The most common type of skimming attack is a hand-held skimmer device that copies the cardholder data when a customer’s card is processed. From there, the card details are duplicated to create so-called “white” cards. Skimming devices are placed over the ATM’s card-reader, to better disguise the skimmer. Pay-at-pump self-service petrol pumps also are susceptible to this type of attack. “Dummy” or fake ATMs are often purchased online and installed high-traffic areas.”]
Source: https://www.govinfosecurity.com/top-4-skimming-threats-a-3054