Not too long ago, we reported on the lick that various organized crime outfits are using to obtain credit card information to buy gas and flip it. The lick involved installing credit card skimmers onto gas pumps to retrieve credit card numbers and PIN numbers. Welp, it seems as though either those same gangs or different ones utilizing the same technique have hit Safeway grocery stores in Colorado and California.
Folks who have shopped at Safeways in the Rocky Mountain and Golden States noticed their bank accounts had been milked dry when they went to the ATM machine. Sources “compared notes and found that all of the affected customers had purchased goods from one of several specific lanes in different compromised stores (the transaction data includes a ‘terminal ID’ which can be useful in determining which checkout lanes were compromised,” according to Krebs On Security.
Krebs offers some insight on how this caper unfolded:
In order to steal card data and personal identification numbers (PINs) from Safeway customers, the thieves would have had to open up the card processing terminals at each checkout lane. Once inside, the thieves can install a device that sits between the keypad and the electronics underneath to capture and store PINs, as well as a separate apparatus that siphons account data when customers swipe their cards at the register.
Either that, or the skimmer crooks would have to secretly swap out existing card terminals at checkout lanes with pre-compromised terminals of the exact same design. In any case, skimming incidents involving checkout lanes in retail locations generally involve someone on the inside at the affected retailer.
Though Safeway would not elaborate on specific locations, sources within the bank industry traced the fraud back to the Arvada, Conifer, Denver, Englewood and Lakewood areas in Colorado and Castro Valley and Menlo Park in Cali. According to these sources, the crooks have been hitting this lick since September. If you have used Safeways in these locations, make sure your ban account is good. You won’t be held accountable for fraudulent charges, but you have to notify your card issuer ASAP.
Furthermore, as always, watch out for the jux.