If you're not keeping a careful eye on your checking account transactions, now's the time to start. Banking regulators say hackers are finding new wants to make nearly unlimited withdrawals from ATMs before banks detect the fraud.
“This recent wave of cyber attacks reinforces how important it is to monitor your accounts for unauthorized activity because it’s not a matter of if but when your financial accounts will be targeted by a criminal,” Illinois Attorney General Lisa Madigan said.
Regulators and law enforcement agencies are urging consumers to pay attention and be on the lookout for unauthorized withdrawals following the ATM warnings and the recent series of massive data breaches at major U.S. companies including Target and Neiman Marcus.
Late last week, the Federal Financial Institutions Examination Council (FFIEC) reported the increase in cyber-attacks, disclosing that criminals have hacked bank websites and made large withdrawals from consumers’ accounts well before banks’ fraud alert systems recognize that anything is wrong.
The FFIEC said hackers have learned how to delete or alter pre-programmed algorithms set up by banks to alert them of ATM withdrawals that are out of the ordinary.
The scam often starts via “phishing” attacks targeting bank employees. The scammers send phony but official-looking emails that include links to initiate a malware attack on the banks’ systems, allowing them to obtain employee login information that then enables them to access the banks’ ATM control panels.
After the hackers alter the algorithms managing the ATM controls, they create fraudulent ATM cards with account information stolen from separate attacks, either using malware or scanning programs at retail sales registers or ATMs, according to the FFIEC.
Hackers attempt to make several withdrawals from the same account at multiple ATMs simultaneously so that the daily withdrawal limit is not detected until the money has already been withdrawn, and the hackers often schedule the withdrawals for holidays and weekends, according to the FFIEC, when extra sums are loaded into ATMs and banks’ monitoring is less active.
In explaining the scope of the scams, the FFIEC cited a recent ATM attack that netted over $40 million in fraudulent withdrawals using only 12 debit card accounts.
Madigan offered the following tips to help detect and report unauthorized charges:
- Monitor bank and credit card accounts daily online and billing statements every month. Contest unauthorized charges immediately over the phone and in writing.
- Set up an alert on your account to receive notification when your credit or debit card is used over and above a certain dollar figure. Many banks offer this feature as a “transaction alert.”
- Beware of callers who claim to be with your card issuing bank. These calls may be a scam. You should contact your bank first at the toll-free number on the back of your card before disclosing any personal information.