Be wary of ATM fraud

Attorney General Lisa Madigan today alerted Illinois residents to an increased risk of unauthorized withdrawals on their accounts after banking regulators reported that hackers are circumventing controls on automated teller machines (ATMs) to make nearly unlimited withdrawals before banks can detect the fraud.

In recognition of Money Smart Week, Madigan is urging Illinois residents to be on the lookout for unauthorized withdrawals from their accounts in the wake of the disclosure, amid a series of massive data breaches at major U.S. companies including Target and Neiman Marcus.

“This recent wave of cyber attacks reinforces how important it is to monitor your accounts for unauthorized activity because it’s not a matter of if but when your financial accounts will be targeted by a criminal,” Madigan said.

Late last week, the Federal Financial Institutions Examination Council (FFIEC) reported the increase in cyber-attacks, disclosing that criminals have hacked bank websites and made large withdrawals from consumers’ accounts well before banks’ fraud alert systems recognize the unauthorized withdrawals.

The FFIEC said hackers have learned how to delete or alter pre-programmed algorithms set up by banks to alert them of ATM withdrawals that are out of the ordinary. The scam often starts via “phishing” attacks targeting bank employees. The scammers send phony but official-looking emails that include links to initiate a malware attack on the banks’ systems, allowing them to obtain employee login information that then enables them to access the banks’ ATM control panels. After the hackers alter the algorithms managing the ATM controls, they create fraudulent ATM cards with account information stolen from separate attacks, either using malware or scanning programs at retail sales registers or ATMs, according to the FFIEC. 

Hackers attempt to make several withdrawals from the same account at multiple ATMs simultaneously so that the daily withdrawal limit is not detected until the money has already been withdrawn, and the hackers often schedule the withdrawals for holidays and weekends, according to the FFIEC, when extra sums are loaded into ATMs and banks’ monitoring is less active. In explaining the scope of the scams, the FFIEC cited a recent ATM attack that netted over $40 million in fraudulent withdrawals using only 12 debit card accounts.

Madigan offered the following tips to help Illinois residents detect and report unauthorized charges:

Monitor bank and credit card accounts daily online and billing statements every month. Contest unauthorized charges immediately over the phone and in writing.

Set up an alert on your account to receive notification when your credit or debit card is used over and above a certain dollar figure.

Many banks offer this feature as a “transaction alert.”

Beware of callers who claim to be with your card issuing bank. These calls may be a scam. You should contact your bank first at the toll-free number on the back of your card before disclosing any personal information.