Gas pump malware tricks customers into paying for more than they pump

The malware caused the gas pumps, cash registers and back-end systems to display false data. It was also able to cover its tracks. It worked like so: every morning, employees would come up with a pretext to leave one of a station’s reservoirs empty – for example, under the pretense of cleaning. When a customer bought gas, the program automatically shortchanged the customer of between 3% and 7% of the gas purchased. But the gas pump itself would show that the entire volume of purchased gas had been pumped into the tank. The stolen gasoline was automatically sent to the tank that the attendants had left empty that morning.

An idea: Next time you're at 1/4 tank, go to a gas station, fill your tank, and take a picture of the end result for future reference. If you consistently refuel when the gas gauge reads 1/4 tank, you'll know how many gallons it takes to reach a full tank for your vehicle.

It takes about 13 gallons to fill my vehicle when it reaches a quarter-tank. Gas prices have been fairly consistent in my area, so it takes about $42 to fill my rig. If I visit a gas station that has fallen victim to malware, and a typical fill-up at 1/4 tank results in $47 or $48, plus I notice that it takes 15 gallons to fill my tank, I would start to ask questions.

Five cents more for a gallon of gas would normally mean a 65 cent increase in my total cost for the fill-up. If the total cost is more than a few dollars, I would surmise that something was up.

Full Article


BlogChris Powell