WARNING: ATM Spoofing ***Pics***

Just came from the bank where it was discovered that someone has been spoofing my ATM card for it's maximum limit for the past four days! The computer is showing withdrawls on 7/31, 8/1, 8/2, and 8/3! They have my card number and my PIN NUMBER! The withdrawls were in Brubank, CA and L.A., Ca!!

BE WARNED!! /ubbthreads/images/graemlins/mad.gif /ubbthreads/images/graemlins/mad.gif /ubbthreads/images/graemlins/mad.gif

Re: WARNING: ATM Spoofing

It's one thing to spoof your card, but how did they get your PIN? I think 4-digit PINs are too short, but, still, there are 10K combinations in a 4-digit PIN. You would think that too many failed attempts on the PIN from enough ATMs would raise a flag (and 3 or failed attempts with the card usually cause the machine to suck the card in) -- or perhaps someone knows you a little better than you think...

Re: WARNING: ATM Spoofing

Actually, there was a huge ATM card syndicate in Asia (Malaysia was one of the major cases) a few months back that got busted... Apparently they had some sort of card magnetic strip 'reader' that was small enough to slot into an ATM machine's card slot, so that when you put in your ATM card, it reads the data off your card. And there's a guy who'll be in the queue behind you, trying to peek at you while you're entering your PIN. That's how they get the PINs to make the fraudulent withdrawals after cloning your ATM card, if you're not careful.

Re: WARNING: ATM Spoofing

I think about the only way that is really possible is if you used your ATM card somewhere with a pin pad that wasn't really a pin pad! You can buy those dumb things surplus and hooking them up to a computer to capture the data would not be that hard to do.

See if you can remember if you used it at any retail places recently, or I suppose it's possible that it was at a regular ATM style machine, but that would be more difficult.

An old trick that computer hackers used was to leave a shell running that looked like the login, it would record what you entered, give you an error and then log out for real so that the second time it would work and people just think they made a typo. Did you have any similar experience somewhere? Scanned your card and entered the pin only to have it ask you to scan again before it would go through?

This kind of thing is becoming more prevalent so it's going to be important (and interesting!) to track it down as to where it came from! Please post as you learn more about what happened!

pin numbers are short, but it is not allowed to store them in any electronic way. I worked on a system for a major retail chain (why won't people just say where they worked?) and we were not allowed to store the pins at all. So even if a computer somewhere was hacked into they could get the card number, but the pins are not saved.

Re: WARNING: ATM Spoofing

The spoofing is being done in Burbank,Ca and I live in Texas. You could see where they tried untill they finally figured out what my limit was. Started about 19:39 on 7/31 Ca time.

Re: WARNING: ATM Spoofing

There was an article about an "interesting" way some folks were getting pins

You know those 3rd party ATM machines you see around? It seems a crime syndicate (Eastern European) figured out that there was almost no control over who could buy and operate one.

So, you buy one, mod it slightly to record the card and pin when a transaction is made, and install it. Every time someone uses the machine, you get the card number and pin. It seems the collected 10s of thousands of sets, all while charging you a $1.50 for the convenience

Re: WARNING: ATM Spoofing

KC2IXE, I had heard of that before and that's why I only use ATMs in Banks. BTW..they spoofed my card for $2000!!

Re: WARNING: ATM Spoofing

Roy, thats interesting as it's obviously a bigger racket than just some clever guy at the corner store. This is potentially a big operation. I hope that the police or since it's operating across state lines the FBI are involved? $2k is enough to call in some more help! You won't be the only one.

Re: WARNING: ATM Spoofing

[ QUOTE ]
James S said:
Roy, thats interesting as it's obviously a bigger racket than just some clever guy at the corner store. This is potentially a big operation. I hope that the police or since it's operating across state lines the FBI are involved? $2k is enough to call in some more help! You won't be the only one.

