Over the weekend, two ATM makers — NCR Corp. and Diebold Nixdorf — told clients they were contacted by the Secret Service about jackpotting attacks at unspecified ATMs in America.

While NCR’s ATMs reportedly haven’t been hit yet, Diebold’s have.

Most at risk are standalone ATMs typically found at pharmacies, big box retailers and drive-thru ATMs, according to the confidential Secret Service memo obtained by Krebs on Security.

Diebold has not yet disclosed how much money has been lost.

How the crime works

Jackpotting starts with a criminal gaining physical access to an ATM. The first step is to pry open the top hat compartment of the ATM by picking its locks, using a stolen master key or breaking part of the machine.

Then, the criminal inserts an endoscope — a medical device typically used by a doctor for internal examination — to find the area of the ATM where they can attach a cord to sync their laptop or mobile phone with the ATM’s computer.

“During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM,” the Secret Service noted.

Malware called “Plotus.D” is used in this crime and the results are dramatic: The money comes pouring out — 40 bills every 23 seconds — and quickly adds up to thousands of dollars in just minutes.

Money mules with large bags are sent to the ATMs separate from the fake technicians. Their goal is simply to catch the falling cash and make a quick getaway.

Once the dollar dump is done, the phony techs come back and remove their equipment from the drained ATM.

This attack seems to be limited to Opteva 500 and 700 series Dielbold ATMs that run Windows XP at this time. But cyber-security firm FireEye tells Krebs on Security that a simple tweak in the malware could open this threat up to some 40 different ATM vendors in 80 countries.

Basic ATM safety tips

While the jackpotting threat is targeted more at ATM operators than individuals, it’s a good time to reiterate some basic ATM safety tips:

• Never use an ATM that appears to have its top hatch broken or to be compromised in some other way
• Never put your card into the plastic slot if it seems loose or wiggly — that could be a sign of a skimmer on the ATM
• Always use one hand to cover the keypad as you enter your PIN
• Avoid independent ATMs — most ATM hacking crime happens at these machines, not bank-affiliated machines