How Scammers Can Use ATMs To Clean You Out

Ads by Google

That ATM installed in the wall of your local convenience store or bank might look like an easy way to get some cash in your pocket, but you need to make sure that the scammers didn’t get there first.

You Use ATMs All The Time, Right?

You pass an ATM, you get money out of your account. Perhaps you’re heading out for drinks, or you’re paying a tradesman who doesn’t take credit cards or cheques. Heading to the market or a farm shop, sponsoring the neighbour’s kids to eat 30,000 chocolate buttons or even paying the milkman or window cleaner – all of these things need cash.

muo-atm-scams-hsbc

While it would seem to be unwise to keep all of your money in one bank account (or even in banks at all in some parts of the world) the fact remains that ATMs remain a popular method for withdrawing money. After all, most of us can’t make it to the bank during business hours, and even if we could, the queuing is inconvenient.

No – it’s much easier to use an ATM to withdraw money and do some account management. Unfortunately, there are various ways in which ATMs can be subverted to work against us. While the account management side of things should be left to online and telephone banking (or, indeed, visiting your local branch) there is still the matter of withdrawing money.

While cashback is a useful option (and should certainly be considered when you shop for groceries in your local hyper or supermarket) it comes with its own risks. Either way, you need to know just what threats you might face when using an ATM.

Remember that these devices are essentially computers. Also, consider that even ATMs installed in the side of a bank can be considered a risk.

Ads by Google

Windows XP Is Running On Your Favourite ATM

You must surely be aware of the fact that as of April 2014, Windows XP is no longer supported by Microsoft. This extremely significant event took place around 7 years after it was announced, so hardly came as a surprise.

muo-wxp-everywhere-atm

Unfortunately, a large number of ATMs around the world are still running on Windows XP, both the full and embedded versions (Windows XP for Embedded Systems and Windows XP Embedded). The difference is essentially that the owner of the embedded system decides exactly which components are included and which are not.

All ATMs should eventually be upgraded to run the banking software on Windows 7 (an embedded version of this OS also exists) or even the highly secure Windows 8.1, but until this is done, vulnerabilities that are found in Windows XP can be exploited on ATMs where it is installed. The result of this could be extremely damaging for your financial situation.

Beware Fake ATMs

One of the biggest ATM-based scams over the years has been the use of fake machines, positioned in places where consumers might not have expected to find them, perhaps at music festivals or in shopping malls.

Essentially boxes with cannibalised laptop parts inside, these devices appear to be the genuine article, but of course they don’t have any money in them. Instead, they’re designed to read your card and record your PIN, and then inform you that there is no cash to withdraw.

muo-atm-scams-standalone

With your card and PIN numbers recorded, the perpetrators can then raid your bank account.

The best protection here is to avoid using standalone ATMs. Sadly the recent increase in such devices has made spotting suspicious ATM units difficult, so the best option is for you to apply a blanket ban on them.

ATM Modifications That Can Steal Your Card Details & PIN

Perhaps it’s not possible to avoid ATMs entirely; maybe you think the threat is overstated.

Here’s a sobering thought: $1 billion was lost through ATM skimming in 2008 alone, and around the world banks have been very relaxed in their responsibilities restoring funds stolen through their machines, although the opposite is true of credit card fraud.

Skimming is the term given to the process of recording credit card numbers, PINs and any other security information stored on the card, so that it might be used by a criminal third party, perhaps online or as a physical clone. This can be done with portable machines or by criminals modifying existing ATMs.

muo-atm-scamms-keypad

Several such ATMs have been spotted over the past few years, some featuring small cameras recording your card number and PIN (the images are transmitted to a nearby laptop), while others have been modified with fake keypads to record your PIN (perhaps used in conjunction with cameras). Most audacious of all are the fake ATM fronts, where new keypads, card readers or both are added to an existing machine.

With hoaxes like these in circulation, you can see why ATM use can prove extremely dangerous to your bank balance!

Conclusion: Why Use An ATM?

The question has to be asked: why would you continue to use an ATM given the threats that exist worldwide? Criminal gangs across all continents are using these methods to siphon funds away from the pockets of innocent people, so take into account everything you have learned here next time you consider using an ATM to withdraw cash.

Several alternatives are available if you want to withdraw cash. First, use the bank branch wherever possible, or failing this, get cashback on your purchases. In some countries, you might be able to withdraw from your account at a post office or other business, which will save you travelling to a bank branch.

