ATM Skimming Attack With Hijacked ATM Security Camera to Steal User’s PIN

The recently discovered ATM skimming attack can hijack the security cameras built in the ATM, thus making it easy for the hijackers to steal a user's PIN.

First reported by Krebs on the scam, here is the story on the attack. The scammers had placed the skimmer over the top of the custom-facing security camera at drive-up bank ATM in Hurst, Texas. The skimmer includes a camera component that is angled towards the ATM cash machine’s PIN pad. This enabled the attackers to record the victims’ PINs.

It is to be noted that the PIN grabber used a metallic, wafer-thin sized skimmer which could be fitted straight into the mouth of the ATM’s card inserting slot. This makes the card skimmer completely invisible from outside, hence it is easy for the scammers to record as many PINs as possible.

“The clever PIN grabber was paired with an 'insert skimmer', a wafer-thin, usually metallic and battery powered skimmer made to be fitted straight into the mouth of the ATM’s card acceptance slot, so that the card skimmer cannot be seen from outside of the compromised ATM,” states Krebs on Security in its report. Lack of simple but necessary cybersecurity measures often leads to attacks of this kind. It is advised to type the PIN number by covering with hand, so it is not caught on camera. If the number is recorded on the spoofed camera, it can be later used by scammers for other fraudulent activities.