Cyber attacks against banks that use web-based ATM control panels are on the rise, according to a warning alert from a federal banking watchdog.
The alert by the Federal Financial Institutions Examination Council says that thieves are targeting “small-to-medium-sized institutions” and changing the controls on ATMs to enable the theft of practically unlimited withdrawals. The vast potential of the scheme has earned it the moniker “Unlimited Operations” from the Secret Service.
The statement released by the FFIEC revealed that one recent attack netted hackers more than $40 million with the use of just 12 debit card accounts. The thieves typically begin the scam by “sending phishing emails to employees at financial institutions,” according to the alert. Once malware has been installed on the bank’s network, the hackers change settings and gain access to the ATM control panels, enabling the withdrawal of huge sums. The “cash-out” phase of the attack takes place quickly, usually lasting somewhere between four hours and two days.
Regulators have asked that banks conduct ongoing information security risk assessments, add additional layers of security and take other measures to prevent against further attacks.
More Must-Reads from TIME
- Donald Trump Is TIME's 2024 Person of the Year
- Why We Chose Trump as Person of the Year
- Is Intermittent Fasting Good or Bad for You?
- The 100 Must-Read Books of 2024
- The 20 Best Christmas TV Episodes
- Column: If Optimism Feels Ridiculous Now, Try Hope
- The Future of Climate Action Is Trade Policy
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com