Imagine walking up to an ATM, inserting your card, withdrawing $40 for the week, and then going home.
Nothing unusual happened.
You used your PIN.
You got your cash.
You walked away.
And then later that evening you check your account and $960 is gone.
Not a slow drain over several transactions.
Not a charge you vaguely remember making.
$960 vanished in a single session at the same ATM where you just withdrew your 40.
And when you call the bank to report it, they tell you that you authorized the transaction.
Case closed.
This is not a hypothetical.
This is what happened to multiple real people in California, and the method the scammers used is one of the most deceptively simple and technically clever ATM attacks that has emerged in years.
It involves super glue, a stranger, and a feature on your ATM card that most people have never thought twice about.
By the end of this video, you are going to understand exactly how this attack works, why it is so difficult to dispute with your bank, what the Supreme Court and federal consumer protection laws say about your rights when unauthorized transactions happen to your account, and most importantly, the exact steps you can take right now to make sure you never become the next victim.
Welcome back.
I am your host, and today we are going deep on a scam that is spreading faster than most people realize and targeting ordinary people going about their ordinary financial lives.
Before we get into it, go ahead and like this video and subscribe to the channel because this kind of information is exactly what this channel exists to deliver.
The people who watch these videos protect themselves.
The people who do not find out the hard way.
Let us make sure you are in the first group.
Here is the exact story of how this attack was first reported because the specifics of what happened to the victims in California reveal everything you need to understand about why this scam works so well.
A woman approached an ATM to withdraw $40.
She inserted her card into the slot, but the card would not go in.
The slot was not accepting it.
As she stood there trying to figure out what was going on, a helpful stranger nearby noticed her difficulty and offered an explanation.
He said something like, “Oh, you have one of the new cards, right? With the tap feature.
Just tap your card on the reader instead of inserting it.
” The tap feature, contactless payment technology, is something most modern debit and credit cards now have.
Many people use it regularly for purchases.
It is a legitimate feature.
So, the woman tapped her card on the ATM reader, entered her PIN, withdrew her $40, thanked the helpful stranger, and went on with her day.
It was only when she checked her account at home that she discovered the additional $960 missing.
She called Chase Bank to report the unauthorized transactions, and Chase’s initial response was stunning.
The bank told her they would not be returning the money because she had authorized the transaction.
Think about what that means from the bank’s perspective.
They saw a customer use their card, enter their PIN, conduct a session, and they interpreted everything that followed as authorized under that same session.
As far as the bank’s records were concerned, the customer had approved the activity because the customer had initiated the session.
It was not until the ABC news team picked up the story and the resulting public pressure mounted that Chase reversed its decision and returned the stolen money to the victims.
But most people who get scammed this way will not have a news crew in their corner.
Most people will face that initial bank refusal with no recourse and no leverage.
Understanding exactly why the bank responded this way requires understanding exactly how the attack works at a technical level because the technical mechanics are what create the legal and financial dispute that benefits the scammer.
Here is what actually happened at that ATM and why it worked.
The attacker arrived before any victims were present and applied super glue to the card insertion slot on the ATM.
Not to the entire machine, just the slot where cards are inserted.
This is not a sophisticated piece of hardware.
It is a tube of super glue and 30 seconds of work.
The slot is now sealed.
Cards cannot be inserted.
The ATM itself continues to function completely normally in every other respect.
When a customer arrives and tries to insert their card, it does not go in.
They may try several times.
They may look for a malfunction notice on the screen.
There is none.
And this is when the attacker, who has been nearby watching, introduces himself as a helpful stranger.
The social engineering component of this attack is essential because most people would eventually figure out the tap feature on their own or would simply leave and find another ATM.
The attacker needs to keep the victim at this specific machine and needs to get them using the tap feature rather than looking for a different solution.
So, he plays the helpful neighbor, the person who just happens to know about that newer feature, and he steers the victim toward exactly the action that creates the vulnerability.
Now, here is the technical piece that most people have never thought about, and it is the reason this scam works so elegantly from a financial crime perspective.
When you insert your card into an ATM and complete a transaction, the session ends when you remove the card.
The card leaving the slot signals to the system that the transaction is complete and the session is closed.
If you want to do another transaction, you insert the card again and authenticate again with your PIN.
But when you use the tap feature, the session structure is fundamentally different.
Contactless tap technology is designed for speed and convenience.
When you tap your card, authenticate with your PIN, and complete your transaction, the session does not necessarily close the same way.
The ATM may still be in an active authenticated session.
And if you walk away from the machine while that session is open, thinking you are done, the attacker can walk up to the ATM immediately after you leave and conduct additional transactions on your open session without entering your PIN.
They have access to your account because the authentication you provided is still active.
The session is yours.
The access belongs to whoever is at the machine.
This is why the bank’s dispute response was technically defensible from the institution’s perspective.
The PIN was entered once by the legitimate customer.
Every transaction that followed in that session was conducted under the same authenticated session.
From the bank’s records, it looked like one continuous authorized session.
