Parasitic Fake ATMs

posted by Jason Kottke Jan 23, 2020

This is a few years old, but is it ever clever: some thieves in Brazil put an entire fake ATM interface (screen, card reader, keypad) over the real ATM to skim card numbers and PINs.

Krebs on Security wrote up a report on the scheme:

Interestingly, much like grammatical and spelling errors that often give away phishing emails and Web sites, the thieves who assembled the video for the screen for the fake ATM used in the April robbery appear have made a grammatical goof in spelling "país," the Portuguese word for "country"; apparently, they left off the acute accent.

Most skimming attacks (including the two mentioned here) take place over the weekend hours. Skimmer scammers like to place their devices at a time when they know the bank will be closed for an extended period, and when foot traffic to the machine will be at its highest.

This is like when the T-1000 in Termintor 2 can impersonate any person that it touches, except with cash machines. (I would read a book entirely composed of clever thieves' inventions and techniques. I assume this already exists?)