Skip to Content
Security & privacy

ATM “jackpotting” scam hits the U.S.

If you think ATM skimmers are bad enough, there’s another hacking threat that can potentially hit banks across the country and drain cash off ATMs.

This week, the U.S. Secret Service has started issuing warnings against an ATM attack known as “jackpotting.” This hacking technique involves thieves installing malware on an ATM to force it to spit out cash on demand.

Jackpotting attacks are already widespread in Europe, Asia and Mexico but this is the first time they have been spotted in the U.S.

According to security website Krebs on Security, the U.S. Secret Service sent out an alert to multiple financial institutions about potential jackpotting attacks on targeted stand-alone ATMs that are “routinely located in pharmacies, big-box retailers, and drive-thru ATMs.”

And it looks like the jackpotting attacks are spreading fast. At least six attacks have already been reported this week across the U.S. with thieves stealing over $1 million so far.

How ATM jackpotting works

Here’s how an ATM jackpotting attack is done.

Thieves first have to figure out a way to gain physical access to an ATM either by picking its locks, duplicating a master key or by removing or destroying part of the machine. Models with front-facing panels are common targets since they’re easier to access.

The thieves then use a medical endoscope to locate the internal port of the ATM that will allow them to connect and sync their own laptops loaded with a mirror image of the ATMs’ operating system.

At this point, they either replace ATMs’ hard drive with their own or infect the operating system with a malware known as Ploutus.D.

Once the malware is deployed, they can now remotely control the ATM and force it to spit out cash on demand while appearing to be out of service.

The criminals usually pose as ATM technicians during the entire procedure to avoid suspicion.

XP machines are vulnerable!

Here’s a plot twist you will not appreciate. The Secret Service also warned that ATMs that are still running Windows XP are “particularly vulnerable” to Ploutus.D.

You heard that right. Many ATMs around the globe are still on good old Windows XP, an operating system that Microsoft ended support for in 2014.

This means these ATM systems are no longer getting the all-important security patches and updates, leaving them extremely vulnerable to hacking attacks.

To defeat malware like Ploutus.D and jackpotting attacks, the Secret Service urges ATM operators to update their software to a version of Windows 7.

It’s been four years since XP was retired, you would think they would’ve done it by now, right?

In other news, this online banking glitch is double billing customer accounts

Online banking makes it much easier to keep track of deposits, withdrawals and bill payments. But like anything else, problems can pop up and when it comes to your finances, even small issues can have a big impact. Click here to read more about this banking glitch that’s double billing customers!

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me