When Brazilian authorities removed the front of a sham ATM in São Paulo, they uncovered more than just the real money-dispensing machine beneath it – they uncovered a new take on a classic skimming operation.
Typically, attackers carry out skimming attacks on ATMs by compromising card readers, so they can steal the card numbers, and by using a small camera to capture pin codes. This time thieves placed an authentic looking ATM frame – it is rigged with a working monitor and other card capturing technology – over a real one.
While users should be mindful of physical tampering, newer attacks have involved the installation of malware – Ploutus is one example – that enables hackers to take money directly from ATMs.