Krebs on Security reports a new series of scams operated out of Oklahoma, that saw thieves take home $400,000 before they were caught. Targeting gas pumps at Murphy’s filling stations, the thieves used a card skimmer and fake PIN pad overlay to obtain the required card information.
Kevin Konstantinov and Elvin Alisuretove—the guys behind the scam—apparently left the devices in place for between one and two months, then withdrew cash from ATMs using the details they acquired. Their success highlights how far gas pump skimming has come on recently. Krebs, who really knows his stuff, explains:
[G]as pump skimmers have moved from analog, clunky things to the level of workmanship and attention to detail that is normally only seen in ATM skimmers. Investigators in Oklahoma told a local news station that the skimmer technology used in this case was way more sophisticated than anything they’ve seen previously.
So, these days the skimmers at gas pumps—like those pictured above—use bluetooth-enabled devices, sucking power from the pumps themselves. That means they can run indefinitely, and also allow remote access to the data they acquire; thieves never need touch the skimmer again, once it's installed.
As ever, the advice remains the same: if an ATM or pay point looks in any way suspicious, don't use it. Failing that, pay for gas [Krebs on Security]