The FBI is warning banks about a fraud scheme called an ATM cash-out, Krebs on Security reports. With this type of heist, attackers typically compromise a bank or payment card processor with malware, disable fraud controls and withdraw large sums of money -- sometimes millions of dollars -- with cloned bank cards. The FBI reportedly sent an alert to banks last week. "The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an 'unlimited operation'," said the notice.
Once hackers gain access to a financial institution's system, often through phishing, they'll alter account balances as well as disable maximum ATM withdrawal amounts and transaction limits. That way, they can quickly take out large amounts of cash from ATMs with fraudulent bank cards made from stolen card data and gift cards.
Last month, Krebs on Security reported on two successful applications of this type of scheme. Hackers were able to steal around $2.4 million from The National Bank of Blacksburg through two ATM cash-outs in 2016 and 2017.
As part of the warning, the FBI is encouraging banks to institute more rigorous security measures such as stronger password requirements, two-factor authentication and more network monitoring.