Just over a month after the FBI began warning global banks to be on the lookout for the “Unlimited” ATM Cashout Blitz attacks that could drain the machines of all their holdings, the Secret Service is warning financial institutions of a surge in ATM “Wiretapping” attacks.
Also known as eavesdropping, the advanced skimming techniques were spotted in Europe as far back as 2014 and involve an attacker drilling a relatively large hole in the front of an ATM to install an internal card skimming device along with either a pinhole sized camera or a false keypad, to steal user PINs, according to KrebsOnSecurity.
The hole is then concealed with a false plate often displaying the bank’s logo. This type of skimming attack is often harder to detect as since the devices are embedded in the machine making them harder to spot.
To defend against these attacks, researchers recommend users always pay attention to the ATMs they use and look for signs of tampering, use machines in well trafficked places rather than those that are secluded, and always cover their hand and key pad while entering their PIN.
“Sure, there is still a chance that thieves could use a PIN-pad overlay device to capture your PIN, but in my experience institutions these are far less common than hidden cameras (and quite a bit more costly for thieves who aren’t making their own skimmers),” KrebsOnSecurity said. “Done properly, covering the PIN pad with your hand could even block hidden cameras like those embedded in the phony PIN pad security shield.”