The Federal Bureau of Investigation is alerting banks that cybercriminals are preparing a coordinated fraud scheme known as an "ATM cash-out."
The agency warns millions of dollars could be swiped from ATMs around the globe in a matter of hours, according to the respected security blog Krebs on Security.
The scammers could strike within days, according ton a confidential FBI alert sent to banks on Friday, Krebs reported.
The scam could involve an "unlimited operation," which is when malware is used to access bank customer card information. The hackers then delete fraud controls, such as limits on ATM withdrawal amounts, which allows for large-scale theft, according to Krebs. Account balances and security measures can also be altered to make an unlimited amount of cash available to the scammers.
"The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores," the FBI warning stated, according to Krebs. "At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards."
Virtually all ATM cash-out operations take place on weekends, often after banks close for business on Saturday, Krebs said. The breaches tend to target small-to-medium size banks that might have less robust security measures in place than larger counterparts.
The National Bank of Blacksburg reportedly lost $2.4 million to Russian hackers in two separate ATM cash-outs that took place in May 2016 and January 2017. The two incidents involved weekend-long sprees in which hundreds of ATMs were used to plunder accounts.
The regional bank, which has 25 offices in southwest Virginia, is suing two insurers for only offering to reimburse $50,000 of the lost funds, according to a lawsuit filed in June, the Roanoke Times reported.