If there is no alternative – you have to use an ATM – then perform checks on the machine before using it. Look for an unusual keypad, additional fittings and even tap the surface to ensure that it isn’t hollow.

Also, try to choose a machine that you have seen two or more people using beforehand.

We hope your ATM use is safe. But please only rely on this method of cash withdrawal as a last resort.

Featured Image credit: TaxCredits.net, ATM Keypad credit: William Grootonk, HSBC ATM credit: Tim, 3d illustration of cash machine via Shutterstock

 

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Best Anonymity Tools
Best Anonymity Tools
34 Members
Online Security Tips
Online Security Tips
22 Members
New Security Breaches
New Security Breaches
9 Members
Windows Firewalls & Antivirus
Windows Firewalls & Antivirus
11 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
24 Members
Ads by Google
Comments (9)
  • Richard

    My ATM card was hacked at some point and working with my bank we came up with fairly slick solution going forward. Since I have a smart phone I just downloaded their app so that I could do transfers. We then set up one account that could be accessed by an ATM card, and all of my other accounts could not. We also set it up so that if there is not enough cash in the account the transaction would be denied. Then, when I need money from an ATM, or to make a purchase, I get on the app transfer what is needed (generally moments before it is run) into the ATM account, and make my transaction. Amazingly simple, and since I keep very little extra in the account that even if someone did get my card neither I, nor the bank, are out very much.

  • CJ

    In India number of ATM’s are increasing day-by-day and people are engaged much more towards ATMs for their cash needs and other bank a/c management services (such as money transfer and all).
    Well, there have been cases of ATM Card spoofing where some students got some hardware from china which can be installed into the card slot where the users swipe their card to make transactions. This reader then used to record all the ATM card data i.e. the card number and PIN and then there was some method to collect the data (maybe wirelessly or they used to collect the data manually by reaching the ATM again and getting the data by reading it from their device). Once they got the data they used to make fake ATM cards with the mag strip spoofed by the data they had stolen. This way they proved to be a legitimate ATM card holder. The transactions were made from different cities just to outsmart the cops. But they failed in doing so. They were caught very soon.

    ATM’s have been vulnerable from a longer time and in India new laws and tech are being implemented to increase its security. Recent implementation is the use of biometric methods (Finger print in this case). :-)

    • pmshah

      One thing you forgot to mention about the system used in India. Under new directive of Reserve Bank of India (RBI) – equivalent of US Federal Reserve – one can use any bank’s ATM facility regardless of issuing bank. Without a question any one using ATM facility also has his / her own mobile phone. There is a per transaction and per day limit also governed by RBI. One gets an SMS covering the transaction details within seconds. In the event of fraudulent transaction a proper response by the original card holder prevents ALL future transactions.

  • Guy M

    An old, low-tech method was to use black electrical tape over the cash dispenser. It stopped the cash from popping out and looked pretty normal unless you got really close to it.

    After sitting around for awhile, the bad guy would come along, peel the tape and grab the accumulated cash. Be on the watch!

  • Colin

    How about getting your bank to actually buy the hardware that’s available to prevent skimming?
    https://www.youtube.com/watch?v=ieSUGYuw-js
    (I am an employee, but do not speak for them).

  • Rob H

    Don’t forget the options of someone nearby “shoulder surfing” to watch you type your PIN or just sprinkling powder on the keys so they can see which ones you used. Then there’s the fact that most people use trivial PINs like 1234 or 1111 (more than 10% use 1234 as their PIN!). Of course they need the card too (or maybe just a reading of the mag-stripe) so there are ways of retaining the card or at least getting the stripe read but mugging or pickpocket works too.

    A few years back there was a spate of people claiming of unauthorised ATM withdrawals but they still had the card and nobody knew the number. The banks started fitting some machines with cameras, when complainants were sent a timestamped photo of themselves, a family member or a close acquaintance it “jogged their memory”.

    And you don’t just use your card in ATMs, they are arguably at greater risk in retailers, hotels and bars.
    If a stolen wallet has 3 credit/debit cards then the probability is that all use the same pin and the pin is trivial. Each card gives you 3 tries to get the PIN right at the ATM so you have an 50/50 chance of success – a bit better if the wallet also contains something with the user’s date of birth as parts of that are commonly used by those “smart enough” not to use 1234.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.