After a period of relative calm, ATMs have fallen back under the spotlight of cyberattacks. The change from traditional credit and debit cards (those with the magnetic band) to integrated chip cards, which are more difficult to copy, along with changes to ATMs themselves, has caused a rush among cybercriminals to take advantage of current vulnerabilities before they disappear for good.
As a consequence of this, there has been a marked increase in the number of illicit activities of this sort in recent months. According to FICO, a security company that monitors 65% of all ATMS in the United States, the first four months of 2015 saw the highest number of attacks on cash machines in over twenty years.
The solution to this increase in attacks isn’t to become alarmed and avoid using ATMs, but rather use them with caution and follow a few simple pieces of advice.
Try to guess if an ATM is dodgy
The most common modification technique used with these machines is a method known as skimming, which consists of installing a small device in the slot where the card is inserted which copies the information on the magnetic band. This information is later used to make duplicate cards of to carry out online transactions without the victim knowing.
Knowing that a machine has been tampered with isn’t easy as the skimming devices are usually well hidden. However, there are some things to look out for when checking to see if it is safe to withdraw cash. First of all, take a look at the card slot and the area around it – if you spot any marks or scratches then it’s likely a device has been planted there. Also, check that the little light that usually operates on the card slot is working.
If the light is turned off or you suspect that something is amiss, then we advise you not to use that ATM. Cancel the transaction (if you have already started it) and don’t try to remove the skimmer yourself (advise the staff in the bank instead).
Hide your PIN
If they’ve managed to get your card information and want to clone it or use it to make online purchases, the cybercriminals will also need your PIN, which they can get in a few different ways. The first, and most obvious way, is by looking over your shoulder while you’re at the machine. This is why it is important that you cover the keypad with your hand when entering your PIN, as it will also avoid your code being picked up by a camera hidden on the machine.
Make sure that you have a PIN that is difficult to guess (don’t use simple combination such as 0000, 1234, 1111, or 999, nor ones based on dates of birth or telephone numbers) and never have it written down. For your own security, it’s best that you just memorize it.
Before taking out cash, take a look around you and see if there are any suspicious looking characters in the area. Never accept any help from a stranger during a transaction, no matter what happens. If your card becomes stuck in the machine, or the cash doesn’t come out, don’t accept any assistance, as it could all be part of a trick set up by the attacker. If you find yourself in this situation, the best thing to do is call the bank and remain at the ATM, turning down any offers of help from strangers.
Choose the right ATM
Whenever possible, use an ATM that is inside the bank rather than one that is on the street. Try to avoid bank machines that are located in transport hubs and shopping malls, as these are easy targets for criminals.
According to FICO, attacks on machines placed inside banks have increased by 174%, which is alarming in itself, but pales in comparison to the 317% increase in attacks targeting other bank machines. Wherever there is a lot of light, security cameras, or people passing by, is where it is least likely that the criminals will try to tamper with a machine.
Finally, always keep a copy of your receipt from the ATM and keep a check of movements in your account. If you spot anything suspicious, get in touch with your bank immediately so that they can resolve it. Some banks have a maximum time limit to resolve these problems, so don’t let too much time pass.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
1 comment
Since the beginning of the self-service banking channel, ATMs have run a constant risk of attack. While we used to worry mainly about physical attacks aimed at penetrating ATM safes, attacks have become more advanced, and more subtle, in recent years.