do not have a store or kiosk associated with it, and shut down for the night.

Gig Conaughton, communications specialist for the department, said this year inspectors found six skimmers, all of which were removed by the U.S. Secret Service. Conaugton said he couldn’t provide the exact locations “because there is still an ongoing, active investigation.” But he was able to say the inspectors found the skimmers “split at two locations in Santee and National City.”

Source…

Filipinos encountered more card skimmers online in 2020

February 24, 2021/in Internet Security

FILIPINO internet users who encountered online credit card skimmers increased by 20% in 2020, internet security firm Kaspersky said.

In an e-mailed statement on Monday, web skimmers, sometimes referred to as sniffers, where scripts are embedded by attackers in online stores and used to steal users’ credit card data from websites, caused the increase in the total number of web threats in the Philippines last year.

“The number of web threats in the country is about 37.19% more in 2020 compared to 27,899,906 web threats (44.4%) detected in 2019,” it said.

However, globally, the Philippines’ ranking in 2020 global web threat detections fell to sixth place from fourth in 2019.

“In the 2020 Kaspersky Security Network report, it showed that Kaspersky solutions installed in computers of Filipino users detected 44,420,695 different internet-borne threats last year,” the internet security firm noted.

“The report also revealed that more than four-in-10 (42.2%) of online users in the country were almost infected with web threats in 2020, putting the country at sixth place globally,” it added.

The Philippines followed Nepal with the highest percentage of users attacked by web-borne threats (49.3%), Algeria (46.9%), Mongolia (44.5%), Somalia (44%), and Belarus (43.9%).

Kaspersky noted the number of Filipino internet users who encountered web miners declined “by one and a half times.”

“A Trojan miner like Trojan.Script.Miner.gen is an example of a web-mining malware that is used by cybercriminals to secretly mine cryptocurrencies using someone’s computing power and electricity,” it said.

Internet browsing, unintentional downloads, e-mail attachments, browser extensions activities, downloading of malicious components or communications with control and command servers performed by other malware were among the top five sources of web threats in the Philippines.

Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky, said: “The pandemic has blurred the lines between corporate defenses and home security.”

“Remote work, online classes, digitalization across all sectors will continue, at least…

Source…

Credit card skimmers now need to fear the Reaper

August 16, 2018/in Internet Security

BALTIMORE—At the USENIX Security Symposium here today, University of Florida researcher Nolen Scaife presented the results of a research project he undertook with Christian Peeters and Patrick Traynor to effectively detect some types of “skimmers”—maliciously placed devices designed to surreptitiously capture the magnetic stripe data and PIN codes of debit and credit cards as they are inserted into automated teller machines and point-of-sale systems. The researchers developed SkimReaper, a device that can sense when multiple read heads are present—a telltale sign of the presence of a skimmer.

Nolen and his fellow researchers worked with data provided by the New York City Police Department (NYPD) to assess the types of credit-card-skimming gear currently in the wild. They uncovered four broad categories of skimming gear:

Overlays—devices that get placed on top of the slot for the ATM or point-of-sale system. They can be modeled to match a specific ATM type’s card slot or, in some cases, overlay an entire device such as a credit card reader at a retail point of sale. Overlays on ATM machines are sometimes accompanied by a keypad that is placed atop the actual keypad to collect PIN data.
Deep inserts—skimmers engineered to be jammed deep into the card reader slots themselves. They’re thin enough to fit under the card as it is inserted or drawn in to be read. An emerging version of this is a “smart chip” skimmer that reads EMV transactions passively, squeezed between the card slot and the EMV sensor.
Wiretap skimmers—devices that get installed between a terminal and the network they connect to. This suggests there’s a fundamental security problem to begin with.
Internal skimmers—devices installed in-line between the card reader of a terminal and the rest of its hardware. These, Scaife said, are more common in gas-pump card readers, where the attacker has a greater chance of being able to gain access to the internals without being discovered.

Overlays and deep inserts are by far the most common types of skimmers—and are increasingly difficult to detect. Police, Scaife noted, often find them only by looking for the cameras used by skimmers to capture PIN numbers, because most of the common detection tips—including trying to shake the card slot to see if it dislodges—are ineffective.

Read 3 remaining paragraphs | Comments

Biz & IT – Ars Technica

Advice for evading ATM skimmers

November 29, 2016/in Internet Security

I cannot use an ATM these days without wondering if I am getting ripped off by a stealthy skimming device that has been placed inside the machine’s card slot. One reason for my concern is that for years now I have been reading with great interest a series of articles on the subject by security expert Brian Krebs, who posted another one just yesterday.

This piece includes a couple of videos showing exactly how scammers insert and remove the skimmers from an ATM, as well as practical advice you can use to thwart those efforts:

To read this article in full or to leave a comment, please click here

Network World Paul McNamara

Tag Archive for: skimmers