Corporate Account Takeover is when cyber-thieves gain control of a business' bank account.

CATO exploits businesses that may have limited or no computer safeguards for online banking. Criminals steal information to impersonate the business and wire money illegally. Losses can be devastating because most are not recoverable. Here's what to know.

CATO is usually performed by malicious software or malware being installed on computers used for online banking, which allows a criminal to steal user IDs and passwords and circumnavigate security controls (e.g., one time passwords, authentication tokens, etc.). Implementing a strong information security program with cybersecurity awareness can help prevent account takeover.

IDs and passwords are usually the first line of defense for protecting your computer and online accounts. They generally consist of letters, numbers and symbols. Use the following guidelines for selecting and storing IDs and passwords:

  • Use a minimum of eight characters containing a combination of uppercase and lowercase letters, numbers and symbols (#$%&)
  • Stay away from obvious information such as birthdays, pet names and nicknames
  • Use a different password for each of your online accounts
  • Avoid using the “remember my password” option even if your computer suggests it
  • Change your passwords often and never reuse them
  • Do not share your passwords; write them down or post them near your computer

Only provide each person (or program or computer, etc.) the privileges necessary to get the job done. Doing so reduces the risk of deleterious access to valuable assets. This approach also minimizes the damage from cyber-attacks by limiting what the proxy has permissions to perform. For example, if a virus infects a computer through the user logged in, it cannot delete files, install itself, connect to other computers and steal information if the user doesn't have these privileges. You can further strengthen security by using a special purpose computer for all financial transactions.

Do not open hyperlinks and/or attachments in suspicious looking emails that may be overly formal, contain spelling/grammatical errors, come from an unknown sender or include unexpected attachments. These hyperlinks and/or attachments may contain malware to steal your financial credentials.

Implement anti-malware software and configure the software to perform automatic updates and weekly scans. This helps protect your computer(s) from being compromised.

Requiring multi-factor authentication to initiate a payment transaction is a critical safeguard in the unfortunate event that your account is accessed by an unauthorized individual. In this case, a person would be required to provide a password (“something you know”) to access the online banking application, and then enter a Secure Access Code that is sent to a device (“something you have”) via a phone call or text message.

Do not allow employees and/or contractors to install any software without receiving prior approval. This helps prevent malicious software from being installed on computers because access is restricted to authorized individuals only.

You and your employees should immediately contact your information technology department if you notice your computer is acting oddly, such as loss in performance, new toolbars, unusual popups, unexpected rebooting, computer lockups, etc. These may be signs that your computer has been infected with malware.

Daily monitoring and reconciliations greatly help reveal suspicious activity. Timely notification to your financial institution may assist in preventing additional unauthorized transactions.

Contact us immediately at 877.376.2265 if you suspect a fraudulent transaction has been processed, you provided personal/company information due to a phishing attempt, or your computer used for Online Banking has been infected with a virus or malware.

As a business owner, you should document your own specific incident response plan to help ensure that you and your employees know the proper steps to follow during an event. Timely notification of suspected account takeover is critically important. A general incident response plan should include the following:

  • Contact information for key employees at the financial institution who are responsible for responding to an account takeover incident
  • Steps to limit further unauthorized access, e.g., changing passwords, disconnecting computers, and requesting temporary holds
  • Process for collecting information that may help recover lost funds
  • Process for involving computer forensic specialists and/or law enforcement

Contact Us