Earlier in the week, we wrote about how the largest credit union in Alabama, Redstone Federal Credit Union(REDFCU) , was the target of a cyber incident in which members reported fraudulent charges from Walmart.com on their accounts. At the time of that article, REDFCU was quite secretive about what happened, but finally, later in the week, the bank released information to a local news outlet in Huntsville that the attack was the result of a Bank Identification Number (BIN) attack.
Brief Information About BIN attacks:
Every credit card has six digits at the beginning of the card that are tied to a specific bank. When attackers obtain those six digits, which are the same digits for thousands of customers, they can then utilize software programs to brute-force the remaining digits along with accompanying CVV security codes and expiration dates. The threat actors might then use another tool to push out these generated credit card numbers, expiration dates, and CVV security codes, among thousands of different online matches in hopes that they will get a match and successfully scam unsuspecting bank customers.
In the case of REDFCU, it appears that these threat actors were plugging in the numbers to Walmart.com until they got the right combinations to make the illegal transactions. It might seem surprising that the threat actors targeted large American retailer such as Walmart.com but you have to think about the sheer amount of transactions that go through Walmart.com on a everyday basis. A bank is much more likely to not suspect transactions at Walmart as opposed to large transactions at a small business eCommerce website.
What to do if you are a BIN attack victim:
First, reach out to your financial institution immediately so that you don’t make those transactions! The sooner that you make contact with your financial institution then the better that you have a chance to get your money back.
Second, cancel your card and request a new one. That card is compromised! Once those greedy scammers realize that the card worked they will keep trying it again and again at various different merchants till they drain your bank account dry!
Third, consider making a police report in your jurisdiction. Those scammers may live thousands of miles away from you but that does not mean that you cannot make a police report. In addition, this might also help you with getting the money back.
Conclusion
I am happy to see that the members from REDFCU were all able to get their money back from these awful scammers. Stay safe and be vigilant!
Leave a Reply