Crooks Go Deep With ‘Deep Insert’ Skimmers
ATM maker NCR Corp. says it is seeing a rapid rise in reports of what it calls “deep insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine.
Author Archives: BrianKrebs
Fraudsters Steal Tax, Salary Data From ADP
Identity thieves stole tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms, KrebsOnSecurity has learned. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters.
How the Pwnedlist Got Pwned
Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them and then providing free access to one of the Internet’s largest collections of compromised credentials.
A Dramatic Rise in ATM Skimming Attacks
Skimming attacks on ATMs increased at an alarming rate last year for both American and European banks and their customers, according to recent stats collected by fraud trackers. The trend appears to be continuing into 2016, with outbreaks of skimming activity visiting a much broader swath of the United States than in years past.
Dental Assn Mails Malware to Members
The American Dental Association (ADA) says it may have inadvertently mailed malware-laced USB thumb drives to thousands of member dentists nationwide.
All About Fraud: How Crooks Get the CVV
A longtime reader recently asked: “How do online fraudsters get the 3-digit card verification value (CVV or CVV2) code printed on the back of customer cards if merchants are forbidden from storing this information? The answer: Probably by installing a Web-based keylogger at an online merchant so that all data that customers submit to the site is copied and sent to the attacker’s server.
SpyEye Makers Get 24 Years in Prison
Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Atlanta today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims.
Giant Food Sees Giant Card Fraud Spike
Citing a recent and large increase in credit card fraud, Washington, DC-area grocer Giant Food says it will no longer allow customers to use credit cards when purchasing gift cards and reloadable or prepaid debit cards.
US-CERT to Windows Users: Dump Apple Quicktime
Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for the platform, warns the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely won’t be patched.
‘Blackhole’ Exploit Kit Author Gets 7 Years
A Moscow court this week convicted and sentenced seven hackers for breaking into countless online bank accounts — including “Paunch,” the nickname used by the author of the infamous “Blackhole” exploit kit. Once an extremely popular crimeware-as-a-service offering, Blackhole was for several years responsible for a large percentage of malware infections and stolen banking credentials, and likely contributed to tens of millions of dollars stolen from small to mid-sized businesses over several years.
