<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=464741397436242&amp;ev=PageView&amp;noscript=1">

    The Double Threat: Understanding Both Physical and Digital Credit Card Skimmers

    Double Threat: Understanding Physical & Digital Credit Card Skimmers

    Credit card skimmers have been a major form of fraud for many years. Threat actors use physical and digital skimmers to steal credit card numbers and PINs from innocent people at fast-food restaurants, gas stations, and many other places.

    What are Physical and Digital Credit Card Skimmers?

    Physical Skimmer: A credit card skimmer is a device or software used to illegally capture credit card information from unsuspecting individuals. These devices are often installed on legitimate card readers, such as those found on ATMs, gas station terminals, or point-of-sale devices at retail stores.  

    Physical skimmers are typically small devices that are attached to card readers, often discreetly placed over the legitimate card reader or inside the machine itself. When a person inserts their credit or debit card into the compromised reader, the skimmer captures the card's magnetic stripe data The magnetic stripe data includes the card number, expiration date, and sometimes the cardholder's name. Some skimmers also have hidden cameras or overlays to capture PINs as they are entered. 

    For a long time, card users only had to worry about skimmers at physical locations where they were using their cards. As the internet and electronics evolve, so do the tactics and methods threat actors use. A new threat that card users are faced with is digital card skimmers. 

    Digital Skimmer:  A digital skimmer, also known as a website or web skimmer, is a type of malicious code designed to steal payment information from websites. This type of skimmer typically targets e-commerce websites. The skimmer code is injected into the website's payment processing pages, often through vulnerabilities or security flaws. 

    How are Web Skimmers Linked to Telegram? 

    Telegram has become a hotspot for threat actors who commit fraud. There are many public and private Telegram channels that either sell stolen credit card credentials or even send the data out for free. The image below is just one example of a Telegram channel that contains thousands of stolen credit card numbers. In this channel, the data is free to anyone. Just this one channel alone has over 5,000 subscribers. The image below also shows an example of just how much data is being shared every day within these public and private Telegram channels.  The timestamp shown on each message shares just how many messages are being sent within a single minute. 

    A screenshot of a chat

Description automatically generated

    How to Prevent Becoming a Victim     

    To prevent becoming a victim of skimming, whether it's physical or digital, here are some steps you can take: 

    Stay Vigilant and Inspect the Card Reader

    Before inserting your card, give the card reader a quick inspection. Look for any loose parts, unusual attachments, or anything that seems out of place. 

    Cover Your PIN

    When entering your PIN at ATMs or point-of-sale terminals, cover the keypad with your hand to prevent hidden cameras or onlookers from capturing your PIN. 

    Monitor Your Accounts

    Regularly monitor your bank and credit card statements for any unauthorized transactions. 

    Use Secure Websites

    When making online purchases, only enter your payment information on secure websites with HTTPS encryption.  

    Stay Educated

    Stay informed about the latest skimming techniques and scams. Knowledge is the best defense against falling victim to skimmers. 

    Reach out to ThreatAdvice today to update and secure your organization with our top-tier fraud prevention and cybersecurity solutions!