We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.

croom new

Preferred Blog

Preferred has been serving the Tinley Park area since 1991, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Debit Card Chip and PIN Won’t Save You From This ATM Scam

Your Debit Card Chip and PIN Won’t Save You From This ATM Scam

Do you remember how your bank issued you a new debit or credit card with a built-in, security-enhancing chip? There are now ATMs specially designed for use with these chips. Unfortunately, the same technology that was originally meant to secure your finances can also be used against you in the form of fraudulent cash withdrawals.

At the Black Hat conference in Las Vegas, Weston Hecker, a senior security consultant at Rapid7, demonstrated the attack in detail. It’s believed that this method can allow someone to steal up to $50,000 out of a single ATM in under 15 minutes. In the past, hackers could exploit ATMs running older operating systems, like Windows XP, but this is a different problem altogether. These aren’t vulnerabilities that are the result of being out of date; in fact, these systems are brand new, and shouldn’t contain these problems at all.

The exploit uses a $2,000 kit to install a device into the terminal itself, and allows the user to reap immense gains for their investment. The device must be placed in the card slot, right where the ATM user’s card chip would be. The device then steals the chip’s data, including the PIN, and transfers it to the criminal, who could be several hundred miles away from the site of the hack. They can then download this data and use the card details to withdraw cash from any ATM system.

The hacker can use this data to constantly withdraw funds from an ATM, amounting to a major loss for the victim. Of course, hackers still have to find an inconspicuous or unattended machine to steal from, or locate one which is remote enough that nobody would know or care about what they’re doing. Either way, this exploit allows hackers to steal a significant amount of money without much effort.

With any method, there are drawbacks that can keep the hacker from making the most out of their acquisitions. For example, a hacker has a limited window to exploit the credentials they’ve obtained. Once the user catches on and reports the suspicious activity, the hacker’s fun will come to an end. Additionally, most ATMs are monitored through either internal security cameras, or external hidden cameras that are positioned all around the terminal.

In spite of these challenges, hackers could very well take advantage of this vulnerability. Rapid7 has fully disclosed the details of the vulnerability to the manufacturers, but hasn’t made the details public out of fear that this information could put more people at risk. Basically, Rapid7 wants to give the manufacturers an opportunity to one-up the hackers before they find a way around this fix, too.

Even if you don’t suspect that a hacker has made off with your credit card credentials, it’s still a best practice to monitor your bank statements for consistency, and to ensure that no suspicious activity is targeting them. It’s also good to know that your bank will never contact you via email or phone number asking you to change your PIN or confirm other credentials. Some hackers may try to get you to hand over credentials through phishing scams, which are specifically designed to harvest your sensitive information and use it against you.

Bonus tip: don’t input credentials into unsecured websites. Any website that wants your credit card number, security code, or otherwise, should be protected by encryption to hide your information from hackers. You should be mindful of where you plug in any sensitive information on the Internet, as some websites might look legitimate, but be designed to steal your data.

For more information about how to keep your financial records secure, reach out to Preferred at 708-781-7110.

Cortana Gets a Little Too Clingy After Latest Upda...
Tip of the Week: 4 Reasons Why “Dumb” Phones are S...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Saturday, November 23 2024

Captcha Image

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Blog Archive

      Latest Blog Entry

      Businesses of every size need to prioritize their security. This fact has not changed and will not change anytime soon. What has changed, however, are the recommended ways to approach this security. Today, we wanted to review the history of today’s predominant cybersecurity ...

      Latest News

      Best Places to Work - 5 YEARS STRONG!!

      Preferred is once again, honored for being a Best Place to Work for the fifth straight year!  Our team is what makes Preferred a Best Place to Work.  

      Daily Herald Suburban Business 2024 Best Places to Work Honorees The Daily Herald Suburban Business has announced the names of 51 companies, in 5 categories of competition, that are honored as the 2024 Best Places to Work in Illinois. This statewide survey and awards program was designed to identify, recognize and honor the best places of employment in Illinois, benefiting the state's economy, its workforce and businesses.