News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Hacked Petrol Pumps

    Home Forums Code Red – Security/Privacy advisories Hacked Petrol Pumps

    Viewing 9 reply threads
    • Author
      Posts
      • #2011217 Reply
        Kirsty
        Da Boss

        Hidden Cam Above Bluetooth Pump Skimmer

        By Brian Krebs | November 25, 2019

         
        Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices.

        Apparently, I’m not alone.

        Whoever hacked this fuel pump was able to get inside the machine and install a Bluetooth-based circuit board that connects to the power and can transmit stolen card data wirelessly. This allows the thieves to drive by at any time and download the card data remotely from a mobile device or laptop.

         
        Read the full article here

        2 users thanked author for this post.
      • #2011400 Reply
        MrJimPhelps
        AskWoody_MVP

        My wife’s card got hacked once at a very popular gas station. The bank caught it immediately and called her.

        Needless to say, we don’t shop at that particular gas station anymore. Sad, because they always have the lowest price.

        I always choose “credit” rather than “debit”, because if you choose debit, they will probably put a hold on $75 on your bank account. With credit, there is never a hold. Now I have an additional good reason for choosing credit – I won’t have to enter my PIN when making the purchase.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
        1 user thanked author for this post.
        • #2011433 Reply
          Kirsty
          Da Boss

          In many countries, PIN entry is required for credit card payment at an EFTPOS terminal (where signatures have been phased out over many years).

        • #2012760 Reply
          wavy
          AskWoody Plus

          Debit cards (in the USA) are a poor choice for anyone with half way decent credit. Stay FAR away.

          🍻

          Just because you don't know where you are going doesn't mean any road will get you there.
          1 user thanked author for this post.
          • #2012858 Reply
            GoneToPlaid
            AskWoody Plus

            Perhaps not so. I deliberately use debit cards which are associated with accounts with limited funds. At gas pumps, I run them as credit, which requires me to enter my billing zip code instead of a PIN. After I make my purchase, I instantly get a text message and an email alert from my bank about when, where, and the amount of the purchase. Debit cards always have much lower daily credit, versus the available credit on a credit card.

            On the other hand and with most credit cards, the only thing I get are emails that the card was used to make purchases. I then have to log into my banking in order to see the charges.

            The upshot is that I have turned on every possible alert and security feature which my banking institutions offer, including creating both verbal passwords and agreeing to voice recognition.

            I also disabled any charges for any of my cards which were made from abroad, and I only enable this when I am about to travel abroad.

            • #2013039 Reply
              wavy
              AskWoody Plus

              I deliberately use debit cards which are associated with accounts with limited funds

              With that arrangement one must have an alternative payment method (another debit card perhaps) because (as I have read) it is common for more funds totally more than the transaction to be put on ‘hold’. And credits cards offer better minimum protections. But if it works for you.. 😉

              🍻

              Just because you don't know where you are going doesn't mean any road will get you there.
              1 user thanked author for this post.
              • #2014055 Reply
                mn–
                AskWoody Lounger

                Over here, with debit cards the pump asks you how much to hold… and also they normally release the hold right after you’re done if the network connection hasn’t gone down while you were at it.

                not particularly thirsty and its tank capacity is… … enough for some 180 miles

                I’d say that’s either an underspecced tank or a very thirsty car.

                Why yes, back when I was that age, one of the first repairs done to “my” car was to replace the fuel tank with a bigger one.

        • #2012887 Reply
          OscarCP
          AskWoody Plus

          And with credit cards, one can always protest the charge after the fact, particularly a fraudulent one, as long is within 60 days of the questioned payment. With debit cards, once one pays with one of these, the payment money is taken from one’s bank account and goes directly and immediately into the fraudster’s pockets… and it’s gone, baby, gone.

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          1 user thanked author for this post.
      • #2011769 Reply
        Paul T
        AskWoody MVP

        Needless to say, we don’t shop at that particular gas station anymore

        It’s probably now a very safe place to shop as the police will have visited to identify the fraudster, so they will be very careful.

        cheers, Paul

        2 users thanked author for this post.
      • #2012871 Reply
        OscarCP
        AskWoody Plus

        I always have paid with cash (a.k.a. greenbacks in these parts) wherever I go, anywhere in the country and even abroad (in the local currency). When driving locally in it, my own car is not particularly thirsty and its tank capacity is some 8.5 gallons, enough for some 180 miles, which can last me a couple of weeks, given my driving needs (I can and often do telecommute). Even when gasoline has been expensive in recent years, the cost of filling the empty tank completely (something better avoided in practice) has been no much more than 40 US$ (more in Europe, of course) so it is possible for me to carry enough ready cash for that (I normally carry more, just not in my back pocket…)

        So, gasoline pump hackers: hack this! I say.

        This works and will continue to work, until the world goes crazy enough to switch from using paper cash to using plastic for everything, everywhere.

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        • #2013040 Reply
          wavy
          AskWoody Plus

          Of course that last gallon takes a minute because of the metering system. Call me impatient but a CC is faster and I am less likely to get bumped on the head for flashing a wad around.

          🍻

          Just because you don't know where you are going doesn't mean any road will get you there.
        • #2013125 Reply
          Anonymous
          Inactive

          I’m the same way.  Cash and carry for me.  I mostly use a credit card for online purchases.  Not too often do I use one in a brick and morter store.