The fact that a criminal stepped in partway through and conducted their own transactions on your open session is extremely difficult to distinguish from the record of a customer who simply continued using the machine after their initial withdrawal.
The documentation shows your authentication, your PIN, your card, your account.
The theft is invisible in the transaction record.
This is also why understanding your legal rights as a consumer in this situation matters so much because the bank’s initial position, that you authorized the transaction, puts the burden back on you to prove you did not.
And the Supreme Court and federal consumer protection law do have relevant things to say about where that burden should actually fall.
Under the Electronic Fund Transfer Act, which governs debit card transactions and ATM withdrawals, consumers have specific protections against unauthorized electronic funds transfers.
The law defines an unauthorized transfer as one initiated by a person other than the consumer without actual authority to initiate the transfer.
The key phrase is without actual authority.
A consumer who is tricked through fraud and social engineering into initiating a session that a criminal then exploits has not granted actual authority to the criminal.
The criminal obtained access through deception and fraud, not through any genuine authorization from the account holder.
Federal Regulation E, which implements the Electronic Fund Transfer Act, requires financial institutions to investigate claims of unauthorized transactions and to provisionally credit the consumer’s account during the investigation period in most cases.
Banks are required to investigate and resolve disputes within specific time frames.
When banks refuse to do this and simply tell consumers they authorized the transactions without conducting a proper investigation, they may be violating the requirements of Regulation E.
The Consumer Financial Protection Bureau has enforcement authority over these requirements and has taken action against banks that failed to properly investigate and resolve consumer disputes under Regulation E.
The reason Chase ultimately reversed its decision and returned the money when ABC News became involved is almost certainly because the public attention focused regulatory scrutiny on whether the bank had properly discharged its obligations under Regulation E.
A proper investigation of the circumstances, including the super glue tampered ATM and the documented social engineering component of the scam, should lead a reasonable investigator to conclude that the additional transactions were not authorized by the customer.
But without that pressure, the bank’s initial position was to deny the claim and push the burden back onto the consumer.
This is why the legal framework matters and why you need to know it before this happens to you.
If you are ever denied a legitimate dispute claim by your bank, you have options beyond simply accepting that denial.
You can escalate within the bank to a supervisor or the bank’s fraud resolution department.
You can file a complaint with the Consumer Financial Protection Bureau, which takes these violations seriously and has the authority to require banks to comply.
You can file a complaint with your state’s banking regulator.
And in certain circumstances, you may have grounds for legal action if the bank has failed to meet its obligations under Regulation E.
Now, let us talk about why debit cards specifically make this situation so much more dangerous than credit cards because this distinction is one of the most important and most consistently overlooked pieces of financial security advice available.
When a fraudulent transaction occurs on a credit card, you are disputing a charge on money that the bank has extended to you as credit.
The bank has an interest in resolving that dispute quickly because the money at stake is their money extended to you.
The legal protections under the Fair Credit Billing Act for credit card fraud are also generally stronger than the protections for debit card transactions.
In most cases with credit cards, your liability for fraudulent transactions is capped at $50 and is often zero if you report the fraud promptly.
When a fraudulent transaction occurs on a debit card, the situation is fundamentally different.
The money that was taken was your money.
It came directly out of your bank account.
It is gone the moment the transaction clears.
And while Regulation E does provide protections for debit card unauthorized transactions, the process of recovering that money through a dispute is slower, more complicated, and more adversarial than the credit card equivalent.
Banks fight debit card disputes harder because refunding a debit dispute means giving the customer back money that has already left the bank’s ledger, while resolving a credit dispute means simply adjusting a charge that had not yet settled.
The practical advice that every financial security professional has been giving for years is to use credit cards for all transactions wherever possible, including at ATMs if you can access cash advances through credit accounts.
Never use a debit card at an ATM you have not used before or are not completely confident in.
Never use a debit card at gas station pumps, which are among the highest risk locations for skimming and tampering.
And if you must use a debit card, monitor your account in near real time using your bank’s mobile app with transactional alerts enabled so that any unauthorized activity is visible within minutes rather than hours.
Now, let us talk about the specific protective steps you need to take to make sure you are never the victim of this superglue ATM scam or any variation of it.
The first and most important rule is this.
If the card slot does not work, do not use that ATM.
Walk away immediately and find a different machine.
The card slot not working is itself a red flag.
ATMs that are functioning normally accept cards without difficulty.
A slot that resists or refuses card insertion should be treated as a potentially compromised machine regardless of what any bystander tells you about tap features or newer card technology.
The machine is telling you something is wrong.
Listen to it.
The second rule is that if you do use the tap feature at an ATM for any reason, you must actively close your session when your transaction is complete.
Do not simply take your cash and walk away.
Look at the ATM screen and confirm that the session has ended.
If the screen shows options for additional transactions, cancel them explicitly.
Navigate through whatever menu options are necessary to fully terminate the authenticated session before you step away from the machine.
A session that you consciously closed is a session that a criminal cannot exploit.
The third rule is about your environment.
