With one swipe on a credit card, you've just paid some gas. You may also have given thieves very valuable information. That's when you've just fallen victim to a skimmer.
Card frippers who steal your credit or debit card data when you browse ATMs and ATMs have been disguised for nearly a decade so you do not know you're being deceived. However, the devices have evolved and the researchers say they are now at the point where you really can not tell the difference.
Besides, they have reached the United States at an alarming rate. The number of defective ATMs has increased six-fold from 201
We'll tell you how credit card skimmers work, how hackers steal your money and what you can do to protect yourself.
What are credit card skimmers?
Hackers have discovered how to create virtual skimmers (malware remotely installed) that can steal card information without touching the ATM, fuel pump, or other device.
It's an evolution of the physical skimmer, where thieves had to run to a machine to install their hardware hack. In January 2016, a hacker campaign using virtual skimmers across multiple ATMs generated € 13.5 million, according to security firm Trend Micro.
Skimmer is becoming increasingly difficult to spot, says Mark Nunnikhoven, vice president of cloud security at Trend Micro. "If a machine was compromised with software," he said, "you can not say that."
As if you did not already have enough worries when it comes to computer security.  How big is the problem?
2018 alone has brought a range of threats from different angles. In May 2017, ransomware took over PCs around the world and held them hostage for pay, and that's unlikely to be the last. Then, on the credit card front, there was thethat spewed out sensitive information about nearly half of the US population.
If 100 Credit Card Numbers Can Be Sold Online for $ 19 Per Bundle, That's the Case The appeal of cybercriminals is easy to spot. Credit card information feeds a whole illegal ecosystem, and some thieves even open online schools to teach the hackers of the future.
Hackers can create virtual skimmers by invading a bank's network – for example, by tempting an executive to provide them, as Nunnikhoven has seen. Instead of affecting physical ATMs individually, hackers can simultaneously steal multiple ATMs. And there is less risk of getting caught.
A hacking group called Magecart has attacked online stores like NewEgg and Ticketmaster UK to do just that by putting Skimmer on the checkout pages so they can steal your credit card information . 19659005] "ATMs are actually just very simple computers that happen to be attached to a box full of cash," Nunnikhoven said. "We have enough problems to secure computers that are not cash-related."
How do institutions fight against thieves?
Banks are working to stay one step ahead of thieves, for example by using chips on cards more securely than the magnetic stripes.
Apple has even thought about removing credit card numbers together.creates a new security number each time you shop, rather than a number that you must use each time to get stolen.
New rules also help. As of October 2015, all stores using old swipe terminals were liable to fraud. This has led companies to adopt the new technology rather quickly. But note: The rule does not apply to gas stations until 2020.
Which means that thieves who targeted random ATMs in banks are now raving about tank pumps.
"More and more skimmers are being used at gas stations," said Angel Grant, director of fraud and risk education at security firm RSA. "We assume that this will continue to grow."
At petrol stations, skimmers can be installed on card readers in less than 30 seconds and they will record all your card data for collection by the Evil One. It's a simple show: these pumps are often left unattended late at night, and thieves can plug in their skimmers and pretend they're getting gas.
The skimmer stores the data and the scammers resort to detecting the stolen credit or debit card numbers via Bluetooth without touching the pump again. Gas station operators will not be in a hurry to make changes. Upgrading pumps is more expensive than ATMs.
Protect Yourself from Fraud
On Reddit, it is now one thing to see posts from people who find card glimmering by fiddling with an ATM at the card reader and sometimes just snatching it away. However, there is an alternative: Skimmer Scanner an app that does not require you to brutalize your local ATM.
Since the majority of skimmers use Bluetooth to collect the stolen data, your phone should be able to recognize it easily. Nathan Seidle, the founder of SparkFun, has developed the Skimmer Scanner app to automatically detect the Skimmer's Bluetooth signal, which is particularly noticeable with gas pumps.
The Boulder-based company worked with local police in Colorado to catch a glimpse of a popular skimmer in the region, a module called HC-05. These modules are typically used for DIY training projects to provide Bluetooth features for home-made devices. However, they are also extremely common for credit card skimmers and cost only $ 3 each.
"They are obviously mass produced," Seidle said. "It's so cheap they can just pepper these things everywhere."
Because these skimmers are a bargain, their Bluetooth names can not be changed – it's always HC-05. They also have a hard coded default password: "1234". In other words, their vulnerability is the same that can get you into trouble with many gadgets in your home.
The skimmer scanner looks for connections with this name; then tries to connect to the default password, as does the thief who set it up. The app then sends the letter "P" as a command to the Bluetooth device. If it is a skimmer, "M" will be returned. The system was able to detect skimmers at distances between 5 and 15 feet.
The Android app is available for free on the Google Play Store and in Github's open source format.
The researchers said the app was a big step in defense since the HC-05 Bluetooth module is standard but does not stop all skimmers. Finally, once hackers realize how stupid these Bluetooth modules are, they will switch to something that is not so detectable.
"The attackers always change their tactics so as not to get caught."
The app was first released in 2017. Skimmers have since switched to new technologies, but they are still useful to detect this type of fraud.
Update: This story was originally published on October 1, 2017 and was last updated on April 4, 2019.