          You can’t hack a Federal Reserve Note.

          1 user thanked author for this post.
      • #2012895 Reply
        Paul T
        AskWoody MVP

        8.5 gallons, enough for some 180 miles

        21mpg is terrible. I get over twice that and I’m still not happy.  🙂

        cheers, Paul

        • #2012904 Reply
          Kirsty
          Da Boss

          Don’t forget US vs. UK gallons differ! 😉

          1 user thanked author for this post.
        • #2013102 Reply
          OscarCP
          AskWoody Plus

          Paul-T: In gallons or liters, as an argument, the use of mpg or l/100 km is not a very good one here. Because it all depends on how many miles — or kilometers — one actually drives. At my age, the place where I live (near where I work, shop, have my mechanic’s, pharmacy, doctor and dentist), and my position in life, that distance is far below average (and I am glad it is, as I never much liked driving cars). Which just goes to show that using the mph as measure is not a good way to figure out either the carbon footprint or the expenses incurred using a particular vehicle. It makes sense only when discussing significant numbers of vehicles, whole fleets of them.

          cheers, Oscar

          Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

          1 user thanked author for this post.
      • #2012907 Reply
        Paul T
        AskWoody MVP

        Thanks to Kirsty the correct conversion is 11.2l/100km. Still terrible!

        cheers, Paul

        • #2013122 Reply
          samak
          AskWoody Plus

          Not so bad if most of the time it is only being used for short trips around town. If it included much highway driving then it’s not good.

          W7 SP1 Home Premium 64-bit, Office 2010, Group B, non-techie

          1 user thanked author for this post.
      • #2013979 Reply

        Using your bank’s ATM chip-and-pin card and shielding your PIN is pretty safe, or so says Clark Howard (https://clark.com/). Some merchants hate this, but too bad.

        The guy says that ATM chip-and-PIN cards put you at less risk that a debit card w/Visa/Mastercard logos on it, as it takes longer and is more hassle to get your dough back. He hates the things.

        Personally, I pay cash, PayPal, or write a check for really big stuff. I don’t use a credit card any more, since the Equifax hack really took me to town.

        “No, I am NOT John J. Jinksenhiemer Smith, and I was never in Nacogdoches, Texas, and I did NOT buy a Corvette!!”

        Win7 Pro SP1 64-bit ESU, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Patch List", Multiple Air-Gapped backup drives in different locations, "Don't auto-check for updates-Full Manual Mode." Linux Mint Greenhorn
        --
        "A committee is the only known form of life that has at least four legs and no brain."

        -Robert Heinlein

      • #2019558 Reply
        Kirsty
        Da Boss

        VISA warns of POS malware incidents at gas pumps across North America
        VISA says it’s aware of POS malware being deployed on the networks of five North American fuel dispenser merchants.

        By Catalin Cimpanu | December 14, 2019

         
        Payments processor VISA says North American merchants who operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale (POS) malware on their networks.

        In two security alerts published in November and December, respectively, VISA said its security team investigated at least five incidents of the sort.

        While the in-store POS terminals of some merchants might support chip-and-PIN transactions, most of the card readers installed on gas pumps do not.

         
        Read the full article here

        1 user thanked author for this post.
      • #2053621 Reply
        Douglas
        AskWoody Plus

        There was a spate of news reports a couple of years ago here where I live about hacked fuel pumps. It was happening at convenience store pumps more than anywhere else. I have always used cash when paying for gasoline, but these reports removed all temptation to use plastic.

        I never, ever use my debit card anywhere except at my bank’s ATMs, or when out of town at banks that use the same interbank network that my bank uses (such as STAR) to minimize having to pay extra fees. At most places where I need to buy something, it is with cash I withdrew directly from my bank. Even bank ATMs are not immune to the kind of hacking described here. I remember some links to articles that described how these hacks take place and what to look for at ATMs, fuel pumps, etc., to help you spot machines with potential problems. Some of them can be quite sophisticated, and some have parts added externally to the machine that look like they are authentic components, that is unless you know what to look for.

        When I do have to use plastic somewhere other than the bank, it is of course only with my credit card and even then I will not let it out of my sight. A friend used his at a restaurant for breakfast once where the server took it away to the register and came back with his card and the slip for him to sign and everything seemed okay. That is, until a few hours later when he found out that some very large charges had been taking place since breakfast. He was able to get everything straight, but it took a few days. (The restaurant could not tell who did it, since the server took it to a cashier and it could have been either of them who did it.) Anyway, I will never let my card out of my sight, which means I do not use it at restaurants (cash only for me).

        The cashless society of the future many people want to see does not have me for a supporter.

      • #2174507 Reply
        Seff
        AskWoody Plus

        Add me to the list of those who prefer to use cash wherever possible when “out and about” shopping. I use a credit card for online purchases but have nothing to do with online banking.

        There have been reports of ceiling cameras being used in petrol stations in the UK for spying on card readers and since a friend lost a lot of money that way I’ve always used cash when paying for fuel.

        I also avoid contactless card payments as it’s too easy to lose track of what you’re spending. I prefer to withdraw a cash amount from an ATM inside a local bank for the week and I draw a bit more if it’s a week when I’m going to need fuel.

        1 user thanked author for this post.
    Viewing 9 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Hacked Petrol Pumps

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.