Corporate Account Takeover
Corporate Account Takeover occurs when a cyber criminal, with the help of malicious software (“malware”), steals online banking credentials from a business’s unsuspecting employees and uses them to extract funds from corporate accounts. Once the hackers have successfully logged into the company’s online banking account, they can quickly transmit requests for funds transfers that could lead to significant losses for the company. CATO can be thought of as corporate identity theft, where the identity being stolen offers substantial rewards to the criminals responsible.
A network compromise can occur quickly, and is highly dependent on a business’s internal network security structure. It generally begins when an employee opens an attachment in a compromised e-mail, accepts a fake friend request through a social networking site, or visits a compromised website designed to look legitimate by the criminal. When a breach occurs it may go undetected by the company’s employees or management and once infected, the malware can sit undetected in the background collecting data and allowing the fraudster to track employee activity within the company’s network. Where cyber criminals once attacked mostly large corporations, they have now begun to target municipalities, smaller businesses, and non-profit organizations. Stringent computer and internal security controls must be in place to protect against unauthorized access to a company’s bank accounts.
Protect, Detect, and Respond
Provided below are a few steps which can help you mitigate the risk from online theft.
- Educate all of your staff on this type of fraud scheme – Don’t respond to or open attachments or click on links in unsolicited e-mails. If a message appears to be from Tolleson, or any other financial institution, and requests account information, do not use any of the links provided. Please contact the institution using contact information from your account documents, or other trustworthy sources only. Do not use any of the contact information provided in the suspect message. Clicking on links or downloading attachments included in unexpected e-mails could expose your computer network to malware infection and put your confidential information at risk.
- Tolleson will never request client passwords, or other sensitive information via e-mail, nor will other reputable companies (such as agencies of federal, state and local government, the Better Business Bureau, etc.). If you or any of your staff receive such requests, contact the sender directly by phone using contact information you know to be valid. Phone calls, text messages and e-mails requesting sensitive information are likely fraudulent. Also beware of pop-up messages claiming that your computer is infected and offering a free or low cost download of security software to fix the problem. This is a common hoax; and common delivery method for malicious software.
- Create a strong culture of security for your computer systems and networks – Protecting against this type of fraud requires awareness in the minds of all employees that your bank account information, access credentials to online banking and other software applications, and customer or client personal information, are of the highest value. If at all possible, consider performing all online banking and other payment functions from a dedicated computer that is not used for any other online activity. In addition:
Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. These programs should be set to scan your desktop computer systems throughout the day and provide for automatic updates. Waiting to perform such scans to once a week or once a month could cause a problem to go undetected.
Install routers and firewalls to prevent unauthorized access to your computer or network and maintain a policy of periodic password changes.
Install security updates to operating systems and all applications, as they become available. These updates may appear weekly, monthly, or even daily for zero-day attacks.
Consider disabling all USB ports or other external disk drives on the computers used for financial transactions.
Keep operating systems, browsers, and all other software and hardware up-to-date.
Make regular backup copies of system files and work files.
Encrypt sensitive folders with the operating system’s native encryption capabilities. Preferably, use a whole disk encryption solution.
Do not use public Internet access points (e.g., Internet cafes, public wi-fi hotspots (airports), etc.) to access accounts or personal information. If using such an access point, employ a Virtual Private Network (VPN).
- Enhance the security of your corporate banking protocols
Initiate ACH and wire transfers under dual control using two separate computers. For example: one person authorizes the creation of the payment file and a second person authorizes the release of the file from a different computer system. This helps ensure that one person does not have the access authority to perform both functions, add additional authority, or create a new user ID.
Partner with Tolleson and other financial institutions to establish internal controls such as out-of-band verification, call backs, and batch limits which help to protect companies against altered checks, counterfeit check fraud and unauthorized ACH transactions.
If, when logging into your account, you encounter a message that the system is unavailable, contact your financial institution immediately.
Monitor all communication from the online banking platform. Consider establishing alerts from within online banking to notify interested authorizers when any transfer activity occurs. Tolleson staff can help you configure alerts that can add another layer of protection against unauthorized activity.
- Monitor and reconcile your corporate accounts daily – Reviewing accounts daily can help you detect unauthorized activity quickly and take action to minimize or prevent losses.
Note any changes in the performance of your computer systems, such as:
A dramatic loss of speed.
Changes in the way things appear.
Computer locks up so the user is unable to perform any functions.
Unexpected rebooting or restarting of your computer.
An unexpected request for a one time password (or token) in the middle of an online session.
Unusual pop-up messages.
New or unexpected toolbars and/or icons.
Inability to shut down or restart.
- If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network. – Make sure your employees know how and to whom to report suspicious activity to within your company and at your financial institution. Contact Tolleson immediately so that we can take the following actions:
Disable online access to accounts.
Change online banking passwords.
Open new account(s) as appropriate.
Perform a review all recent transactions and electronic authorizations on the account. If suspicious active transactions are identified, cancel them immediately.
Ensure that no one has added any new payees, requested an address or phone number change, created any new user accounts, changed access to any existing user accounts, changed existing wire/ACH template profiles, changed PIN numbers or ordered new cards, checks or other account documents be sent to another address.
For additional information about how to keep your confidential information secure while online, please visit the Resources link in our Security Center.