Cyber-enabled Petrol Scam Uses Industry Insiders

Media reporting has highlighted an innovative cyber-enabled scam involving petrol pumps across Russia.

With the collusion of staff, criminals reportedly siphoned fuel off into empty tanks at the targeted petrol stations. Meanwhile, malware on the petrol stations’ computer systems was used to display false data on the amount of fuel dispensed to customers, with each customer unknowingly receiving between 3% and 7% less fuel than they paid for. The stolen fuel was then sold separately and off the books by the criminals who pocketed the profits.

The malware used was reportedly ‘nearly impossible to detect’, though Russian authorities recently disrupted the scam when they arrested the alleged creator of the malware, Denis Sayev.

It’s not clear if a scam like this would be feasible in the UK. The National Measurement and Regulation Office enforces regulation of devices used in UK industry for measuring volumes of purchased commodity, that would make this sort of crime difficult, but not impossible, to execute.

This attack represents an evolution of previously known attacks on payment systems, which have directly targeted the payment card data itself. With the global roll-out of improved protections (chip & pin), we expect to see continued innovation by criminal elements getting financial benefit from fraudulent access to payment systems.

Meanwhile, it is possible this type of cyber-enabled crime will constitute an emerging threat globally during 2018.