Scammers bug retail registers with $40 keylogger devices

By on
Scammers bug retail registers with $40 keylogger devices

Fraudsters boldly entered the store to plant skimming devices.

A group of men boldly entered a US retailer and planted skimming devices on the retailer's registers.

Six men allegedly carried out the con by distracting Nordstrom staff while others planted the devices over the course of several hours.

A team of three entered first with the mission to scope the premises, taking photos of the register and removing its back panel. Then, a few hours later, a separate group of three installed a keylogging device.

Security blogger Brian Krebs obtained an alert on the incident from local police who discovered the suspects via CCTV tampering with store registers.

The keyloggers used by the fraudsters can be easily obtained online for about $40, he revealed. Nordstrom discovered that six devices had been planted.

“These hardware keyloggers are essentially PS2 connectors that are about an inch in length,” Krebs wrote.

“The tiny data storage devices are usually purple in color to match the color-coded standard for keyboards, and are made to be inserted between the male end of a PS2 keyboard connector and the female receptor on a computer.”

He later added that while the color and shape of the devices indicated they were designed to interface with keyboards, that detail didn't mean that scammers “can't steal data from a credit card reader,” with the devices.

“Many cash registers at retailers have PS2-based card readers, or connect the reader directly to the computer's keyboard,” Krebs explained.

Brooke White, a Nordstrom spokeswoman, confirmed that devices were planted on its registers.

“We can confirm that we found and removed unauthorized devices on a small number of cash registers at our Nordstrom Aventura, Florida store,” she wrote. “We take this situation seriously and have been working closely with law enforcement and forensic experts to investigate this and understand any impact on our customers."

Crooks in London, who posed as IT engineers, allegedly entered Barclays and Santander bank locations to fit computers with keyboard video mouse (KVM) devices.

The devices were meant to give them access to multiple computers in the organization's network – to monitor accounts, move money or do any manner of malicious feats.

London police were able to thwart the cyber heist on Santander, but Barclays reported a £1.3 million loss in April, equivalent to around $2 million, as a result of the incident.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?