FBI Warns Hackers Plotting Massive ATM ‘Cash Out’ On Labor Day Weekend
Imagine a scenario whereas cybercriminals empty your bank account within a matter of seconds.
Such a scenario may sound like that of a science fiction script plot, however, the FBI is issuing new warnings over exactly such a potential matter. The FBI claims to have valid concerns that cybercriminals plan to target small to medium sized banks and empty out customer accounts using ATM machines. According to cybersecurity blog, KrebsOnSecurity, the FBI sent a confidential memo titled, “ATM cashout,” to banks around the world to warn them of the potential scam.
The crime is said to be planned for a weekend day when banks are commonly not open and the entire “cashout” could be accomplished in less than a few hours, according to the memo. The cybercriminals want to target smaller and medium-sized banks due to less sophisticated security infrastructure. They also want to run the scam on a weekend when banks are closed as an extra layer for success.
The warning is likely related to the upcoming labor day holiday weekend which would give cybercriminals an additional day of bank closures to carry out a scam.
“The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” the memo, obtained by expert Brian Krebs, reportedly states.
Smaller scale “cashout” attacks have occurred. The National Bank of Blacksburg lost $2.4 million to such a scheme that utilized hundreds of United States ATM machines.
Thailand saw several hundred thousand dollars vanish from a state-run bank in 2016.
In other words, the scam has proven logistically sound and it is likely much larger “cashouts” are on the horizon.
The cybercriminals savvily disable withdraw limits set by banks for ATM users. This allows the criminals to completely empty the targeted bank accounts.
Banks around the country are being asked to examine their current security measures and raise awareness to the potential scam. The banks are being asked to deploy 2-factor-authorization on accounts, which commonly uses either the bank account holder’s phone number for texting codes or an app that exists on the bank account holder’s smartphone. Banks may additionally utilize whitelisting measures as a way to combat foreign targets.
While individual bank accounts in the United States are insured, additional and more stringent security measures could ramp up bank costs, which would likely be passed down to the account holders.
However, this is the modern cyber world and banks, as well as bank account holders, are always going to need to evolve their security applications.
Photo by the-specious
Author: Jim Satney
PrepForThat’s Editor and lead writer for political, survival, and weather categories.