LinkBack URL
About LinkBacks
Phishing Incident - Bali Mall Galeria
Be warned about using the ATM machines at the Bali Mall Galeria. Just this morning been checking my online banking with HSBC in the UK after a card was refused yesterday in Sanur. I've been Phished!
Multiple daily withdraw amounts to the maximum each day for the past three weeks. I invariably use this particular card so don't check the account every day.
The hit is around US$6k, the HSBC fraud squad are now looking into this.
Be warned.
Cheers,
Mark.
sorry to hear your account/card has been hacked..
may I ask, how do you know it happened in Galeria?
don't read between the lines..i think the words are clear enough...:)
that is my opinion as all of the withdrawals made in Jakarta were from the same Galleria chain...
I have used those ATMs many times and I thought it would be a "safe" place to get money - lots of people around and a security guard. You would think the security guard is getting money also or he wasn't paying attention when they installed their equipment. Most ATMs in Bali that I have seen have a big cover over the keypad, so I wonder how they were able to get your pin or maybe they used some other method?
Have you reported the problem to the police or the Galleria management yet?
Give a man a fish and he will eat for a day. Teach a man to fish and he will sit in a boat drinking beer all day.
Hi spicyayam,
I've been looking into the whole skimming theme and nowadays they have gadgets that fit over the slot of any ATM and fix on in seconds. It's basically a second slot that looks exactly like the slot of the genuine ATM. You put your card in, it works normally and you get your cash, but the gadget scans all of the details and writes that to a small hard drive. At the end of the day the criminal comes back, unclips the scam cover and walks away with a days worth of Debit Card information and PIN numbers. They then head off and start taking out cash systematically from all those accounts until dry.
I haven't reported anything yet, I want to get the issue resolved with my bank in the UK first.
Cheers,
Mark.
I would guess that "the bad guy" would make the first withdrawal soon after he/she got the card details. So think where you used the card in the 1 or 2 days before that first withdrawal. Is the card from and Indonesian bank? Do you ever use it at point-of-sale machines at store checkouts?
Somehow besides getting the info from the magnetic strip, they need to get the PIN. Sometimes they use video cameras, sometimes a bystander watching, sometimes they may manage to guess it from things they know about you - but guessing is tricky because bank systems aim to lock you out if there are too many wrong guesses.
I only ever used that card in that ATM as it is one of the few around here that gives out Rp100,000 notes. It's not a card that I would use for shopping or any other transactions, it is for a UK based bank. Skimming, as it is know, can be set up in seconds, uses elaborate yet simple to install hardware that is difficult to spot. They also have a system within the scanning procedure to record your PIN, whether acoustically based on the individual tones of the numbered keypad or via a pressure pattern recording system. All very technical. Have been looking into the scam techniques since this incident. Very reluctant to use ATM's again here without a close inspection.
Cheers,
Mark.
Interesting Reading
I browsed your Interesting Reading link - good info. Then Googled "ATM skimming" and checked the images - they have photos of modified ATMs, and there is one of a keypad overlay in Thailand - but I would think that any of us who had been thinking of ATM tampering would spot this.
So I think the most likely way they got your PIN is from video - does that ATM have the keypad hood that is becoming common? I wonder if a video camera could be mounted low enough to be peering in under such hoods. Even if it could it would be harder to read off what PIN was punched compared with a camera up higher. They will be able to read the PIN being punched more easily if the person uses just one finger - if the hand is over the keypad and you use multiple fingers like in touch typing - then it will be hard for the video viewing person. I have also seen video clips that encourage you to key in the PIN with you right hand while holding something like an envelope or open wallet as a shield with your left hand.
One has to be very careful also in most shops when paying with CreditCards as the 'pin' machine has no long enough cable and you have to hang over the counter to type in your secret number. There is no cover whatsoever and even 'security-camera's' hanging over it. Who is on the other side of the camera?
After reading all the interesting posts that followed this warning i have a question:Originally Posted by CanonMan
Skimmers are made for specific type of(less well secured?)ATM machines.As each bank seems to be using different machines,it would be very useful for all of us to know at wich banks ATM you have been phished.
If you do not want to tell it at a public forum,maybe for fear of being charged with slander,you might send me a PM with the info.
I will be glad to transfer the info to anyone asking for the details.
No news from your bank yet?
Good luck!
@Ron:If there is a fake keypad over the original one,it is no use holding anything over it.
Last edited by hermit; 23-04-2011 at 10:16 PM.
Posting Permissions
Reply With Quote
