Protecting Your Business Against Internet Fraud
What is Corporate Account Takeover? (CATO)
Corporate Account Takeover is a type of business identity theft in which a criminal entity steals a business’s valid online banking credentials. Small to mid-sized businesses remain the primary target of criminals, but any business can fall victim to these crimes. Attacks today are typically perpetrated quietly by the introduction of malware through a simple email or infected website.
What is the Risk?
The bank’s ability to protect you is severely undermined when your online credentials are compromised by a data breach initiated within your computer system. Once your computer is compromised, any action you can take from your online banking, a criminal will attempt to do fraudulently. Bill Pay, ACH Transfers, Wires, Copies of checks and signatures, etc. Any possible way to financially defraud you will not be overlooked by smart criminals with the intent to steal your money or personal information.
How Does it Happen?
Hackers often take aim at small firms' computers because they are easier to infiltrate than banks' systems. For example:
- An infected document attached to an email
- A link within an email that connects to an infected website
- Employees visiting legitimate websites – especially social networking sites – and clicking on the infected documents, videos, or photos posted there
- An employee using a flash drive that was infected by another computer
Once the employee opens the attachment or goes to the Web site, malware is installed on the computer - in each case, fraudsters exploit the infected system to obtain security credentials that they can use to access a company’s business accounts. Once imbedded, it can even seek out others within the network to gain secondary access or credentials. While up-to-date antivirus software offers substantial protection against malware, it isn't 100% effective. According to the FBI, there is no single deterrent that is 100% effective against fraud, viruses and malware.
Monitor and report suspicious activity! Ongoing monitoring and timely reporting of suspicious activity are crucial to deterring or recovering from these frauds. Report log-ins at unusual times of day, new user accounts, unauthorized transfers, etc., so the financial institution can immediately block the account and monitor activity.
Be wary of distractions designed to camouflage a takeover: Robo-calls flooding your phone lines, or an email “dump” flooding your inbox – both are designed to hide any automatic alerts or phone calls from the bank.
Feliciana Bank & Trust Company will never ask you for any personal or identifying information through an email link.
Only use the address that you have used before or start at your normal homepage – NEVER through a link.
Look for the lock at the bottom of your browser and “https” in front of the website address.
Take note of the header address on the website. Most legitimate sites will have a relatively short internet address that usually depicts the business followed by .com, .net or .org. Spoof sites are more likely to have an excessively long string of characters.
If you have any doubts about an email or website, contact the legitimate company directly. Make a copy of the questionable web site’s URL address, send it to the legitimate business and ask if the address is legitimate.
When creating your passwords, don’t use information that could easily be linked to you (i.e. phone number, your date of birth, address numbers).
Do not share your passwords or PINs with anyone, or store them where they can be found.
Feliciana Bank maintains a secure network to protect its customers' information and expects its business customers to maintain and monitor their systems as well. Please contact us for more information regarding CATO if needed.
Visit our Learning Center to view useful videos on various Security Topics.