What you need to know
Corporate Account Takeover occurs when a criminal obtains electronic access to your bank account and conducts unauthorized transactions. The criminal obtains electronic access by stealing the confidential security credentials of your employees who are authorized to conduct your corporate bank electronic transactions (wire transfers, Automated Clearing House [ACH], and others).
Losses from this form of cyber-crime range from tens of thousands to the millions with the majority of these thefts not fully recovered. Corporate Account Takeovers have affected both large and small banks.
How does Corporate Account Takeover work?
Several methods being deployed to steal your confidential security credentials:
Phishing mimics the look and feel of a legitimate financial institution’s website, e-mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution.
- Malware infects computer workstations and laptops via infected e-mails with links or document attachments. In addition, malware can be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of the malware. The malware installs key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website. Other viruses are more sophisticated. They alert the perpetrator when the legitimate user has logged onto a financial institution’s website, then trick the user into thinking the system is down or not responding. During this perceived downtime, the perpetrator is actually sending transactions in the user’s name.
Download the Incident Response Plan Checklist
Top Best Practices Avoid Corporate Account Takeover.
Education is Key – Train your employees!
- A strong security program paired with employee education about the warning signs, safe practices and responses to a suspected takeover are essential to protecting your company and customers.
- Employee education is effective in reducing the threat of an account takeover.
- Develop a formal security policy and train the employees on internet safety.
Protect your online environment:
Partner with your bank to prevent unauthorized transactions:
- Make sure that your employees know how and to whom to report suspicious activity – both at your Company & your Bank
- Use Dual-Control with online banking transactions
Pay attention to suspicious activity and react quickly:
- Monitor and Reconcile Bank Accounts Daily - especially near the end of the day
- Note any changes in the performance of your computer - dramatic loss of speed, computer lock-ups, unexpected rebooting, unusual pop-ups, etc.
- Do not open attachments from e-mail - Be on the alert for suspicious e-mail
Understand your responsibilities and liabilities:
The Account and Business Online Banking online service agreements details what commercially reasonable security measures are required for your business. It is critical that you understand and implement the security safeguards in these agreements. If you don’t, you could be liable for losses resulting from a takeover.
- Consider Cyber-insurance
- Limit Administrative Rights - Do not allow employees to install any software without receiving prior approval.
Remember: The Bank will NEVER ask for sensitive information, such as Account Numbers, Access IDs, or Passwords via e-mail.
Contact the Bank if you:
Suspect a Fraudulent Transaction
If you are trying to process an Online Wire Transfer or ACH Batch and you receive a Maintenance Page
- If you receive an e-mail claiming to be from the Bank and it is requesting personal / Company information