x
Breaking News
More () »

How to defend yourself from ATM cash-out heist threat

The FBI has warned banks in the U.S. of an impending cybercrime in which thieves seek to swipe millions of dollars by using cloned ATM cards.
Credit: JEAN-SEBASTIEN EVRARD
A man uses an automated teller machine (ATM). (JEAN-SEBASTIEN EVRARD/AFP/Getty Images)

Consumers can be the front line of defense to prevent cybercriminals from committing multi-faceted heists called ATM cash-outs, where thieves simultaneously withdraw millions from scores of banks.

ATM cash-out schemes are nothing new – they've occurred for a decade or longer – but have become a focus again after the Federal Bureau of Investigation issued an alert to banks last week about a new impending global threat.

An operation in which India's Cosmos Bank lost about $13.5 million (944 million rupees) in a wave of synchronized withdrawals across 28 countries last weekend fits the criteria, but institutions can never truly lower their guard.

Bank customers can help by notifying their bank if something has gone wrong with their own accounts, said Ryan Kalember, senior vice president for cybersecurity strategy at Proofpoint, a security firm headquartered in Sunnyvale, California.

Organized crime gangs attempt to pull off an ATM cash-out by defrauding a bank or financial institution on multiple levels. First, cyber criminals find an in-road into the company so they can manipulate ATM transaction monitoring programs.

Next, they create fake bank cards by using data from the infiltration and, at a pre-determined time, deploy people to use the fake cards at scores of ATMs, while simultaneously lowering the institution's defenses to allow the transactions.

While banks deploy sophisticated cybersecurity measures, the coordinated attacks are engineered on several levels and typically focus on a weak link in banking systems: employees.

"If you can find the right person in the bank who has access to a particular system ... you just have to target that specific person, understand how they work, understand what they are likely to click on and then trick them into doing that," Kalember said.

Once the cybercriminals have the opening into the bank's systems, they use malware and other hacking efforts to gain the necessary controls.

When the time comes to commit the heist, "they instruct the foot soldiers who have all those cloned cards to start hitting the ATM machines, and they take down the (bank's) velocity and volume controls so they are able to withdraw a lot of money in a short amount of time," said Ron Schlecht, founder and managing partner of BTB Security, a cybersecurity consulting and monitoring firm with offices in Philadelphia, Chicago and Austin, Texas.

Schlecht expects these coordinated attacks that involve cybersecurity breaches and action in the real world are "going to continue to happen," he said. But consumers can help out.

For starters, close any accounts you don't need or don't access regularly. Cyber attackers target accounts with low activity levels when they have infiltrated a bank's network and may transfer the account information to the fake ATM cards.

Also, regularly check your bank accounts for unusual activity, such as a transfer to a prepaid debit card.

If any emails arrive from your bank that seem out of the ordinary, do not click on them. Instead, go to your bank's website and log in for messages there. Use two-factor authentication – where you confirm your identity with a one-time code, often sent via text – and if your bank doesn't offer that, "you should ask them to," Kalember said.

Should you be unlikely enough to get caught up in such a heist, the FDIC protects your account, "but an attack like this can certainly be disruptive," he said.

Consumers will pay more in banking fees as institutions absorb the losses and cybersecurity costs.

"This type of fraud scheme does trickle down and eventually affects all of us," Schlecht said.

Follow USA TODAY reporter Mike Snider on Twitter: @MikeSnider.

Before You Leave, Check This Out