FBI alert: Banks could lose millions of dollars in a major ATM scam

The US’s Federal Bureau of Investigation (FBI) has warned that banks could lose millions of dollars to cybercriminals through cash machines in a highly-coordinated global fraud scheme (ATM scam) that could happen this weekend.

The fraud scheme, which has been staged globally by the criminals, will involve the use of dummy cards, also known as “blanks,” to cash out millions of dollars within a few hours and will also feature hacking of a bank or payment card processor around the world, reports Krebs On Security.

“The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” said a confidential FBI alert to banks on Friday.

The global ATM scam: what makes it an ‘unlimited operation’

The hackers plan to deploy a malware that could compromise financial institution operations or automation processes such as a payment card processor. This control would grant the crooks access to exploit the bank’s network; access to card information of bank customers and also allow them to disable fraud controls

With a full control of all automation protocols, they would be able to coordinate the proposed large-scale fund theft from ATMs in just a few hours.

“The cybercriminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” said the FBI. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Between May 2016 and January 2017, an ‘unlimited operation’ was used by cybercriminals to cash out a total of $2.4 million in two separate ATM cash outs from accounts at the National Bank of Blacksburg, according to Krebs’ report last month.

In both attacks, the crooks succeeded in gaining access to the bank’s network and compromised its credit and debit system after phishing on someone working at the bank.

Any ATM attack would likely be on a weekend

The first attack [unlimited operation] against the National Bank of Blacksburg, which the attackers made away with almost $570,000, lasted for about three days. It began on Saturday (May 28, 2016) and ended on Monday, which was a federal holiday (Memorial Day) in the United States. That means the attackers are particularly interested in weekends when the banks are closed. The second attack against the bank also began on Saturday (January 2017) and ended on Monday. They succeeded in withdrawing about $2 million in another unlimited operation involving ATM cash out.

Tips from FBI on how to prevent the ATM scam

The FBI has advised financial institutions to review how they handle their security messages. Banks were advised to:

  • Implement two-factor authentication that involves a physical token and strong password requirements for business critical roles such withdrawals above the specified threshold.
  • Monitor for encrypted traffic traveling over non-standard ports
  • Deploy white-listing of application to block malware execution
  • Audit, limit and monitor business critical accounts that can modify critical features of account.
  • Monitor for the presence of administrative tools and remote access networks such as TeamViewer, Powershell, and cobalt strike.

Carrie Ann
Carrie Ann is Editor-in-Chief at Industry Leaders Magazine, based in Las Vegas. Carrie covers technology, trends, marketing, brands, productivity, and leadership. When she isn’t writing she prefers reading. She loves reading books and articles on business, economics, corporate law, luxury products, artificial intelligence, and latest technology. She’s keen on political discussions and shares an undying passion for gadgets. Follow Carrie Ann on Twitter, Facebook

Recent Posts

Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

The Covid-19 pandemic ravaging the world for more than a year has forced companies and organizations to find viable solutions to keep the business going. Most found a solution in w
3 days ago
Meme stocks frenzy and 3 companies to follow

Meme stocks frenzy and 3 companies to follow

The doom and gloom about the stock market that has been predicted since the pandemic started has abated somewhat with the resilience shown by investors (helped by low-interest rate
3 days ago
US Space Force allows repurposed SpaceX rocket to launch GPS satellite

US Space Force allows repurposed SpaceX rocket to launch GPS satellite

A GPS navigation satellite built by Lockheed Martin is set to ride a reused SpaceX booster on a launch from Cape Canaveral, Florida, Thursday. It will be the first time a military
3 days ago
Disney boss says 40 pc ad revenue went to streaming sites, no plans of ad supported Disney+

Disney boss says 40 pc ad revenue went to streaming sites, no plans of ad supported Disney+

Walt Disney CEO Bob Chapel says the company’s advertising revenue for the upcoming fall television season was strong and went up by “double-digits” compared to 2019.
5 days ago
BlackRock ETFs breach $3 trillion mark in May

BlackRock ETFs breach $3 trillion mark in May

BlackRocks’ exchange-traded fund crossed $3 trillion for the first time in May, in sync with the ETF industry’s race to an all-time high of $9 trillion.
5 days ago
Flagship Pioneering, investor in Moderna raises $3.4 billion funds

Flagship Pioneering, investor in Moderna raises $3.4 billion funds

Flagship Pioneering, the bioplatform company, and the venture capital investor in Moderna, today announced that it had raised additional funding of $2.23 billion, which brings its
6 days ago