FBI alert: Banks could lose millions of dollars in a major ATM scam

The US’s Federal Bureau of Investigation (FBI) has warned that banks could lose millions of dollars to cybercriminals through cash machines in a highly-coordinated global fraud scheme (ATM scam) that could happen this weekend.

The fraud scheme, which has been staged globally by the criminals, will involve the use of dummy cards, also known as “blanks,” to cash out millions of dollars within a few hours and will also feature hacking of a bank or payment card processor around the world, reports Krebs On Security.

“The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” said a confidential FBI alert to banks on Friday.

The global ATM scam: what makes it an ‘unlimited operation’

The hackers plan to deploy a malware that could compromise financial institution operations or automation processes such as a payment card processor. This control would grant the crooks access to exploit the bank’s network; access to card information of bank customers and also allow them to disable fraud controls

With a full control of all automation protocols, they would be able to coordinate the proposed large-scale fund theft from ATMs in just a few hours.

“The cybercriminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” said the FBI. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Between May 2016 and January 2017, an ‘unlimited operation’ was used by cybercriminals to cash out a total of $2.4 million in two separate ATM cash outs from accounts at the National Bank of Blacksburg, according to Krebs’ report last month.

In both attacks, the crooks succeeded in gaining access to the bank’s network and compromised its credit and debit system after phishing on someone working at the bank.

Any ATM attack would likely be on a weekend

The first attack [unlimited operation] against the National Bank of Blacksburg, which the attackers made away with almost $570,000, lasted for about three days. It began on Saturday (May 28, 2016) and ended on Monday, which was a federal holiday (Memorial Day) in the United States. That means the attackers are particularly interested in weekends when the banks are closed. The second attack against the bank also began on Saturday (January 2017) and ended on Monday. They succeeded in withdrawing about $2 million in another unlimited operation involving ATM cash out.

Tips from FBI on how to prevent the ATM scam

The FBI has advised financial institutions to review how they handle their security messages. Banks were advised to:

  • Implement two-factor authentication that involves a physical token and strong password requirements for business critical roles such withdrawals above the specified threshold.
  • Monitor for encrypted traffic traveling over non-standard ports
  • Deploy white-listing of application to block malware execution
  • Audit, limit and monitor business critical accounts that can modify critical features of account.
  • Monitor for the presence of administrative tools and remote access networks such as TeamViewer, Powershell, and cobalt strike.

Avatar
Carrie Ann
Carrie Ann is Editor-in-Chief at Industry Leaders Magazine, based in Las Vegas. Carrie covers technology, trends, marketing, brands, productivity, and leadership. When she isn’t writing she prefers reading. She loves reading books and articles on business, economics, corporate law, luxury products, artificial intelligence, and latest technology. She’s keen on political discussions and shares an undying passion for gadgets. Follow Carrie Ann on Twitter, Facebook & Google.

Recent Posts

FCC rejects petition to stay Ligado Network’s 5G rollout

FCC rejects petition to stay Ligado Network’s 5G rollout

The Federal Communications Commission rejected by a vote of 3-2 on Tuesday to freeze the rollout of Ligado Networks’ nationwide mobile bro...
17 hours ago
Oil prices rise on hopes of big stimulus money

Oil prices rise on hopes of big stimulus money

The crude oil prices showed an upswing with Brentwood going up to $56.08 a barrel and the US West Texas Intermediate crude oil selling at $5...
17 hours ago
Kia bags Apple Car production deal

Kia bags Apple Car production deal

Apple Inc.’s much-coveted Apple Car could be produced by Kia Corp. at the latter’s manufacturing facility in the United States. The Sout...
17 hours ago
Food Stocks to Lookout for in 2021

Food Stocks to Lookout for in 2021

The COVID-19 pandemic has seen a resurgence in recent weeks and talks of normalcy are still far away, even with the vaccinations. For invest...
2 days ago
Big Three Credit Agencies: Who are they?

Big Three Credit Agencies: Who are they?

Credit rating agencies are risk assessment firms that provide ratings on the creditworthiness of bonds and other debt instruments. Investor...
2 days ago
Pat Gelsinger takes over Intel, expected to focus on manufacturing and execution

Pat Gelsinger takes over Intel, expected to focus on manufacturing and execution

Pat Gelsinger, the ex-chief technology officer of Intel, will be taking over the reins at the chip-making tech company Intel on February 15 ...
2 days ago