BANKS and other financial institutions in Bahrain have been warned of a highly co-ordinated attack being planned on ATMs around the world in the coming days.
The Central Bank of Bahrain, the nation’s financial regulator, has instructed all retail banks, financing companies and other entities in the kingdom to inform customers about the possibility of cyber criminals carrying out a sophisticated scheme using malware to access personal bank card information.
The heist, known as an “ATM cash out”, is aimed at stealing millions of dollars from bank accounts worldwide.
The CBB advisory on Wednesday follows a global alert issued by the Federal Bureau of Investigation (FBI) to banks privately last Friday, urging them to keep their security software up-to-date and introduce stronger protection to prevent similar attacks in the future.
Some banks in Bahrain sent messages to their customers yesterday warning them against disclosing details of their accounts, cards and PIN to anyone and check the messages received from the bank.
Phishing
“Be aware: To avoid possible fraud and financial losses, please do not respond to any phishing messages by phone calls, SMS or other electronic channels. Kindly review the SMS received from the bank and ensure the accuracy of your withdrawal transactions. Do not share your personal information, identity number or your PIN to any unknown party,” said one.
“NEW ALERT: To avoid financial losses, ensure the correctness of all transactional SMS messages received from the bank and review your account statement regularly to avoid fraud attempts. Never disclose your account, card, and PIN details to anyone,” said another.
A day after the FBI alert, last Saturday, hackers with suspected links to North Korea siphoned off more than $13 million from Cosmos Bank in India, after infecting the bank’s system with malware that allowed them to carry out transactions using cloned cards.
According to media reports, fake cards were used to withdraw money through 14,800 ATM transactions across 28 countries.
The fraudulent transactions were carried out last Saturday and on Monday, following which, according to bank chairman Milind Kale, the money was transferred to Hong Kong.
He said 450 international Visa debit cards were used in two hours to conduct 12,000 transactions at ATMs in India and other locations across 12 countries last Saturday.
The modus operandi of the heist apparently involves creating fraudulent copies of debit and credit cards by sending the stolen data to the masterminds, who then transfer it to a reusable card with a magnetic stripe.
The GDN has secured a copy of the advisory sent out by CBB banking supervision executive director Khalid Hamad.
In the letter, he has urged institutions to “notify customers to be vigilant about the authenticity of short messages (SMS) received regarding withdrawals from bank accounts through ATMs or other electronic means and the use of credit, charge or pre-paid cards”.
He also called on banks to alert their customers not to respond to phishing messages, whether verbal or electronic, seeking account or card details.
Mr Hamad also urged all licensees to ensure the card processors and relevant personnel concerned are made aware of the alert.
“Other precautions against cyber attacks and necessary controls arising from above must also be revisited,” said the letter.
The Interior Ministry has also sent out text messages to the public to be aware of different frauds including related to banking and report them at 992.
sandy@gdn.com.bh
&uuid=(email))