How Scammers Can Use ATMs To Clean You Out

That ATM installed in the wall of your local convenience store or bank might look like an easy way to get some cash in your pocket, but you need to make sure that the scammers didn’t get there first.

You Use ATMs All The Time, Right?

You pass an ATM, you get money out of your account. Perhaps you’re heading out for drinks, or you’re paying a tradesman who doesn’t take credit cards or cheques. Heading to the market or a farm shop, sponsoring the neighbour’s kids to eat 30,000 chocolate buttons or even paying the milkman or window cleaner – all of these things need cash.

muo atm scams hsbc   How Scammers Can Use ATMs To Clean You Out

While it would seem to be unwise to keep all of your money in one bank account (or even in banks at all in some parts of the world) the fact remains that ATMs remain a popular method for withdrawing money. After all, most of us can’t make it to the bank during business hours, and even if we could, the queuing is inconvenient.

No – it’s much easier to use an ATM to withdraw money and do some account management. Unfortunately, there are various ways in which ATMs can be subverted to work against us. While the account management side of things should be left to online and telephone banking (or, indeed, visiting your local branch) there is still the matter of withdrawing money.

While cashback is a useful option (and should certainly be considered when you shop for groceries in your local hyper or supermarket) it comes with its own risks. Either way, you need to know just what threats you might face when using an ATM.

Remember that these devices are essentially computers. Also, consider that even ATMs installed in the side of a bank can be considered a risk.

Windows XP Is Running On Your Favourite ATM

You must surely be aware of the fact that as of April 2014, Windows XP is no longer supported by Microsoft. This extremely significant event took place around 7 years after it was announced, so hardly came as a surprise.

muo wxp everywhere atm   How Scammers Can Use ATMs To Clean You Out

Unfortunately, a large number of ATMs around the world are still running on Windows XP, both the full and embedded versions (Windows XP for Embedded Systems and Windows XP Embedded). The difference is essentially that the owner of the embedded system decides exactly which components are included and which are not.

All ATMs should eventually be upgraded to run the banking software on Windows 7 (an embedded version of this OS also exists) or even the highly secure Windows 8.1, but until this is done, vulnerabilities that are found in Windows XP can be exploited on ATMs where it is installed. The result of this could be extremely damaging for your financial situation.

Beware Fake ATMs

One of the biggest ATM-based scams over the years has been the use of fake machines, positioned in places where consumers might not have expected to find them, perhaps at music festivals or in shopping malls.

Essentially boxes with cannibalised laptop parts inside, these devices appear to be the genuine article, but of course they don’t have any money in them. Instead, they’re designed to read your card and record your PIN, and then inform you that there is no cash to withdraw.

muo atm scams standalone   How Scammers Can Use ATMs To Clean You Out

With your card and PIN numbers recorded, the perpetrators can then raid your bank account.

The best protection here is to avoid using standalone ATMs. Sadly the recent increase in such devices has made spotting suspicious ATM units difficult, so the best option is for you to apply a blanket ban on them.

ATM Modifications That Can Steal Your Card Details & PIN

Perhaps it’s not possible to avoid ATMs entirely; maybe you think the threat is overstated.

Here’s a sobering thought: $1 billion was lost through ATM skimming in 2008 alone, and around the world banks have been very relaxed in their responsibilities restoring funds stolen through their machines, although the opposite is true of credit card fraud.

Skimming is the term given to the process of recording credit card numbers, PINs and any other security information stored on the card, so that it might be used by a criminal third party, perhaps online or as a physical clone. This can be done with portable machines or by criminals modifying existing ATMs.

muo atm scamms keypad   How Scammers Can Use ATMs To Clean You Out

Several such ATMs have been spotted over the past few years, some featuring small cameras recording your card number and PIN (the images are transmitted to a nearby laptop), while others have been modified with fake keypads to record your PIN (perhaps used in conjunction with cameras). Most audacious of all are the fake ATM fronts, where new keypads, card readers or both are added to an existing machine.

With hoaxes like these in circulation, you can see why ATM use can prove extremely dangerous to your bank balance!

Conclusion: Why Use An ATM?

The question has to be asked: why would you continue to use an ATM given the threats that exist worldwide? Criminal gangs across all continents are using these methods to siphon funds away from the pockets of innocent people, so take into account everything you have learned here next time you consider using an ATM to withdraw cash.

Several alternatives are available if you want to withdraw cash. First, use the bank branch wherever possible, or failing this, get cashback on your purchases. In some countries, you might be able to withdraw from your account at a post office or other business, which will save you travelling to a bank branch.

If there is no alternative – you have to use an ATM – then perform checks on the machine before using it. Look for an unusual keypad, additional fittings and even tap the surface to ensure that it isn’t hollow.

Also, try to choose a machine that you have seen two or more people using beforehand.

We hope your ATM use is safe. But please only rely on this method of cash withdrawal as a last resort.

Featured Image credit: TaxCredits.net, ATM Keypad credit: William Grootonk, HSBC ATM credit: Tim, 3d illustration of cash machine via Shutterstock

 

10 Comments - Write a Comment

Reply

ReadandShare

Per article above, “Here’s a sobering thought: $1 billion was lost through ATM skimming in 2008 alone, and around the world banks have been very relaxed in their responsibilities restoring funds stolen through their machines, although the opposite is true of credit card fraud.”

My bank was actually pretty good about returning the money back to me.

Earlier this year, I traveled in Central America for two months, using ATM’s along the way to access local cash. I always made sure to use bank ATM’s and I had my debit card in my possession at all times.

The last day of my trip, lo and behold, someone took nearly $500 from my checking account at an ATM in Mexico — which I did not visit at all. I figured I would call my bank as soon as I got back home. That night, a second ATM withdrawal was made – so I was out nearly $1,000. Called the bank ASAP and got a recording to call back during business hours…

I called the bank the next morning and explained the situation. It took about three days, and then the bank returned the money to my account in full. I was quite happy with their quick attention and short turnaround time.

Reply

Rob H

Don’t forget the options of someone nearby “shoulder surfing” to watch you type your PIN or just sprinkling powder on the keys so they can see which ones you used. Then there’s the fact that most people use trivial PINs like 1234 or 1111 (more than 10% use 1234 as their PIN!). Of course they need the card too (or maybe just a reading of the mag-stripe) so there are ways of retaining the card or at least getting the stripe read but mugging or pickpocket works too.

A few years back there was a spate of people claiming of unauthorised ATM withdrawals but they still had the card and nobody knew the number. The banks started fitting some machines with cameras, when complainants were sent a timestamped photo of themselves, a family member or a close acquaintance it “jogged their memory”.

And you don’t just use your card in ATMs, they are arguably at greater risk in retailers, hotels and bars.
If a stolen wallet has 3 credit/debit cards then the probability is that all use the same pin and the pin is trivial. Each card gives you 3 tries to get the PIN right at the ATM so you have an 50/50 chance of success – a bit better if the wallet also contains something with the user’s date of birth as parts of that are commonly used by those “smart enough” not to use 1234.

Reply

Colin

How about getting your bank to actually buy the hardware that’s available to prevent skimming?
https://www.youtube.com/watch?v=ieSUGYuw-js
(I am an employee, but do not speak for them).

Reply

Guy M

An old, low-tech method was to use black electrical tape over the cash dispenser. It stopped the cash from popping out and looked pretty normal unless you got really close to it.

After sitting around for awhile, the bad guy would come along, peel the tape and grab the accumulated cash. Be on the watch!

Christian C

I haven’t heard of that one Guy, thanks for highlighting it!

Reply

CJ

In India number of ATM’s are increasing day-by-day and people are engaged much more towards ATMs for their cash needs and other bank a/c management services (such as money transfer and all).
Well, there have been cases of ATM Card spoofing where some students got some hardware from china which can be installed into the card slot where the users swipe their card to make transactions. This reader then used to record all the ATM card data i.e. the card number and PIN and then there was some method to collect the data (maybe wirelessly or they used to collect the data manually by reaching the ATM again and getting the data by reading it from their device). Once they got the data they used to make fake ATM cards with the mag strip spoofed by the data they had stolen. This way they proved to be a legitimate ATM card holder. The transactions were made from different cities just to outsmart the cops. But they failed in doing so. They were caught very soon.

ATM’s have been vulnerable from a longer time and in India new laws and tech are being implemented to increase its security. Recent implementation is the use of biometric methods (Finger print in this case). :-)

pmshah

One thing you forgot to mention about the system used in India. Under new directive of Reserve Bank of India (RBI) – equivalent of US Federal Reserve – one can use any bank’s ATM facility regardless of issuing bank. Without a question any one using ATM facility also has his / her own mobile phone. There is a per transaction and per day limit also governed by RBI. One gets an SMS covering the transaction details within seconds. In the event of fraudulent transaction a proper response by the original card holder prevents ALL future transactions.

Reply

Richard

My ATM card was hacked at some point and working with my bank we came up with fairly slick solution going forward. Since I have a smart phone I just downloaded their app so that I could do transfers. We then set up one account that could be accessed by an ATM card, and all of my other accounts could not. We also set it up so that if there is not enough cash in the account the transaction would be denied. Then, when I need money from an ATM, or to make a purchase, I get on the app transfer what is needed (generally moments before it is run) into the ATM account, and make my transaction. Amazingly simple, and since I keep very little extra in the account that even if someone did get my card neither I, nor the bank, are out very much.

Reply

keran wayne

BE SMART AND BECOME RICH IN LESS THAN 3DAYS….It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I’m rich and I can never be poor again. The least money I get in a day with it is about $50,000.(fifty thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..For details on how to get yours today, email the hackers on : (wellbecktyler231@gmail.com). Tell your loved once too, and start to live large. That’s the simple testimony of how my life changed for good…Love you all …the email address again is : wellbecktyler231@gmail.com

Your comment