Momma always told you to be careful at ATMs, so you hide your PIN from strangers and use the machines in a well-lighted area. But what if the machine itself is stealing your information?
A gang of high-tech thieves has allegedly been traveling up and down Florida's east coast, hacking those "Presto!" ATMs outside Publix stores to steal your card number and PIN. A regular-looking schlub in shorts and a Marlins cap (of course) showed up on video cameras, looking over his shoulder as he tampered with the device for around two minutes, then left it to his victims.
Fort Lauderdale police won't say how the "skimming" devices worked, because they don't want to educate wannabe thieves. But the world of skimming is a complicated, high-tech place.
Essentially, a skimmer device has two parts: a magnetic reader that overlays the one used by the ATM, to simultaneously capture your card number as you swipe the card. Then there's a device to steal your PIN, which usually works in one of three ways: a pinhole camera spies on the keypad; an infrared camera captures a "heat map" showing which keys are warm from being pressed (the coldest ones were pressed first); or even a keypad "overlay" that looks like the real thing and captures each press. The electronics are usually hidden in the card-reader section of the device, and a pinhole camera is usually included in that as well.
So what type of electronics did the Publix thieves use? Not so fast, Sparky. "Releasing that information would potentially educate the suspects or wanna-be suspects," says DeAnna Garcia of the Fort Lauderdale Police Department. So the place to go for skimming information seems to be Brian Krebs, a former Washington Post reporter who now runs the blog krebsonsecurity.com.
He reveals a criminal underworld in which rogue experts sell full skimming kits through scammer forums and IRC chat, thieves use custom-manufactured readers made by 3-D printers, and ball-shaped cameras stuck like fungus in the upper corner of ATMs record your fingers' every move.
News reports indicated that the Publix thieves slipped a sleeve over the card reader to look like the original and contain their electronics. Here's a relatively simple device that may have been similar to the one they used, described on Krebs' site:
Note that there's a tiny pinhole camera on the bottom-left corner of the reader to capture PINs. Things get wackier from there. One new kind of skimmer is so tiny -- just a reader and chip -- that it fits inside the original card-reading slot. Other devices include a professional, installed keypad overlay
The thieves at Publix are suspected by law enforcement of being part of a skimming "gang" that travels around the state, coordinating attacks to hit far-flung ATMs over a short period of time. They were enabled by the fact that Publix ATMs reportedly don't have video cameras built into the device. The external video surveillance footage that allegedly captured a man installing a skimmer didn't seem to include any cumbersome parts or installation, so it was likely a fairly simple device.
Here's a video from a store in Daytona Beach courtesy of the Sun-Sentinel, including cartoon-like looking over the shoulder.
Police across four counties are looking for the thieves. Garcia of the Fort Lauderdale Police said the distinguishing characteristic of one of the men is that he wears colorful shorts.
If you like this story, consider signing up for our email newsletters.
SHOW ME HOW
You have successfully signed up for your selected newsletter(s) - please keep an eye on your mailbox, we're movin' in!