Stranger danger is real at ATMs in a way that most people underestimate.
A person who approaches you while you are using an ATM and volunteers helpful advice about your banking transaction is not a good Samaritan.
They are almost certainly either the person who set up the scam or someone with their own agenda that does not align with your financial safety.
No legitimate bystander has a reason to be involved in your ATM transaction.
If someone approaches you while you are at an ATM, end the transaction, secure your card, and leave.
You can use a different machine.
You cannot un-give a criminal access to your bank account.
The fourth rule is to trust your instincts about the environment.
If an ATM feels wrong, if the location feels unsafe, if there are people nearby who seem to be paying unusual attention to the machine or to you, leave.
Find another ATM.
Your gut is often processing risk information faster than your conscious mind.
Financial security professionals call this the pre-attack phase observation.
Criminals spend time near their targets before the attack happens.
If you feel like you’re being watched or like something about the situation is off, that feeling is worth acting on.
The fifth rule is to understand that ATMs are supposed to be regularly inspected for tampering under the PCI DSS compliance framework that governs payment card industry security standards.
Requirement nine of that framework specifically requires companies and institutions to perform periodic inspections of payment devices for signs of tampering or substitution.
A superglued card slot should be detectable during a routine inspection.
If banks and ATM operators were conducting these inspections with the frequency and thoroughness required, compromised machines would be identified and taken out of service before victims were targeted.
When you encounter a machine that appears to have been tampered with, reporting it to the bank or ATM operator directly is not just protecting yourself.
It is potentially preventing the next victim from losing their money.
Finally, know what to do if it happens to you anyway.
Report the unauthorized transactions to your bank immediately.
Call the fraud line the same day.
Do not wait.
The time frame within which you report affects your protections under Regulation E.
Get a case number for your dispute.
If the bank initially denies your claim, do not accept that denial as the final answer.
Escalate to a supervisor.
Request a written explanation of the basis for the denial.
File a complaint with the Consumer Financial Protection Bureau.
Contact your state’s banking regulator.
And document everything, including the date, time, and location of your ATM use, the ATM machine’s ID number if visible, and any interactions with bystanders during the transaction.
The people who lost money to this scam in California ultimately got their money back because a news organization applied public pressure that forced the bank to re-examine the circumstances.
You should not need a news crew to get your legitimate consumer protections enforced.
Know your rights before you need them.
If this video gave you something useful, hit that like button and subscribe to this channel.
We cover cybersecurity threats, financial scams, and consumer protection in exactly this kind of detail so you are prepared before the scammer finds you rather than after.
Drop a comment below and tell me whether you have ever had to fight your bank over a disputed transaction, and share this video with someone in your life who uses ATMs regularly because the information you just learned could save someone a thousand dollars or more.
I will see you in the next one.
News
Breaking: SEAL Team 6 and Virginia Class Subs Destroy Iranian Underwater Mines in Hormuz
To the warriors of epic fury, I say well done. You’re the backbone of our country. Your skill, your bravery, and sheer guts and grit showed the world what America is all about. In a daring nighttime operation deep beneath the treacherous waters of the Straight of Hormuz, Seal Team 6 and two, Virginia class […]
U.S. Strikes Iran’s Hidden Hormuz Missile Sites With Bunker-Buster Bombs — What Comes Next
5,000 lbs of precision-guided destruction. Traveling through layers of rock, through reinforced concrete, through tunnels Iran spent years building in total secrecy. And then, silence. Followed by an explosion so deep underground that the surface barely trembled. But what came out of those tunnels afterward was not fire, was not smoke, was nothing. Because there […]
Muslim Historian Converts to Christianity After Discovering Jesus Existed Outside the Bible
I need to tell you this story, not because I want attention or because I think I’m special, but because I’ve learned something that changed everything about my life, and I believe others need to hear it. What I’m about to share cost me nearly everything I had, my family, my reputation, my place in […]
Muslim Historian Converts to Christianity After Discovering Jesus Existed Outside the Bible – Part 2
My entire network was Muslim. My friends, my extended family, my colleagues, all of them operated within an Islamic framework. If I left Islam, I left all of that. I would be alone. Maybe I could just keep quiet about it. Maybe I could continue living as a cultural Muslim, going through the motions while […]
Muslim Historian Converts to Christianity After Discovering Jesus Existed Outside the Bible – Part 3
My brother was angry, wanted nothing to do with me. But she said she couldn’t hate me, couldn’t cut me off completely. Even though she disagreed with my choice. We couldn’t have a normal sibling relationship anymore. The religious divide was too great. But maybe, she said, we could have something. Maybe we could occasionally […]
BREAKING: King Charles Names All Three Cambridge Children to Order of Garter
A recent royal development has stirred intense discussion across Britain and beyond, as a historic decision within the monarchy signals a potential shift in both tradition and long term strategy. Inside the walls of Buckingham Palace, an announcement regarding the inclusion of three young royal heirs into one of the oldest and most prestigious chivalric […]
End of content
No more pages to load
