A new and unique ATM skimming attack technique has been observed recently. The scammers are hijacking the security camera built in the ATM to steal a user’s PIN.
How does it work - According to the report from Krebs on Security, the scammers had placed the skimmer over the top of the custom-facing security camera at drive-up bank ATM in Hurst, Texas. The skimmer includes a camera component that is angled towards the ATM cash machine’s PIN pad. This enabled the attackers to record the victims’ PINs.
One of the important aspects of this new attack technique was that the PIN grabber used a metallic, wafer-thin sized skimmer which could be fitted straight into the mouth of the ATM’s card inserting slot. With the card skimmer totally not visible from outside, this makes it easy for the scammers to record as many PINs as possible.
“The clever PIN grabber was paired with an 'insert skimmer', a wafer-thin, usually metallic and battery powered skimmer made to be fitted straight into the mouth of the ATM’s card acceptance slot, so that the card skimmer cannot be seen from outside of the compromised ATM,” states Krebs on Security in its report.
Why does this hack work - Users become victim to such attack due to the lack of simple cybersecurity measures. A majority of people were found typing the PIN without covering the keypad with their hand. The number, thus typed, gets recorded on the spoofed camera and is later used by scammers for other fraudulent activities.
Hence, it is very necessary to cover the PIN pad with a hand, while entering the PIN. This blocks the skimmers from stealing your PINs.