[/ QUOTE ]

I only use my ATM card for ID

Brightnorm

Re: WARNING: ATM Spoofing

. . . and I don't have an ATM card. I get cash every few weeks from the teller at my credit union. Perhaps old-fashioned, but it works perfectly every time. /ubbthreads/images/graemlins/smile.gif

Paul

Re: WARNING: ATM Spoofing

For thost that think the old fashioned ways are any safer need to remember that people were getting rippied off for decades with those same old fashioned techniques. And don't think your checks are any safer. The number off the bottom of your check is the same as a credit or debit card number, worse actually since there's no need for the 3 digit code on the back of credit and debit cards. When you use a check at the store and it's run through a machine, some withdraw the money then, they could give you your check back as it's not needed anymore. Watch a couple commercials, and you'll see a few that say they can take your check over the phone just like a credit card, same thing. You can pay some bills the same way with a check.

Re: WARNING: ATM Spoofing

[ QUOTE ]
Stanley said:
Actually, there was a huge ATM card syndicate in Asia (Malaysia was one of the major cases) a few months back that got busted... Apparently they had some sort of card magnetic strip 'reader' that was small enough to slot into an ATM machine's card slot, so that when you put in your ATM card, it reads the data off your card. And there's a guy who'll be in the queue behind you, trying to peek at you while you're entering your PIN. That's how they get the PINs to make the fraudulent withdrawals after cloning your ATM card, if you're not careful.

[/ QUOTE ]

We had something similar to this happen in our area last year. I do not remember all the details, but someone had noticed something attached to the ATM machine and had reported it to the bank. The person that noticed it had apparently went to that same ATM in the morning and had went back that afternoon and noticed the change.

I know there are some ATM units where you just swipe your card instead of the machine taking the card. This must have been the type of ATM in question as you could see the addition of the extra reader at the bottom of the regular reader.

I do not believe they caught the person(s) involved in this.

Re: WARNING: ATM Spoofing

When I went on a WestPac cruise once, after being at sea for quite some time, I actually forgot my PIN to my ATM card. It had been somewhat recently issued and I hadn't used it very many times. This was a problem because I had direct deposit, meaning that all of money went straight into the bank, which I had no way of accessing. After the first port, I was nearly broke. It wasn't until the fourth port that I finally figured out my PIN, but I missed out on alot of goodies before that. The reason it took so long to figure out is because I would try to guess it twice at every ATM I came across. After quite a number of tries, I finally got it right. /ubbthreads/images/graemlins/smile.gif

For an interesting take on bank fraud, check out Catch Me if You Can if you haven't already seen it...

Mark

Re: WARNING: ATM Spoofing

Roy, does the bank have any idea how it happened? Are you responsible for the whole amount?

Re: WARNING: ATM Spoofing

Geep....The bank has no idea how they got the PIN. NOt responsible for any of the charges...I got to the bank before the charges got to accounting!!!

Re: WARNING: ATM Spoofing

Congrats Roy. Just another scarry reminder of what can happen with CC, checks, etc. /ubbthreads/images/graemlins/icon23.gif

Re: WARNING: ATM Spoofing

maybe you have an easy pin to guess... what was it? /ubbthreads/images/graemlins/tongue.gif

seriously... i read a whitepaper talking about pin encryption methods. they are SERIOUSLY insecure (the methods and "secure" should not even be used in the same paragraph). the paper addressed decrypting them from bank records, which it then detailed on how to acquire. the banks were so scared by the paper that they (guess what) sued the writer in an attempt to quash the info. wish i still had the link around... think it may have found in on wired magazine. basically... you could guess ANY pin in about 15 tries. it worked from the fact that the encrytion method was a known standard in the industry (think about that for a while).

/ubbthreads/images/graemlins/tongue.gif

Re: WARNING: ATM Spoofing

Glad to hear that. I know you're only responsible for the first $50 or so if your credit card is stolen or abused but I thought you were screwed if you use an ATM and the same thing happens. I try to remember to check my balance daily online but I know withdrawals can take a few days to show up, especially if out of your local banks network.


[ QUOTE ]
Roy said:
Geep....The bank has no idea how they got the PIN. NOt responsible for any of the charges...I got to the bank before the charges got to accounting!!!

[/ QUOTE ]

Re: WARNING: ATM Spoofing

Turbodog, I believe I saw some coverage of that at Slashdot, also, a month or so ago ...

Re: WARNING: ATM Spoofing

[ QUOTE ]
Tomas said:
Turbodog, I believe I saw some coverage of that at Slashdot, also, a month or so ago ...



[/ QUOTE ]


yeah, that sounds better than wired...