Corporate Account Takeover is a form of corporate identity theft where cyber thieves gain control of a business’ financial accounts by stealing employee passwords and other valid credentials. Attackers can then initiate fraudulent wire and ACH transactions to accounts they control. Businesses with limited or no internal computer safeguards and disbursement controls for use with your financial institution’s online banking system are vulnerable to theft when cyber thieves gain access to their computer systems, typically through malicious software (malware). Malware infects a business’ computer system not just through “infected” documents attached to an email, but also simply when an infected website is visited.
Corporate Account Takeover Information
What is Corporate Account Takeover?
Corporate Account Takeover is a type of fraud targeting business’ finances to make unauthorized transactions, including transferring funds, creating and adding fictitious employees to payroll, and stealing sensitive member information.
Small businesses are being targeted especially since most do not have the same level of resources as larger companies to defend and upgrade their information technology systems. Also, many do not monitor and reconcile their accounts on a daily basis and small businesses may work with a variety of financial institutions.
How do I protect my small business?
The first line of protection is training yourself and your employees. It is essential to have a strong security program and employee education program to protect your finances and members. Below are tips to make sure your business is prepared.
- Protect your online environment.
- Partner with your credit union to prevent unauthorized transactions.
- Pay attention to suspicious activity and react quickly.
- Understand your responsibilities and liabilities.
- Create an Incident Response Plan:
Since each business is unique, members should write their own incident response plan. A general template would include:
- The contact number for the credit union: (800) 642-4482.
- Steps the account holder should consider to limit further unauthorized transactions, such as:
- Changing passwords
- Disconnecting computers used for Internet banking
- Requesting a temporary hold on all other transactions until out-of-band confirmations can be made
- Information the account holder will provide to assist the credit union in recovering their money
- Contacting their insurance carrier
- Working with computer forensic specialists and law enforcement to review appropriate equipment
How can my business’ system be compromised?
- An infected document attached to an email
- A link within an email that connects to an infected website.
- Employees visiting legitimate websites, especially social networking sites and clicking on infected documents, videos or photos.
- An employee using a flash drive that was infected by another computer.
What if my business’ system has been infected?
- Immediately cease all computer activity and disconnect all Internet and network connections.
- Immediately contact your financial institution to disable online access and open new accounts as needed.
- Maintain a written chronology of what happened and monitor transactions.
- File a police report.
Resources for Business Account Holders
- The Better Business Bureau’s website on Data Security Made Simpler: Better Business Bureau.
- The Small Business Administration’s (SBA) website on Protecting and Securing Customer Information: SBA.
- The Federal Trade Commission’s (FTC) interactive business guide for protecting data: FTC.
- The National Institute of Standards and Technology’s (NIST) Fundamentals of Information Security for Small Businesses: NIST.
- The jointly issued “Fraud Advisory for Businesses: Corporate Account Takeover” from the U.S. Secret Service, FBI, IC3, and FS-ISAC available on the IC3 website.
- NACHA – The Electronic Payments Association’s website has numerous articles regarding Corporate Account Takeover for both financial institutions and banking customers: NACHA.