Social-Engineer Newsletter Vol 07 – Issue 96

 


Vol 07 Issue 96
September 2017

In This Issue

  • Are You Being Skimmed?
  • Social-Engineer News
  • Upcoming classes

As a member of the newsletter you have the option to OPT-IN for special offers. You can click here to do that.


Check out the schedule of upcoming training on Social-Engineer.com

5-9 February, 2018 – Advanced Practical Social Engineering – Orlando, FL

If you want to ensure your spot on the list register now – Classes are filling up fast and early!


The SEVillage at DEF CON 25 would not have been possible without it’s amazing sponsors!

SECTF Sponsors

SECTF4Kids and SECTF4Teens Sponsors


Do you like FREE Stuff?

How about the first chapter of ALL OF Chris Hadnagy’s Best Selling Books

If you do, you can register to get the first chapter completely free just go over to http://www.social-engineer.com to download now!


To contribute your ideas or writing send an email to contribute@social-engineer.org


If you want to listen to our past podcasts hit up our Podcasts Page and download the latest episodes.


Our good friends at CSI Tech just put their RAM ANALYSIS COURSE ONLINE – FINALLY.

The course is designed for Hi-Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk. The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply.

Interested in this course? Enter the code SEORG and get an amazing 15% off!
http://www.csitech.co.uk/training/online-ram-analysis-for-investigators/


The team at Social-Engineer, LLC proudly uses:


A Special Thanks to:

The EFF for supporting freedom of speech

Keep Up With Us

Friend on Facebook Facebook
Follow on Twitter Twitter

Are You Being Skimmed?

Being skimmed at the ATM

ATM skimmers that steal card payment and PIN data aren’t a new phenomenon, but the scam is increasing in regularity. A Google News search revealed over 1700 articles about skimmers in the past thirty days, and there are probably thousands out there that haven’t been discovered yet. Some of the skimmers are custom made faceplates that attach over the existing reader, and look exactly like the real components underneath. Another type, called an insert-skimmer, is an extremely thin reader that thieves can insert inside the card reader. Unlike the overlay skimmers that may be found by jiggling the ATM pieces; the inserts can only be detected by a maintenance employee doing an internal inspection. Recently a newer interception device was discovered in Europe. Fraudsters actually drill a small hole and insert wires to the card reader internally, then cover the hole with an official looking decal. All of these are coupled with a pin-hole camera mounted on another part of the machine, is then used to capture the target’s PIN.

Being skimmed at the gas pump and retail outlets

Thieves have started adding skimmers to gas pumps and other point of sale (POS) systems recently. There have been over 300 discovered in Florida gas pumps this year already! Most skimmers at gas pumps are installed inside the pump, and some fraudsters are using fake security tape to mask the tampering. At POS terminals criminals use a look-a-like overlay that they can easily snap on top. Krebs did a really good write up on spotting overlay skimmers, by comparing the dimensions to normal ones.

How thieves are retrieving the data

Originally skimmed data was only able to be obtained by retrieving the skimmer from the machine, and many still operate in this manner. It’s riskier to the criminal to return to the scene again, so many have devised ways to retrieve the data remotely. The most sophisticated devices have GSM built in, and send encrypted texts of the card and PIN data to the criminals. Others have Bluetooth transmission availability that transmit to the criminal’s phone when they connect nearby; or transmit to a device hidden somewhere in proximity.

How you can protect yourself

At gas pumps and POS outlets: 

  • Use well-lit pumps closest to the store, as they are more easily monitored by staff.
  • Report any signs of suspicious behavior or tampering immediately.  Look for intact security tape.
  • Use cash or pay inside when you can.
  • Hide your pin from view by covering the pin pad with your free hand
  • Use a credit card instead of a debit card.
  • Check your accounts frequently for fraud.
  • Use your cellphone to search for nearby suspicious Bluetooth devices at the ATM and gas pump.

At ATMs:

  • Hide your pin from view by covering the pin pad with your free hand
  • Jiggle the card insert slot to test if it’s a fake cover
  • Use ATMs that are in well-lit and high traffic areas
  • Have your bank restrict the amount and/or number of cash withdrawals you can make in one day.
  • Look for pinholes in the casing above the keypad, which may be hiding a camera.
  • (For the technically advanced) Rewrite the name on your credit card to “Gift Card”.  In large batches on the black market, it’s more likely to be tossed out than a card that lists “Joe Johnson”.

 

 

Leave A Reply