A Few Cases of ATM Fraud in recent times
Over a long weekend, there was an attack on an American bank’s ATMs. As usual it was picked up first by David Maimon (I remember giving him a like on Friday.)
When you work in fraud, one thing’s a given – bad news always hits you on a Friday night. And especially on a Friday going into a long weekend, when someone is about to announce an attack like that, I want to happily stick my fingers in my ears and sing “Na Na-Na Na Na.” (No, I never actually did that 😉 But anyway, this good fraud team did all the right things and put the lid on it over the weekend.
Fraudsters had found a tiny tech glitch that caused ATMs to rain money on people with bad checks. Social media as usual amplified the attack turning regular Joes into part time fraudsters.
I also read about another interesting ATM (NFC) related fraud spotted in the Czech Republic. The MO there was a lot less about ATM glitches. In this one, scammers social engineered targets to download malware called NGate using a tax return bait SMS. This malware displays a fake website that asks for the user’s banking information, which is then sent to the attacker’s server. It then prompts the victims to turn on the phone’s NFC feature and instructs them to place the card behind the phone, so that data from the card is stolen via NFC and sent to the attacker’s Android. Ergo, the attacker can mimic the victim’s card as though it was provisioned to their own device, enabling them to cash out at ATMs that allow NFC.
ATMs are a soft target apparently everywhere. In one instance I think it was Delhi, the perps would shut off the ATM just before it spat out cash. They had installed a chip set in the power plug of the ATM and operated it remotely. The women members of the gang assured the victims of a refund only to collect the cash right behind them.
In common scenarios we’ve all heard of ATM Cash Trapping, Card trapping, Shimming, Debit card swaps, Bogus helpline number stickers, Skimming devices & pinhole cameras, Keypad jamming, ATM Jackpotting, what have you. All one needs to do is spray paint over the CCTV camera and Bam! ATM vestibules are like real-world escape rooms, for fraudsters to play these clever little games.
But there are more braindead fraudsters chasing ATMs too. In the most egregious case ever, I remember watching CCTV footage of an ATM haul. In what had to be the world’s most inelegant heist caught on camera, two members of the gang physically extract the ATM kiosk and clumsily drag it over to a parked truck. (Don’t try this at home 😉
Moral of the story. ATMs are magnets for fraudsters, mules, launderers and friends. While in card we classify fraud by MO, in retail banking it’s classified by the way the money exits the bank: Check, Digital, Branch, ATM, POS, Wallet etc. And rightly so. As banking becomes more faceless ATMs are becoming the favorite exit channel.