The FBI has warned banks that ATMs will likely face a global attack by criminals in the “coming days.” The FBI was tipped off that these cybercriminals would hack payment card processors or banks and use ATMs all over the world to withdraw millions of dollars over the course of a few hours, as reported by cybersecurity blog Krebs on Security.

Krebs on Security says that the FBI shared a confidential alert with banks last Friday, stating, “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days.”

The criminals would compromise a bank or card processor with malware so that they gain access to bank users’ card numbers. They’d also use their access to alter ATM withdrawal limits and account balances, allowing them to withdraw as much money as each ATM possesses, according to Krebs on Security.

Small banks that are closed on weekends could be targets

Then, the criminals would send the card data to accomplices who would imprint the data onto reusable magnetic strip cards “such as gift cards purchased at retail stores,” the FBI wrote in its alert. At a coordinated time, the accomplices would withdraw funds from ATMs around the globe using these fake cards.

The timing would likely fall on a weekend, just when banks start closing. For instance, between 2016 and 2017, $2.4 million was pilfered from a bank in Virginia after hackers phished the bank system and withdrew cash from ATMs in two separate withdrawals, Krebs reported. The first withdrawal was timed during the Memorial Day holiday, and the second fell on a Saturday.

The FBI pointed out that previous attacks usually targeted “small-to-medium size financial institutions” that likely had smaller budgets, weaker cybersecurity, and perhaps third-party vendor vulnerabilities.

The alert continued, “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.” As security countermeasures, banks should be asking users for strong passwords and enabling two-factor authentication through a physical token (and not via SMS, which can easily be hijacked).