What is Corporate Account Takeover?
Corporate Account Takeover is an ongoing electronic crime typically involving the exploitation of businesses. Businesses that are more at risk are those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank's online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to its computer system to take confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Any customers that perform electronic transfers are potential targets. These thefts have affected both large and small banks.
This type of cyber-crime is an advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime including circumventing one time passwords, authentication tokens, and other forms of multi-factor authentication. Customer awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a "layered security" approach is required.
Best Practices for Internet Users:
- Do not use unprotected internet connections. (i.e. networks with no password)
- Encrypt sensitive data and keep updated anti-virus, anti-malware and anti-spyware protection on your computers.
- Change passwords frequently.
- Talk to your finical institution about products that offer an extra layer of security like call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
- Watch out for suspicious activity, do not open suspicious e-mails and never share account information.
- If you have any questions, please contact your financial institution.