The FBI has warned banks about a fraud scheme called the ATM cash-out, reported by Krebs on security. Attackers withdraw large amount of money by compromising a bank or payment card processor with malware and disable fraud controls. The FBI reportedly sent an alert to banks last week. “The FBI has obtained unspecified reporting indicating cyber-criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” said the notice.
Once the financial institution’s system is hacked, often through phishing, they’ll then alter account balances as well as disable maximum ATM withdrawal amounts and transaction limits. this, in turn, allows them to quickly take out large amounts of money from ATMs with fraudulent bank cards made from stolen card data and gift cards.
Last month, it was reported by Krebs on Security there were two successful applications of this type of scheme. Around $2.4 million was stolen by Hackers from the National Bank through two ATM cash-outs in 2016 and 2017.
FBI is now encouraging banks to enforce strict measures such as stronger password requirements, more networking monitoring, and two-factor authentications.