If you worry about ATM skimmers and drive a car, it’s time to freak the hell out: petrol pump skimmers have matured, and they’re now just as good as those on garden-variety ATMs.
Krebs on Security reports a new series of scams operated out of Oklahoma, that saw thieves take home $US400,000 before they were caught. Targeting petrol pumps at Murphy’s filling stations, the thieves used a card skimmer and fake PIN pad overlay to obtain the required card information.
Kevin Konstantinov and Elvin Alisuretove — the guys behind the scam — apparently left the devices in place for between one and two months, then withdrew cash from ATMs using the details they acquired. Their success highlights how far petrol pump skimming has come on recently. Krebs, who really knows his stuff, explains:
[Petrol] pump skimmers have moved from analogue, clunky things to the level of workmanship and attention to detail that is normally only seen in ATM skimmers. Investigators in Oklahoma told a local news station that the skimmer technology used in this case was way more sophisticated than anything they’ve seen previously.
So, these days the skimmers at petrol pumps — like those pictured above — use bluetooth-enabled devices, sucking power from the pumps themselves. That means they can run indefinitely, and also allow remote access to the data they acquire; thieves never need touch the skimmer again, once it’s installed.
As ever, the advice remains the same: if an ATM or pay point looks in any way suspicious, don’t use it. Failing that, pay for petrol in the outlet, or even better, with good old-fashioned cash. [Krebs on Security]