U.S. regulators are warning banks to be on the lookout for a new cybersecurity threat to ATMs that allows thieves to make unlimited withdrawals.
The Federal Financial Institutions Examination Council on Thursday issued a notice saying a scam that's been dubbed by the Secret Service as "Unlimited Operations" has figured out a way to get around the caps set on ATMs.
The attacks are against ATM web-based control panels used by small and midsized banks, the agency says. Those control panels manage several things, including fraud alert settings and the amount of money that customers may withdraw from the ATM within a set time frame. Then, the attackers quickly withdraw large amounts of cash from the ATMs, often striking on weekends because ATMs tend to have more money on the weekends.
The agency's statement said one such attack was able to net more than $40 million, using just 12 debit card accounts.
If your account is one that is compromised, federal laws and regulations ensure that you'll get your money back. However, sometimes that takes time, and almost certainly is an inconvenience if your account is the one breached.
This latest alarm comes as banks across the country deal with Microsoft's April 8 cutoff of tech support for its Windows XP operating system, potentially leaving ATM systems more vulnerable to attacks.
Cybersecurity is becoming an increasingly big topic of discussion in the financial world, particularly since the massive Target data breach at the end of last year.
Not sick of hearing about security threats yet? Check out Bankrate's slideshow of 11 major data breaches that have stung U.S. consumers.
In other weird ATM news, police in Maine are investigating after an ATM in south Portland dispensed $37,000 in cash to a man who requested $140, according to a story from The Associated Press. The money was returned to the bank, and the bank is referring to the issue as a "code error," but police are still investigating.
And follow me on Twitter: @allisonsross.