The following are the most common techniques of these scams:
Card Not Present (CNP)
Using this technique, hackers can use data a credit or debit card without authorization. This data can be used to complete a market or provide services, without the card itself being available. Usually, criminals obtain the necessary data through violations, Phishing emails, message scam and more
According to the IOCTA 2019 report, CNP fraud is the most critical payment card fraud on Europe. It is often associated with other illegal activities. Criminals use stolen credit card credentials and do different things. For example, they make airline tickets, book hotels, rent houses, etc. They do this by combining CNP fraud with fake IDs.
In most cases, victims do not understand the unauthorized use of their cards, because they still have the card in their possession.
Not long ago, members of a skimming gang were arrested attacks at an ATM in America. The criminals had managed to steal over 20 million dollars. The problem is that not all ATMs and PoS terminals are protected. Hackers copy the data from the magnetic tape of the cards.
In addition, install skimming maliciously ATM software, which allow data copying and the creation of fake cards.
In Europe, using a fake card (with cloned magnetic tape) is not an easy task. Most cards are protected by EMV chip technology (Europay, MasterCard and Visa).
After the card data is stolen, criminals upload it to the Dark Web to sell it.
Jackpotting (or black-box) attacks are one of the most common ATM attacks. Criminals usually install malware on ATMs by finding a door USB. Other times, they use a blackbox device that is connected to the distributor and drains the cash in the ATM.
Two of the most common tools for carrying out jackpotting attacks are WinPot and Cutlet Maker. One can find them on the dark web. In one attack, criminals dug a hole in the ATM screen and connected a USB cable to the ATM printer cable. They then used Cutlet Maker software, logged in and withdrew money. Only ten minutes is enough to carry out the attack.
According to a new investigation, the rate of this type of fraud has increased by 89%. Also, research has shown that account takeover attacks (ATO) are one of the most successful.