This article is written by Surabhi Gupta, pursuing a Diploma in Cyber Law, Fintech Regulations and Technology Contracts from Lawsikho.com.
Spyware is unwanted software that enters our computer system and steals the sensitive information and internet usage data. It is a type of malware which is designed to gain access to the computer and damage the computer often without the knowledge of the user. It tends to collect and gather our personal information and relays the information to the data firms, advertisers or external users. Spyware is also found in ATMs. Like any other computing devices, ATMs also have vulnerabilities. “An ATM is composed of a computer (and its peripherals) and a safe in which the former is enclosed in a cabinet.”The cabinet itself isn’t particularly secure or sturdy, which is why criminals can use simple tools and a lock key purchasable online to break into it to gain access either to the computer or the safe.
“Automated teller machine (ATM) fraud is defined as a process of capturing the victim’s debit card number and using it in illegal transactions.” Since, a PIN is required to complete a debit card transaction, ATM frauds also involve stealing one’s PIN. There are various methods that scammers make use of the ATMs to steal from cardholders that we will be discussing in this article-
- Skimming- is a process by which the culprit steals the victim’s card’s magnetic stripe data with the help of a portable device or a reader that gets attached to an inside or outside of an ATM machine along with the theft of the victim’s PIN through a keypad, camera or direct observation. “ATM skimming is like theft of identity in case of debit cards”. “Hidden electronics are used by the thieves for the purpose of stealing the personal information that is stored on your card and then the PIN number is recorded for the purpose of accessing all that hard-earned cash in the victim’s account.” “Another important tool used for recording PIN inputs is fake Keypads in which a fake keypad is installed by the criminals over on the actual keypad for stealing the PIN”. This process is also known as a ‘pin-pad overlay’.
- Shimming- is an upgraded form of skimming in which it focuses on recording and stealing sensitive data from the embedded chips. There are chip-enabled cards in the ATMs or point- of- sale from which the data is stolen by inserting a paper-thin in the card reader. “In the ATM’s card slot, a paper-thin shimming is inserted where it sits between the ATM’s chip reader and the card and the data is recorded by the shimmer from the card chip while the chip reader of the machine is reading it.” Shimmers if inserted perfectly can be virtually invisible and can be difficult to detect. However, a tight slot while inserting the card can be one sign that the shimmers are installed. “The data taken from the chip cards (also known as EMV cards) are converted into magnetic stripe data, and then a fake version of the traditional magnetic stripe cards is created.”
- Card Trapping- “when the victim inserts the ATM card in the machine and the card is retrieved later, there is a bard that retains the card in this process.” It is a process by which the criminals physically capture the victim’s credit or debit card details via ATM by introducing a device, usually a Lebanese loop, thereby preventing the card from getting ejected once a transaction is completed. The target’s PIN is stolen by shoulder surfing or by using a small hidden camera similar to those used in skimming.
- Cash Trapping- “Herein, the attackers physically inserts a device inside the ATM, that ends up trapping the cash which is henceforth allotted by the cash dispenser to the customers”. The device installed inside the ATM cash slot to trap money is known as glue-trap which acts as a false shutter and traps the cash allocated to customers. A fake ATM cash dispenser is placed in the front of the real cash dispenser to trap money.
- Pharming- Pharming, is a portmanteau of the words “phishing” and “farming”. This type of cybercrime is very similar to phishing. “In this process where a website’s traffic is manipulated and confidential information is stolen.”. Here, the fraudsters take users to a fake website that seems similar to the original one and when the users transact and pay via credit or debit cards, the card details are stored and later used to steal money from your account. Firstly, a virus or a Trojan is installed on a user’s computer by the hacker thereby changing the computer’s hosts file to direct traffic away from its intended target, and towards a fake website instead. Secondly, the hacker may instead poison a DNS server, causing multiple users to visit the fake site. The fake websites can also be used to install viruses or Trojans on the user’s computer, or they could be an attempt to collect personal and financial information for use in identity theft. “Pharming is an extreme form of cybercrime because of its nature. In case of poisoning of the DNS server, the user who is affected can have a software which is completely malware-free and still become a victim. Despite taking precautionary steps like using trusted bookmarks always or entering the website address manually does not prevent the crime from happening, because the mishandling or misdirection takes place after a connection request is sent by the computer.” Through the installation of a robust anti-malware and antivirus solution, in conjunction with smart computing practices like avoiding suspicious websites and not clicking on links in suspicious email messages are some of the ways of protecting ourselves from Pharming.
- Keystroke Logging- It involves stealing of net-banking information. “Herein, the users are unintentionally made to download a software by the hackers, that ends up allowing the fraudster to trace their keystrokes and steal passwords or credit card and net banking details”.
- False Fronts- It involves installing the entire false fronts on the actual ATM machine. It is difficult to recognize and ends up stealing the user’s data. One way of identifying it is to see whether the front is looking larger than the usual one.
- Jackpotting- It refers to the hacking of an ATM in which the cash dispenser is manipulated. It is a process in which one needs to physically access the bank terminal in order to upload a malware or to install a dispenser control device. This process can be carried out either by hacking the software of a bank or with the help of a special equipment.
- Malware– As Microsoft puts it, “malware is a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network. A worm Virus and Trojan are some of the different types of Malware. Spyware is one of the techniques used by Malware to attack. Other techniques include rootkit, adware, ransomware, cryptojacking and malvertising. “The attackers can themselves install malware on a computer by either using the privilege escalation to gain administration or by gaining physical access to the computer.”
A new spyware tool has been discovered by the cybersecurity firm Kaspersky called Dtrack that affects a large number of Indian firms in the financial and research paper. It is an evolution of a previously reported tool, ATM track, that was widely used to target automated teller machines (ATMs) across India. “Dtrack with the purpose of stealing confidential data, personal data of the employees and closed conversations and even downloading malicious tools remotely, tracking the key logs and monitoring the traffic of the Internet Protocol, is trying to target a large number of Indian institutions” “Apart from cyber espionage or sabotage operations being conducted by Dtrack, it has also been found that it influences attacks that clearly aim at stealing money.
There has been a general increase in the ATM fraud attacks in the past years. “The number of unique devices protected by Kaspersky that encountered ATM/PoS (point-of-sale) malware at least once experienced a two-digit growth in 2018—and this number held steady, even increasing slightly, in 2019.” The country with the highest number of malware attacks in 2019 is Russian federation followed by Iran and Brazil. The increase shows the very beginning of malware usage for ATM fraud.
Steps that should be taken to protect the ATM’s
- Better Physical Security- this is because most of the malware attacks start with physical access to the ATM.
- Digital Security- To ensure digital security, “More encryptions must be leveraged within the software of the machines, more authentications measures are required, unused ports must be disabled, whitelists of allowed processes must be created so that alerts are automatically created by the unauthorized processes”.
- The customers can use tap payments and smartphone payments like Apple Pay when possible to avoid shimming, skimming, or other methods of payment card information theft as they are safer due to being much harder for thieves to replicate. The customers should look for machines inside banks, or in well-lit, busy areas that would not allow thieves any uninterrupted access, or for anything that seems out of place. Scratch marks on the surface of the machine or any kind of disturbance around the keypad might suggest that the machine has been tampered with. “Unusual resistance when inserting your card can avoid shimming and finally, it is advisable that transaction records are checked regularly to avoid any unauthorized payments”.
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: