Premier Bank Logo
Automatic Payments for the 2021 Child Tax Credit program will begin in July. To learn more login to Online Banking.
Premier Bank Logo
Log into Online Banking
New to Online Banking?
Log into Online Banking
New to Online Banking?
Log into your Wealth account

Corporate Account Takeover: How to Mitigate Risk to Your Business

What you need to know

Corporate Account Takeover occurs when a criminal obtains electronic access to your bank account and conducts unauthorized transactions. The criminal obtains electronic access by stealing the confidential security credentials of your employees who are authorized to conduct your corporate bank electronic transactions (wire transfers, Automated Clearing House [ACH], and others).
Losses from this form of cyber-crime range from tens of thousands to the millions with the majority of these thefts not fully recovered. Corporate Account Takeovers have affected both large and small banks.

How does Corporate Account Takeover work?

Several methods being deployed to steal your confidential security credentials:
  • Phishing mimics the look and feel of a legitimate financial institution’s website, e-mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution.
  • Malware infects computer workstations and laptops via infected e-mails with links or document attachments. In addition, malware can be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of the malware. The malware installs key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website. Other viruses are more sophisticated. They alert the perpetrator when the legitimate user has logged onto a financial institution’s website, then trick the user into thinking the system is down or not responding. During this perceived downtime, the perpetrator is actually sending transactions in the user’s name.
Download the Incident Response Plan Checklist

Top Best Practices Avoid Corporate Account Takeover.

Education is Key – Train your employees!
  • A strong security program paired with employee education about the warning signs, safe practices and responses to a suspected takeover are essential to protecting your company and customers.
  • Employee education is effective in reducing the threat of an account takeover.
  • Develop a formal security policy and train the employees on internet safety.
Protect your online environment:
  • Secure your computer and networks – Possibly dedicate one computer for online banking functions only, no emails or other internet browsing allowed.
  • Install and Maintain Spam Filters
  • Surf the Internet carefully
  • Install & maintain real-time Anti-Virus & Anti-Spyware Desktop Firewall & Malware Detection & Removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
  • Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
  • Install security updates (patches) to operating systems and all applications as they become available.
  • Block Pop-Ups
  • Use strong password policies
  • Do not use public Internet access points
  • Use multi-layer security
Partner with your bank to prevent unauthorized transactions:
  • Make sure that your employees know how and to whom to report suspicious activity – both at your Company & your Bank
  • Use Dual-Control with online banking transactions
Pay attention to suspicious activity and react quickly:
  • Monitor and Reconcile Bank Accounts Daily - especially near the end of the day
  • Note any changes in the performance of your computer - dramatic loss of speed, computer lock-ups, unexpected rebooting, unusual pop-ups, etc.
  • Do not open attachments from e-mail - Be on the alert for suspicious e-mail
Understand your responsibilities and liabilities:
The Account and Business Online Banking online service agreements details what commercially reasonable security measures are required for your business. It is critical that you understand and implement the security safeguards in these agreements. If you don’t, you could be liable for losses resulting from a takeover.
  • Consider Cyber-insurance
  • Limit Administrative Rights - Do not allow employees to install any software without receiving prior approval.
Remember: The Bank will NEVER ask for sensitive information, such as Account Numbers, Access IDs, or Passwords via e-mail.

Contact the Bank if you:

  1. Suspect a Fraudulent Transaction
  2. If you are trying to process an Online Wire Transfer or ACH Batch and you receive a Maintenance Page
If you receive an e-mail claiming to be from the Bank and it is requesting personal / Company information

Download the Incident Response Plan Checklist

Related Topics