http://www.maximumpc.com|JAN 2011|MAMAMAXIMXIMXIMXIMUUUUMMPPPCC| 33
Webmail
Safety
How to keep your webmail
account safe from prying eyes
Attacks in RL, or real life, are getting just as dangerous as those on your PC
ATM Skimmers
ATM skimming gets a lot of headlines but it’s
hard to say how much damage it’s actually
doing. The Secret Service tallies skimming in
the “financial crimes” column, which hasn’t
moved much. In 2008, all financial crimes
totaled $442 million. In 2009, the crimes
totaled $443 million. While the chances of
you getting skimmed are actually slim, that
doesn’t mean you should be blind to it.
Skimmers literally skim your debit
card’s data and PIN code when you use an
ATM. The crooks accomplish this by placing
incredibly detailed facades over an actual
ATM. As you slide your card into the ATM, a
mag reader in the device reads the magnetic
stripe. These mag readers are incredibly
small and usually designed to replicate the
look of a normal mag reader interface. Then,
either a pinhole camera or a faux keyboard
laid over the actual ATM’s keypad records
your PIN entry.
The devices are usually installed in the
middle of the night. After a few days, or
sometimes a few hours, the crooks remove
the device and collect the information. More
advanced devices include Bluetooth radios
so the crooks can download the stolen infor-
mation remotely.
Scary? Yes. But there are a few steps you
can take as a precaution.
Try to use ATMs that you are familiar
with. This way, you’re more likely to catch
any tell-tale signs that something is amiss. If
the ATM you have been using suddenly has anew or secondary safety mirror placed about
the keyboard or a new pamphlet holder, take
a closer look at the items or try to rock them
to see if they will come off. Crooks will often
place their surveillance cameras in these ob-
jects to capture you entering your PIN code.
Before you put your card in the ATM, try
yanking or nudging the card reader. Skim-
mers are usually held on with double-stick
tape or magnets and will easily be moved.
When you enter your PIN code, cover
the keyboard as though you were protecting
your hole card in a tough poker game.
Beware of people trying to “help” you
with your ATM card and those who hover
too closely while you enter your PIN code.
Crooks will occasionally pose as the
police and call skimmer or pick-pocket
victims and ask for the PIN code to the card.
Closely monitor your bank statements
and immediately report suspicious activity
to your bank.Gas Skimmers
What’s scarier than an ATM skimmer? To
us, it’s the gas skimmer. Crooks are beginning to
crack open gas pumps where they can install
Bluetooth-enabled skimmer equipment. Unlike
ATMs, which are alarmed and closely monitored
by the banks, gas pumps are far less secure. Since
the equipment is inline and sniff s the data com-
ing from the keyboard on the gas pump, there
are no external signs to look for as there are with
ATMs. Crooks can leave the equipment in place
for far longer than an ATM skimmer and can
simply download the information via Bluetooth
while parked in a nearby vehicle.There isn’t much to be done in this case,
but there are a few steps you should take.
Crooks are likely to tamper with pumps
farther away from the cashier’s booth where
a surveillance camera is unlikely to catch
them in the act. Using your debit card in
credit card mode will only require you to
enter your zip code, not your PIN code, so
they won’t be able to easily clone your card
and use it at the ATM to withdraw or transfer
funds. The third option is to just use cash
or use your card inside the gas station. Just
make sure you lock your car when you
go inside.Beware the ‘Found’
USB Key
What do you do if you find a USB key in
the parking lot at work? You take it to the
office and insert it in your work machine
to see if you can find embarrassing pictures
of a coworker. Instead, you’ve just been
hacked with malware specifically targeted
at the machines in your company. That
had been just a proof-of-concept until the
appearance of the Stuxnet worm, which
targeted Iranian nuclear power plants in
this manner. Although the worm is likely
the work of a foreign intelligence agency,
USB-based hacks emulating Stuxnet are
expected. Even before Stuxnet, worms that
spread by USB key have long been around.
The fix is easy: Don’t put that key in your
machine. Also, consider disabling AutoRun
on your machine. One way to easily do
that is with the free app Panda USB and
AutoRunVaccine (http://bit.ly/9XClno).ATM skimmers, like this one from an Australian bank, are designed to hide in plain sight. Often times,
a second device will record your PIN code being entered into the ATM, too.Disabling AutoRun in your OS can help prevent the
spread of some USB-based malware.NORMAL CARD INTAKE ATM SKIMMER ATTACHED
Real-World Threats