January 15, 2010

Pictured below is what’s known as a skimmer, or a device made to be affixed to the mouth of an ATM and secretly swipe credit and debit card information when bank customers slip their cards into the machines to pull out money. Skimmers have been around for years, of course, but thieves are constantly improving them, and the device pictured below is a perfect example of that evolution.

This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?

This is a fairly professional job: Notice how the bulk of the electronics fit into the flap below the card acceptance slot. Also, check out the tiny pinhole camera (pictured below), ostensibly designed to switch on and record the victim’s movements as he or she enters their PIN at the ATM.

It’s hard to know whether this was a homemade skimmer, or one that was purchased from online criminal forums. Some of the skimmers sold on these forums are extremely sophisticated, incorporating features such the ability to send an SMS text message to the thieves’ mobile phone whenever a new card is swiped.

This type of fraud is actually far more common that you might think: A quick query on Twitter for “ATM skimmer” usually brings up plenty of local news reports about these devices being found on ATMs.

Practice basic ATM street smarts and you should have little to fear from these skimmers: If you see something that doesn’t look right — such as a odd protrusion or off-color component on an ATM — consider going to another machine. Also, stay away from ATMs that are not located in publicly visible and well-lit areas.

Update, 12:10 p.m: Mikko Hypponen from F-Secure sent in a few fascinating Twitter pics of other ATM skimmers that include ingenious ways to send the stolen credentials to the scammers.

If you liked this post, please check out my follow-up posts on ATM skimmers:,

ATM Skimmers Part II, includes an entire gallery of ATM skimmer images.

Would You Have Spotted This ATM Fraud? Delves into some of the rent-to-own skimmer models.

Fun With ATM Skimmers, Part III Examining the skimmer problem in Europe (+ more skimmer photos!).

ATM Skimmers: Separating Cruft from Craft Skimmer scammers are everywhere! Only buy your skimmer devices from real thieves!

Sophisticated ATM Skimmer Transmits Stolen Data Via Text Message Skimmers with embedded cell phones allow thieves to continue stealing credentials without ever returning to the scene of the crime.

Skimmers Siphoning Card Data at the Pump Skimmers aren’t just for ATMs.

172 thoughts on “Would You Have Spotted the Fraud?

  1. rod flemming

    I have to agree with the posting about going to the bank and trying to use the cash for the rest of the week/month! It is about the best solution of all. The side benefit of not leaving traces for marketing ploys is an added bonus. As soon as the skimmers have these overlay panels you are doomed! I have done extensive research for years on the topic and though the skimming of POS machines in markets and gas stations, which used bluetooth transmission to a cellphone nearby, which sent an SMS with the dump data to another cellphone was top until I cam across a story in the UK where a whole batch of POS fresh from the factory in china was infected with a GSM device THAT ONLY SENT THE DUMP IF A GOLD OR PLATINUM CARD WAS INSERTED! This GSM device then sent the dump data to a cellphone in PAKISTAN! I think this tops the tech part so far. Brian maybe you can do some research on the story? Greetings Rod.

  2. 3xpl0it3r

    I sell ATM SKIMMER, price 1000 dollars. I can show on webcam. my id on yahoo mesenger is: acces.denied

  3. TOM_C_A_T

    I just simply don’t understand…

    why do the ATM manufacturer’s make their machines with so uneven surfaces, gaps, notches making skimmers easy to be put on….?

    They can use a transparent plastic cover with a spherical shape which would cover the entire machine and impossible to put on any other external element on it…leaving only 3 slits for card, cash n receipt and touchscreen interface.

    Isn’t it practical ?

  4. Loraine

    Well I was just a victim and it must have been from one of several retailers because I have not used an ATM in several months. I agree rod flemming. My parents don’t have an ATM Debit Card and have never been victims. I suppose its back to cash and checks, but my mom pointed out not to carry much cash ’cause you’ll get robbed!

  5. John Sanderson

    I left a comment earlier. Banamex bank in Tijuana got me. Just cleaned me out. The ATM is outside and on weekends the theives hang around all day…waiting for americans . Comerica is refusing to reembures me. Those bastards have zillions and will give me a nickle. The Mexican Police just laugh at you…and claim,”no speak english” the banks say “do not use the ATM” After the fact. Our banks are surely insured for theft …but they are acting like the Mexicans…do not give a damn. Social security says the bank should return the loss…but our rich banker says FU. NICE.

Comments are closed.