The leader of Mexico’s Green Party has been removed from office following allegations that he received money from a Romanian ATM skimmer gang that stole hundreds of millions of dollars from tourists visiting Mexico’s top tourist destinations over the past five years. The scandal is the latest fallout stemming from a three-part investigation into the organized crime group by KrebsOnSecurity in 2015.
An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $20 million a month and enjoyed the protection of top Mexican authorities.
An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations.
Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.
And sometimes, the scammers just hijack the security camera built into the ATM itself.
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.
KrebsOnSecurity has featured multiple stories about the threat from ATM fraud devices known as “insert skimmers,” wafer-thin data theft tools made to be completely hidden inside of a cash’s machine’s card acceptance slot. For a closer look at how stealthy insert skimmers can be, it helps to see videos of these things being installed and removed. Here’s a look at promotional sales videos produced by two different ATM insert skimmer peddlers.
A frequent crime in Brazil is a scheme in which thieves kidnap people as they’re leaving a bank, and free them only after they’ve visited a number of ATMs to withdraw cash. Now the crooks have introduced a new time-saving wrinkle into this scam: In these so-called “flash hijackings” the thieves pull out a wireless card reader, swipe a few debit or credit transactions with the victim’s card, and then release the individual.
ATM maker NCR Corp. says it is seeing a rapid rise in reports of what it calls “deep insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine.
Most of the ATM skimming attacks written about on this blog conclude with security personnel intervening before the thieves manage to recover their skimmers along with the stolen card data and PINs. However, an increasingly common form of ATM fraud — physical destruction — costs banks plenty, even when crooks walk away with nothing but bruised egos and sore limbs.
If an ATM you’d like to use is enclosed in a vestibule that requires a card swipe at the door, it might be a good idea to go find another ATM, or at least use something other than a payment card to gain entry. Thieves frequently add skimmers to these key card locks and then hide cameras above or beside such ATMs, allowing them to steal your PIN and card data without ever actually tampering with the cash machine itself.