There are dozens of different ways that scammers can literally rewire an ATM to access your financial information. It’s one of the secrets identity thieves definitely don’t want you to know. But physically modifying the machine carries some major risks—Namely, being arrested, because of the whole “doing sketchy things at a severely surveilled and secure location is a bad idea” thing.
But the traditional methods of getting pins and card numbers may no longer be needed, according to Gizmodo. Hackers are opting for a method that allows them to be at a safe distance from ATMs, giving them the opportunity for remote network-based attacks. (We already knew that hackers could target your cell phone to steal your information remotely.)
Trend Micro, an IT security company, addressed the ATM attacks in its latest cyber threat report:
“The criminals hack into the bank’s corporate network through ways as simple as phishing emails directed at the bank’s employees… then go on to perform lateral movement to identify and access other sub-networks, including the ATMs.”
However, plenty of banks are generally well-prepared for these types of attacks, and hacking into the network is no easy task.
“Normally, banks have a clear separation between their corporate network and that of the ATMs, with separate routing and firewalls or other defenses,” the report states. “Some banks do have a flat network, thus making the hackers’ lives much easier, but these tend to be a lot rarer.”
One of the reported instances mentioned in the report was the Taiwan Attack of 2016, which involved hackers using a remote device to get a series of ATMs to spew out $2 million worth of currency. Mask-clad thieves made off with the cash in backpacks. The report states that although neither the U.S. nor Canada has had attacks reported yet, the possibility is still very real. The researchers stated, “We believe this to be a new tendency that is probably going to consolidate in 2017 and beyond.”