Cybercriminals spoofed Tampa Bay Federal Credit Union members’ debit cards

• Attackers generated fake debit cards using Tampa Bay Federal Credit Union’s Bank Identification Numbers (BIN).
• Attackers used software from the dark web to attach the BIN numbers to actual account holder’s debit cards.

Recently, Tampa Bay Credit Union members had their debit card information spoofed by cybercriminals. The attackers generated fake debit cards using Tampa Bay Federal Credit Union’s Bank Identification Numbers (BIN).

Bank Identification Number (BIN), also known as Issuer Identification Number (IIN) is the first six digits on a debit card. The attackers used this information to spoof users’ debit cards.

What happened?

Attackers identified Tempa Bay Federal Credit Union’s BIN numbers and used these numbers to create fake debit cards. Later, the attackers used software from the dark web to attach the BIN numbers to actual bank account holder’s debit cards.

The threat actors without having any other card information or account holders’ personal information other than BIN numbers, successfully spoofed thousands of customers’ debit cards using sophisticated software.

“This was a situation where the “bad guys” tried using sophisticated software to perpetrate fraud without having any other card or personal information needed to be successful,” Tampa Bay Federal Credit Union said in a statement, SC Magazine reported.

Tampa Bay Federal Credit Union confirmed that its customers did not incur any loss. “No Tampa Bay Federal Credit Union member incurred any loss from the attempted transactions,” the financial institution said.

However, this card spoofing attack led to thousands of customers canceling their cards, causing backups for those awaiting new cards to be issued. It is also believed that the attack is from threat actors operating out of Australia.