Chicago — Attorney General Lisa Madigan today alerted Illinois residents to an increased risk of unauthorized withdrawals on their accounts after banking regulators reported that hackers are circumventing controls on automated teller machines (ATMs) to make nearly unlimited withdrawals before banks can detect the fraud.
In recognition of Money Smart Week, Madigan is urging Illinois residents to be on the lookout for unauthorized withdrawals from their accounts in the wake of the disclosure, amid a series of massive data breaches at major U.S. companies including Target and Neiman Marcus.
“This recent wave of cyber attacks reinforces how important it is to monitor your accounts for unauthorized activity because it’s not a matter of if but when your financial accounts will be targeted by a criminal,” Madigan said.
Late last week, the Federal Financial Institutions Examination Council (FFIEC) reported the increase in cyber-attacks, disclosing that criminals have hacked bank websites and made large withdrawals from consumers’ accounts well before banks’ fraud alert systems recognize the unauthorized withdrawals.
The FFIEC said hackers have learned how to delete or alter pre-programmed algorithms set up by banks to alert them of ATM withdrawals that are out of the ordinary. The scam often starts via “phishing” attacks targeting bank employees. The scammers send phony but official-looking emails that include links to initiate a malware attack on the banks’ systems, allowing them to obtain employee login information that then enables them to access the banks’ ATM control panels. After the hackers alter the algorithms managing the ATM controls, they create fraudulent ATM cards with account information stolen from separate attacks, either using malware or scanning programs at retail sales registers or ATMs, according to the FFIEC.
Hackers attempt to make several withdrawals from the same account at multiple ATMs simultaneously so that the daily withdrawal limit is not detected until the money has already been withdrawn, and the hackers often schedule the withdrawals for holidays and weekends, according to the FFIEC, when extra sums are loaded into ATMs and banks’ monitoring is less active. In explaining the scope of the scams, the FFIEC cited a recent ATM attack that netted over $40 million in fraudulent withdrawals using only 12 debit card accounts.
Madigan offered the following tips to help Illinois residents detect and report unauthorized charges:
In recognition of Money Smart Week, organized annually by the Federal Reserve Bank of Chicago, Madigan’s office will be participating in two Money Smart Week Financial Regulators Fairs in Chicago and Springfield. The Springfield fair will be located in the Capitol’s north hall from 10 a.m. to 2 p.m. on Tuesday. Chicago’s fair will take place on the ground floor of the James R. Thompson Center from 10 a.m. to noon on Wednesday.
Madigan’s office will also participate in the following events related to Money Smart Week:
For more information on protecting your financial and personal information, visit Madigan’s website or contact her office’s Identity Theft Hotline at 1-866-999-5630.