Example of phishing email used in a social engineering cyber attack

From Hoax to Hack: When Panic Is the Payload

/ Blog

In the age of digital banking, misinformation can spread like wildfire, particularly when it relates to people’s finances. A key example is the “Dance of the Hillary”, a well-known internet hoax that has been circulating periodically on social media for several years, claiming that a video by the same name contains a dangerous virus.

A recent example of this occurred in Pakistan, with a message circulating about ATMs being shut down in the country due to ransomware. This rumour falsely claimed that a malicious software named “Tasksche.exe” was disabling banking infrastructure across the country.

While these digital claims were not true, the consequences of such hoaxes can have serious real-world consequences. These rumours, even when false, can trigger panic behaviour, causing people to withdraw cash even when they do not need it, and driving them to potentially compromised ATM devices. This not only puts stress on the banking system, but paradoxically, it increases the public’s exposure to the very risks they’re trying to avoid.

Cybercriminals are becoming increasingly sophisticated, targeting not only the physical infrastructure of ATMs but also manipulating public perception to amplify disruption and maximise their financial gain.

When People Flee to ATMs

The link between fear and mass financial behaviour isn’t theoretical. History offers several instances where fear—whether stemming from misinformation, abrupt policy changes, or economic instability—has led to mass ATM withdrawals, disrupting financial systems and public trust.

Examples include:

  • The Iberian Blackout (April 2025): A major power outage swept across parts of Spain and Portugal, sparking widespread speculation that a cyberattack might have been behind the disruption. During the blackout, cash was the only reliable means of transaction, heightening public anxiety and driving a surge in withdrawals in the days that followed.
  • India’s Demonetization (November 2016): The Indian government abruptly announced that ₹500 and ₹1,000 banknotes—making up approximately 86% of the country’s cash in circulation—would no longer be legal tender. The move was intended to combat black money and counterfeit currency, but it triggered widespread disruption, shut down ATMs and severe cash shortages.
  • Cyprus Banking Crisis (March 2013): As part of a €10 billion bailout agreement, the Cypriot government announced a one-time levy on bank deposits—6.75% on balances under €100,000 and 9.9% on larger sums. The unprecedented measure sparked public outrage and triggered a run on ATMs, many of which were emptied over the weekend.
  • Argentina’s ‘Corralito’ (December 2001): Amid a deepening economic crisis, the Argentine government introduced strict banking restrictions, limiting cash withdrawals to $250 per week. However, the move triggered widespread panic, sparking mass protests and a sharp decline in public trust toward the banking system.

When Hoaxes Become Attack Vectors

ATM-related hoaxes, even when fake, can be extremely dangerous. They can serve as attack vectors in themselves, leveraging psychology rather than code. The impact of a well-timed misinformation campaign could:

  • Direct people to specific locations with infected or compromised machines.
  • Exploit fear to drive unnecessary ATM usage, maximizing the effectiveness of skimming attacks.
  • Drain ATM cash reserves, disrupting small businesses and local economies.
  • Increase the frequency of cash replenishment operations, putting cash-in-transit vehicles on the road more often and increasing the risk of physical attacks on money trucks.
  • Reduce ATM availability, due to unscheduled maintenance or replenishment tasks.
  • Trigger broader distrust in financial institutions, digital payments, or national infrastructure.

The hoax tactic flips traditional cyberattack strategies on their head. Instead of trying to act quietly in the background of financial technology, it relies on mass attention and panic to lure the public directly to compromised systems. It doesn’t matter whether the technical claims are true — what matters is that people believe them enough to act.

We often speak about cyber resilience in terms of firewalls and incident response plans, but the human element remains the most volatile. In today’s cyber wars, Orwell’s 1984 plays out—where manipulating belief is the ultimate exploit.

Zero Trust as the First Line of Defense

To protect critical infrastructure like ATM networks, we must expand our definition of cybersecurity. It’s not just about code, servers, or protocols, but also about emotions and social behaviour. Today, misinformation itself can be weaponized and defending against it requires dedicated vigilance at every layer.

At Auriga, we enforce the Zero Trust principle on ATM protection: Never trust, always verify. The best way to protect systems is to assume that threats can come from anywhere, even from inside the perimeter. In the same way that we don’t allow unauthorized code to execute on an ATM, we shouldn’t allow unverified claims to drive our behaviour.

With this in mind, as a society and as consumers, we must treat misinformation as a threat to operational and social security and encourage people to trace information back to its source and question if it can be trusted. As businesses, governments and banks, we must monitor public sentiment and rumour propagation during incidents or outages, providing clarity and truth where needed. As part of this communication, educating and encouraging people to apply their own kind of Zero Trust mindset to the information they receive is essential, especially when it demands urgent action.