Hacking an ATM machine has become easy as instructions can be found on the internet, says a security expert.
"It's now terribly easy to hack an ATM machine," says Prinya Hom-Anek, Thailand Information Security Association's vice-president. "You can find instructions on YouTube."
More valuable pieces of information are commonly traded -- or put up for sale -- among hackers on the dark web.
- Closing the barn door: NBTC demands cybersecurity centre
- See also: Police chase 'European gang'
- Earlier report: Foreign thieves have fled the country
The ATM hacking methods shared online truly work, Mr Prinya added. Criminals use "malware", a malicious software, which they introduce to the ATM's computer system to give them full access and authority over the machine.
"In a way, the hackers become administrators of the ATM's computer," he explained. "They can order it to perform any tasks, including spilling out banknotes."
Only a month after criminals made off with the equivalent of US$2.2 million (76 million baht) in a major ATM theft in Taiwan, the Government Savings Bank (GSB) revealed on Tuesday it had fallen victim to a similar attack.
Prinya: Instructions available on YouTube
According to reports, security experts agree ATM fraud is on the rise globally. Last May in Japan, fraudsters used counterfeit credit cards to withdraw ¥1.4 billion ($13 million), through 14,000 transactions from ATMs at convenience stores, over the course of three hours.
Criminals need to be present at the ATM's location and will commonly use a USB key to introduce the malware into the machine. In other cases, hackers use dummy credit cards to withdraw cash, as the computer is fooled into believing the card matches a made-up account belonging to a non-existent customer.
This method is different from old-fashioned ones, where account numbers and PIN codes of real customers were captured and money withdrawn from their accounts.
"In more recent attacks, criminals don't mess with individual bank accounts. Your money has not been touched," he said.
An ATM is similar to a safe, with money stacked inside, waiting to be withdrawn by customers. Criminals take from the stack itself, Mr Prinya said.
GSB president Chartchai Payuhanaveechai said his bank was targeted rather than its customers, and the 12 million baht that was stolen was cash in the machines.
As hacking tools and methods can be widely shared through social media and on dedicated platforms, Mr Prinya argued that banks should improve the physical security of their ATM machines.
The ATMs targeted were stand-alone ones, he added. Because criminals must be physically present to install the malware and withdraw the cash, better surveillance could be effective, he said.