Almost a year ago, I wrote about ATM skimmers made of parts from old MP3 players. Since then, I’ve noticed quite a few more ads for these MP3-powered skimmers in the criminal underground, perhaps because audio skimmers allow fraudsters to sell lucrative service contracts along with their theft devices.
Using audio to capture credit and debit card data is not a new technique, but it is becoming vogue: Square, an increasingly popular credit card reader built for the iPhone, works by plugging into the headphone jack on the iPhone and converting credit card data stored on the card into audio files.
The card skimmer comes with a false panel that fits snugly into the top of the ATM; it contains a miniature video camera that records victims entering their PIN when the card skimmer slot is activated. The battery included in the hidden camera lasts for six hours, according to the ad posted by the skimmer’s designer. The entire package costs $1,500, payable via virtual currencies such as WebMoney and Liberty Reserve.
The vendor of this skimmer kit advertises “full support after purchase,” and “easy installation (10-15 seconds).” But the catch with this skimmer is that the price tag is misleading. That’s because the audio files recorded by the device are encrypted. The Mp3 files are useless unless you also purchase the skimmer maker’s decryption service, which decodes the audio files into a digital format that can be encoded onto counterfeit ATM cards.
In fairness, the seller does note in the fine print that third party software is required to decrypt the audio files, and that he is “working closely with another partner for this service.” That partner is a different fraudster who will decrypt the audio files in exchange for 20 percent of the stolen card numbers and PINs.
Tidak ada komentar:
Posting Komentar