Recently, a Venezuelan citizen was arraigned in U.S. federal court for hacking into several ATM machines at a casino in Primm, Nevada.
The man was charged with causing the machines to dispense large amounts of cash similar to a jackpot.
According to the U.S. Attorney, “Our office is committed to investigating and prosecuting all cybercriminals, including computer hackers who illegally ‘jackpot’ ATM machines.”
Jesus Ernesto Reyes Garcia, aka “Abraham Meza Cardenas,” 42, was indicted by a Grand Jury for six counts of computer fraud.
According to court documents, the United States Secret Service was contacted regarding tampering with ATM machines in Primm, NV.
Officials at a casino in Primm reported there was a discrepancy between the amount of money requested and the amount actually dispensed from ATM’s, a scheme commonly referred to as “jackpotting.”
Basically, ATM jackpotting refers to the use of malware to exploit the vulnerabilities in ATM machines that result in the machines dispensing more cash than authorized.
In other words, criminals use a device that is inserted into the ATM to effectively trick the ATM into dispensing cash.
According to law enforcement officials, Reyes Garcia and others were observed on surveillance video placing an unknown device behind various ATM machines located in the Primm Valley Resort.
While at the ATM, Reyes Garcia allegedly used stolen and fraudulent credit cards to withdraw cash. Each time a $20 withdrawal was requested, $800 or $1,000 would be dispensed.
Reyes Garcia conducted a total of approximately 150 transactions and fraudulently withdrew a total of $125,000 in cash before he was arrested in California.
The reality is, when using ATMs, not only do you have to be aware of physical threats at the ATM location, but also the inside threat of ATM’s being hacked.
That’s why I want to give you a few ideas to consider the next time you need to withdraw cash from your bank account.
Avoid ATM’s unless it’s an emergency. ATMs are often times unattended, meaning it’s easy for a criminal to add a skimmer or hacking device without anyone noticing.
And yes, most have security cameras, but chances are no one ever looks at that footage. My point is, debit card readers at retail locations offer more security than an ATM based on the fact that there is always a cashier present monitoring the reader.
In other words, if you are going to need cash, it’s better to go make a small purchase at the grocery store, and ask for cash back. Or simply plan ahead and withdraw the cash from your bank during normal operating hours.
Only use an ATM at a legitimate bank. ATMs in locations that are not inside or next to a bank or not in well-lit public areas, present an easy opportunity for criminals planting or retrieving information from a skimming device or hidden camera.
Since many ATM’s inside gas stations, malls, or other locations are privately owned, they don’t have the same security measures in place that ATM’s at a bank would use. So, stick to Wells Fargo, Bank of America, etc. ATMs.
Don’t touch the ATM keyboard. One of the easiest ways to attack an ATM is by attaching another keypad to the machine. In other words, hackers can put another keypad over the existing keypad to capture the PIN number you enter.
In addition, they can also add a card reader to the existing card reader, thus capturing your card information along with your PIN.
The best thing to do if you are going to use an ATM is to find a machine that has a touchscreen function where you can enter your PIN, that way you can completely avoid touching the external keypad.
Plus, don’t forget to cover your hand while you enter your PIN, even if you are using the touchscreen.
The reality, many ATM’s are incredibly insecure. The biggest problem is that many ATM’s are privately owned, meaning each individual ATM owner is responsible for the security and software upgrades of the machine.
This is why you should avoid ATMs, and if you must use one, find one at a legitimate bank.