In a highly organized and orchestrated attack, money mules across the world cashed out prepaid debit cards withdrawing millions of dollars from ATMs after sophisticated hackers first increased or removed daily withdrawal amount limits on these cards.
The first wave of attack occurred on Christmas Eve, a time when most are not working and suspicious activities are more likely to stay under the radar. An organized fraud ring with money mules in different countries and regions provided the mules with re-loadable prepaid debit card accounts they gained access to for making the withdrawals. Although only a small number of prepaid debit cards were used, the group was able to steal $9 million dollars through thousands of withdrawals over an attack that lasted a few hours on Christmas Eve.
Leading members of the fraud ring were able to maximize the amount of money the mules could withdraw on the cards after hacking into card issuer authorization systems. According to a warning from Visa detailing the attacks, the hackers were able to manipulate card balances, daily withdrawal amount limits and other parameters. This enabled the money mules to continually withdraw large sums of money without triggering blocks or alerts. In some instances the money mules were able to withdraw more than $500,000 on a single prepaid debit card in less than 24 hours.
After their first cash-out attack for $11 million, the fraud ring then executed another attack just before New Year’s Eve, this time stealing about $2 million and attacking an Indian card network. After this second attack Visa sent a warning to card issuers, and Brian Krebs posted this warning letter on his blog, Krebsonsecurity.com. At this time it has not been disclosed which prepaid debit card issuer or issuers were affected in the first attack, or how the hackers gained access to the systems to manipulate the balances and withdrawal limits for the general purpose re-loadable cards. But this attack demonstrates the sophistication and planning that fraud rings are capable of for their organized attacks as this scheme required technical expertise to gain access to and manipulate the prepaid card systems in addition to managing a network of money mules to orchestrate the coordinated attack.
For more information: