In recent years, scams involving Pix and cell phone theft have dominated the news, but that doesn’t mean that attacks on ATMs disappeared. In the US, researchers have found a new version of chupacabra. Thinner, it can get card data and passwords for fraud.
The mechanism was revealed by cybersecurity reporter Brian Krebs on his website. Krebs on Security. The scam involves a device to copy data from the magnetic stripe of cards and a tiny camera to observe and learn the customer’s password.
The device to steal data from the card draws attention for its tiny thickness: just 0.68 mm, just a little more than the card itself, which is usually 0.52 mm.
The camera is installed on a false panel in front of the cashier, hidden in what appears to be a mirror for the consumer to see if there is anyone behind him. Tiny, she can look at the numeric keypad and store the customer’s four-digit PIN.
SelfServ 84 WalkUp ATMs, from the manufacturer NCR, have been targets of this ultra-thin chupacabra.
In the US, the company has been carrying out tests with a smart detection kit. With a USB camera, you can check the inside of the card reader. Image recognition software identifies whether there are any fraudulent devices on the device.
The magnetic stripe of the cards is a weak point, since the stored data does not have any type of encryption. Mastercard aims to end the technology by 2029.
In Brazil, it is quite rare to need the card — practically all payment machines in use today accept chip and approximation. Even so, cards without the feature are rare.
In the US, the adoption of technologies such as chip and contactless has been slower, and the magnetic stripe is still used in machines in smaller establishments.
Chupacabra continues to claim victims in Brazil
Scams involving Pix, account hacks and fraudulent loans have become the main topic of bank security. Even so, fraudsters continue to use ATMs to obtain card data.
In August, the Federal Police issued an alert on the subject, after pre-emptively arresting in Fortaleza (CE) two suspects involved in actions of this type. Victims were stolen in several municipalities in Pernambuco and also in Rio Grande do Norte, Tocantins and Ceará.
Here, the scam is not as sophisticated as the ultra-thin chupacabra in the US: criminals install a fake front at the ATM, which even has a laptop to simulate the bank’s system and send data over the internet.
The Federal Police recommends trying to pull the front of the ATM from the sides to check that there is nothing wrong with the equipment. Placing your hand over the keyboard when entering the password is also a way to prevent cameras from getting the numerical sequence.
With information: Krebs on Security, UOL.