The FBI is warning banks in the United States of a possible cybercrime heist called “ATM cash-out.” The “Unlimited Operation” heist is said to involve thieves swiping million of dollars by using bank or payment cards at cash machines around the world to withdraw money in a matter of hours. The FBI said the unlimited operation compromises a financial institution or payment card processor with malware in order to access bank customer card information, exploit network access, and enable large-scale theft of funds from ATMs.
These organized “cybercrime gangs” coordinate the unlimited attack by hacking or phishing their way into a payment card processor. Prior to exacting on the automated teller machines, intruders will remove any fraud controls at the financial institution, such as maximum ATM withdrawal amounts any limit on the number of customers ATM transaction daily.
Hackers can also alter account balances and any security measures to make an unlimited amount of money available at the time of a transaction, allowing large amounts of cash to quickly be withdrawn from the ATM. Through a statement the FBI warned,
“The cybercriminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores. At a predetermined time, the co-conspirators withdraw account funds from ATMs using these cards.”
Usually, virtual ATM cash-out operations launch on weekends, after financial institutions close for business on Saturday. Last month, KrebsOnSecurity had a financial breach after an unlimited operation was used to extract a total of $2.4 million from accounts at the National Bank of Blacksburg. There have been two ATM cashouts between May 2016 and January 2017. In both cases, the persistent cybercriminals managed to phish someone working at the Virginia bank, compromising systems the bank used to manage credit and debits to the customer account.
The 2016 unlimited operation against National Bank began on Sunday, May 28, 2016, and continued through Monday, which was Memorial Day. Since it is a federal holiday in the United States, the bank was closed for a total of two days after the heist began. The attacks managed to siphon over $570,000. The cybercriminals then struck again on Saturday, January 7, and by Monday, January 9, they had succeeded in withdrawing around $2 million in another unlimited ATM cash-out scheme.
The FBI has warned banks to review their security measures and asked them to implement strong passwords that require a two-factor authentication, using a digital or physical token if possible for local administrators and business critical roles.
As for your personal protection, in order to avoid phishing incidents and fraud schemes, the Federal Bureau of Investigation recommends always checking twice with your financial institution before any transaction you make. One of the most common ways hackers can obtain information by using emails or phone calls, pretending to be a reputable or familiar source. One might also want to avoid clicking on a link in a phishing email to avoid compromising your bank passwords. One also needs to be on the lookout for someone posing as the IRS or a bank that convince you to give up an answer to security questions. And of course, the most common and easiest way to protect yourself would be creating strong passwords, and use two-factor authentication when possible. You should also set up your online banking mobile notifications for fraud alerts, in order to monitor your account and activity. The way, you can keep an eye out for any unusual activity, and report it to the bank it that should happen.