« Success seems to favour the tall, good-looking | Main | Incomes rise more sharply here than in U.S. »

June 24, 2021

Ocean's Eleven-like ATM scam coming our way soon

By Jason Buckland, Sympatico / MSN Finance

After I sifted through the sigh-inducing “No, dude! Stock up on ur Grey Goose bottles cuz da LCBO’s strikin!!!!!” status updates last night, a few more concerning messages stood out on my Facebook news feed.

Updates from three different people complained they had just been ripped off by ATM fraud in and around the GTA, one friend having lost $1,200 after his info was cloned when he used his card to pay for lunch at a local deli.

Now, I’ve had my Visa compromised recently but, thankfully, they took the initiative and cancelled my card before anything could happen. To my knowledge, as well, most of the victims of the debit rip-offs had their cash reimbursed by their banks which – for whatever reason – all happened to be TD.

But what’s becoming quite apparent lately is that ATM crooks are displaying Danny Ocean-like sophistication in their methods of theft. And while the local criminals indeed seem to be stepping up their game, it’s no comparison to some of the heists now being seen overseas.

The world’s ATM users have been put on high alert by a new scam coming out of Russia and Ukraine that employs what New Scientist magazine calls a “devious piece of criminal coding” that allows thieves to pluck all your debit card info right from the cash machine.

Here’s how the con is working: a crook walks up to an ATM and inserts a “trigger” card loaded with malicious malware that orders the machine’s receipt printer to spit out a list of all the debit card numbers used that day, complete with their start/expiry dates and PIN codes.

As the article points out, the info is “everything needed, in fact, to clone those cards and start emptying bank accounts.” If the trigger cards are used on older, front-loaded ATMs, the thief can sometimes even force the machine to eject its cash storage cassette right on the spot.

While the world’s security firms scratch their heads over this new wave of crime, you have to admit, the coding required to pull off such a scam must be pretty ingenious. But if you’re like me, you’re probably wondering one thing. How the hell did the banks not see this coming?

Well, as it turns out, they did. The trigger cards, tests have found, only work on ATMs manually-loaded with software similar to the Auto Complete feature on Windows that keeps you from having to retype your password each time to access the same website ten times a day.

How that software is getting loaded onto the ATMs is the bigger question, leading authorities to believe these are inside jobs, possibly involving organized crime syndicates “using bribes or threats to encourage shop staff to provide access to a standalone ATM in a shop or mall,” according to New Scientist.

This all sounds like the plot of a Jason Statham movie to me, but with experts suggesting the technology will soon spread like wildfire to Asia and North America, we should probably all start taking even more precautions than usual with our banking security.

And it might be unfair to speculate, yet judging by the names of the four men just charged in Toronto with ATM fraud, maybe the eastern European influence on advanced cash machine rip-offs has arrived here sooner than we thought.



Post a comment


Gordon PowersGordon Powers

A long-time fund company executive, Gordon Powers now heads up the Affinity Group, a financial services consulting firm. Gordon was a personal finance columnist for the Globe & Mail for many years, has taught retirement planning...

Jason BucklandJason Buckland

The modern-day MC Hammer of money, Jason can often be seen spending cash that isn’t his with the efficiency of a Wilt Chamberlain first date. After cutting his teeth as a reporter for the Toronto Sun, he joined the MSN Money team with...