FBI alert: Banks could lose millions of dollars in a major ATM scam

The US’s Federal Bureau of Investigation (FBI) has warned that banks could lose millions of dollars to cybercriminals through cash machines in a highly-coordinated global fraud scheme (ATM scam) that could happen this weekend.

The fraud scheme, which has been staged globally by the criminals, will involve the use of dummy cards, also known as “blanks,” to cash out millions of dollars within a few hours and will also feature hacking of a bank or payment card processor around the world, reports Krebs On Security.

“The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” said a confidential FBI alert to banks on Friday.

The global ATM scam: what makes it an ‘unlimited operation’

The hackers plan to deploy a malware that could compromise financial institution operations or automation processes such as a payment card processor. This control would grant the crooks access to exploit the bank’s network; access to card information of bank customers and also allow them to disable fraud controls

With a full control of all automation protocols, they would be able to coordinate the proposed large-scale fund theft from ATMs in just a few hours.

“The cybercriminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” said the FBI. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Between May 2016 and January 2017, an ‘unlimited operation’ was used by cybercriminals to cash out a total of $2.4 million in two separate ATM cash outs from accounts at the National Bank of Blacksburg, according to Krebs’ report last month.

In both attacks, the crooks succeeded in gaining access to the bank’s network and compromised its credit and debit system after phishing on someone working at the bank.

Any ATM attack would likely be on a weekend

The first attack [unlimited operation] against the National Bank of Blacksburg, which the attackers made away with almost $570,000, lasted for about three days. It began on Saturday (May 28, 2016) and ended on Monday, which was a federal holiday (Memorial Day) in the United States. That means the attackers are particularly interested in weekends when the banks are closed. The second attack against the bank also began on Saturday (January 2017) and ended on Monday. They succeeded in withdrawing about $2 million in another unlimited operation involving ATM cash out.

Tips from FBI on how to prevent the ATM scam

The FBI has advised financial institutions to review how they handle their security messages. Banks were advised to:

  • Implement two-factor authentication that involves a physical token and strong password requirements for business critical roles such withdrawals above the specified threshold.
  • Monitor for encrypted traffic traveling over non-standard ports
  • Deploy white-listing of application to block malware execution
  • Audit, limit and monitor business critical accounts that can modify critical features of account.
  • Monitor for the presence of administrative tools and remote access networks such as TeamViewer, Powershell, and cobalt strike.

Carrie Ann
Carrie Ann is Editor-in-Chief at Industry Leaders Magazine, based in Las Vegas. Carrie covers technology, trends, marketing, brands, productivity, and leadership. When she isn’t writing she prefers reading. She loves reading books and articles on business, economics, corporate law, luxury products, artificial intelligence, and latest technology. She’s keen on political discussions and shares an undying passion for gadgets. Follow Carrie Ann on Twitter, Facebook

Recent Posts

The chip shortage is a ‘short-term’ problems, says Elon Musk

The chip shortage is a ‘short-term’ problems, says Elon Musk

The CEO’s outlook is far more optimistic than other automotive industry leaders who believe it may last up to 2023-24.
10 hours ago
Supply chain crisis bad news for automotive industry leaders

Supply chain crisis bad news for automotive industry leaders

The world’s biggest car companies are on track to lose production of 7.7 million vehicles in 2021. The forecast advices automakers on supply chain and other issues.
3 days ago
Scammers dupe Apple fans with free bitcoin lure

Scammers dupe Apple fans with free bitcoin lure

Savvy scammers used a fake event stream, a fake Apple website, and the promise of free bitcoin to lure fans into opening up their wallets.
4 days ago
Japan’s MUFG offloads Union Bank to U.S. Bancorp for $7.3 billion

Japan’s MUFG offloads Union Bank to U.S. Bancorp for $7.3 billion

The total amount of cash to be received as part of MUFG Union Bank’s sale to Bancorp is $7.3 billion (800 billion yen).
5 days ago
Evergrande: A black swan event that could spook markets

Evergrande: A black swan event that could spook markets

EverGrande is now known as the “world’s most indebted property developer” and serves as a symbol of corporate excess.
6 days ago
Moderna vaccine more effective than Pfizer, study says

Moderna vaccine more effective than Pfizer, study says

Moderna’s Covid-19 vaccine does a slightly better job of preventing coronavirus-related hospitalizations and emergency department visits.
1 week ago