Tips for using ATMs and avoiding ...

Tips for using ATMs and avoiding …

June 4, 2014

Big events typically attract a sizable number of criminals, interested in both the money and the anonymity that crowds provide. The Soccer World Cup will not be the exception. And in Brazil, where are some of the most active and creative criminals Specializing in credit card cloning around the world, consumers, especially foreigners who may not be aware of the tricks that exist, should be especially vigilant when paying their bills. If you are one of those planning to travel to experience the World Cup in person, the experts at Kaspersky Lab they have some helpful tips to help you protect against the most common attacks on ATMs and common point of sale (PoS) devices in Brazil.

safe use of TDC

Avoid cloning your credit cards

The point of sale devices are very common in Brazil – according the Central Bank of Brazil, credit and debit cards represent 70% of all payments in the country. Chip and PIN cards are accepted by almost all businesses, even taxi drivers.

  • Tips: Despite the recent news About security flaws in this protocol, Chip and Pin cards are still more secure and difficult to clone compared to magnetic stripe cards. If you do not have this type of card yet, ask your bank if it is possible to obtain one before your trip.

In Europe and North America, many people have the habit of handing their cards to restaurant and shop staff. In Brazil, this can be dangerous.

  • Tips: Please don’t – you’re presenting fraudsters with a golden opportunity to clone your card, and the temptation is inevitably too strong to resist. Ask the staff to bring you the electronic payment terminal.
  • Beware of fortuitous encounters or accidents that could put your card out of reach at some point. If this happens, check that the card that is returned to you is really yours. If you have any questions, inform the bank immediately.

Points of sale and malware in electronic payment terminals

The called Goat Sucker malware Y Trojan-Spy .Win32.SPSniffer , a family of malware with many variants Developed in Brazil and identified since 2010, it affects point of sale devices and electronic payment terminals, which are very common in the country. These devices are connected to a computer via a USB or serial port to communicate with electronic funds transfer (EFT) software. The Trojan infects the computer and tracks the data transmitted through these ports.

The PIN is encrypted as soon as it is entered, most often using triple DES encryption. But Track 1 data (credit card number, expiration date, service code, and security code (CVV)) and public chip data are not encrypted on old, outdated device hardware. This data is sent as plain text to the computer through the USB or serial ports. All you need to do is capture this data to clone a credit card.

  • Please be sure to check your credit card statement to verify all transactions and report anything suspicious to the bank immediately.
  • Whenever possible try to pay through a device wireless point of sale – since they are a bit more secure than previous models that were connected to USB or serial ports.

How to use ATMs in Brazil

Brazil has 118 ATMs for every 100,000 adults according to the World Bank, which places it in ninth place in the world in terms of ATMs. This presents many opportunities for scammers to install skimmers, also known as “Chupa Cabra” devices.

  • Tips: Use your hand to Covering the keyboard as you type in your PIN is a great way to thwart most skimmers, who tend to rely on hidden cameras.
  • If you notice anything unusual or not looking right, notify the bank or the owner of the machine, and go somewhere else to withdraw cash.

«Be careful when using ATMs or when paying with your credit card. Don’t forget that cyber criminals in Brazil carry out their malicious plans all the time. Also remember that it is much safer if the transactions are made right in front of you. Beware of fortuitous encounters or accidents that could result in your card being out of reach for a few moments. If this happens, check that the card that is returned to you is really yours. If you have any questions, inform your bank immediately of the incident, ”Fabio commented. Assolini, Senior Security Researcher in Kaspersky Lab’s Global Research and Analysis Team.

[+] Videos de nuestro canal de YouTube