Corporate Account Take Over (CATO)
What is Corporate Account Takeover (CATO)?
Corporate Account Takeover is a type of business identity theft in which a criminal entity steals a business’s valid online banking credentials. Small to mid-sized businesses remain the primary target of criminals, but any business can fall victim to these crimes. Attacks today are typically perpetrated quietly by the introduction of malware through a simple email or infected website. For a business that has low resistance to such methods of attack, the malware introduced onto its system may remain undetected for weeks or even months.
What is malware?
Short for “malicious software”, malware is software designed to infiltrate a computer system without the owner’s informed consent. Examples include viruses, worms, Trojan horses, spyware, dishonest adware, crimeware, etc.
Where does it come from?
Malicious websites, including social media sites, Email, ads from popular websites. Some experts believe email is the biggest security threat of all. Email has been the fastest, most effective method of spreading malicious software to the largest number of users. A good rule of thumb is to only include information in an email that you would feel comfortable sharing with a stranger.
What to do?
Introducing layered security processes and procedures can help protect businesses from criminals seeking to drain accounts and steal confidential information. These increased security procedures may help reduce the number of incidents, and mitigate financial losses and reputational damage that can result from such attacks
No single security measure alone is likely to be effective in preventing or mitigating all risks associated with Corporate Account Takeover. Similarly, some of these sound business practices may not be appropriate for or applicable to all businesses. Accordingly, each business must identify its own risks and design and implement appropriate security measures to prevent and mitigate risks associated with Corporate Account Takeover.
Sound business practices for entities suggested by Chelsea Savings Bank are outlined in the next pages.
Layered System SecurityUse appropriate tools to prevent and deter unauthorized access and periodic reviews of such tools to ensure they are up to date. These tools include:
Anti-botnet, anti-malware, and anti-spyware programs
Encryption of laptops, hard drives, VPNs and/or other communication channels
Education of all computer users regarding appropriate internet usage
Install robust anti-virus and security software for all computer workstations and laptops and ensure that such software is automatically patched regularly and remains current.
Implement multi-layered system security technology. Anti-virus software alone will not protect a business from most threats. Layering security software constructs a multi-level barrier between businesses’ networks and criminals attempting to access such networks.
Implement security suites so all security options (i.e., firewall, anti-virus, anti-spyware, anti-malware, etc.) work harmoniously to provide superior protection.
Online Banking Safety
Create a secure financial environment by dedicating one computer exclusively for online banking and cash management activity. This computer should not be connected to the business network, have email capability, or connect to the Internet for any purpose other than online banking. Disallow any use for general Web browsing and social networking.
Verify use of a secure session (“https”) in the browser for all online banking activity.
Disallow online banking activities from free Wi-Fi hot spots, (airports and Internet cafes)
Cease all online banking activity if the online banking application appears different or questionable and immediately contact the appropriate financial institution.
Educate all employees about cybercrimes so they understand that even one infected computer can lead to an account takeover. All employees, even those with no financial responsibilities, should be educated about these threats.
Educate all employees to think critically about each email and phone call received. An employee should always ask “Does this email or phone call make sense?”
A business should advise its employees to:
Not open suspicious emails or emails from unknown persons. Even opening an email may expose a computer and the network to malware.
Ask, “Does this make sense?” before taking action in response to an email. If an email is suspicious, do not click on a link or open an attachment. The link could navigate the employee to an infected website or download a malware program. Employees should be instructed to delete the suspicious email and not click a link or open an attachment.
Be particularly suspicious of emails or calls to be from a financial institution, government agency or other organization requesting account information, account verification or banking access credentials such as usernames, passwords, Personal Identification Numbers (PINs) and similar information. If such a suspicious email or call is received, the business should call the financial institution or agency to verify legitimacy. The business should not call the phone number included in the email, or click on the link or reply to the sender of such an email. Note that financial institutions and government agencies will not ask customers for login credentials.
Block access to unnecessary or high-risk websites. Common sites that carry high-risk include adult entertainment, online gaming, social networking and personal email.
Promptly deactivate or remove access rights of employees who no longer require access (e.g., inactive, transferred or terminated employees).
Require all employees to use strong passwords and change their passwords frequently on both the computer and online banking application.
In some cases a business may determine it is appropriate to utilize a “white-listing” tool to limit employees’ access to only websites that the business has reviewed and deemed safe.
Establish user accounts for every computer and limit administrative rights. Many malware programs require the user to have network administration privileges to infect the computer. Employ “user” settings to avoid unintentionally downloading a credential-stealing program. Often malware requires the user to be logged in as the network administrator for the malicious program to download.
Stay informed about defenses to Corporate Account Takeover. Since cyber threats change rapidly, it is imperative that all businesses stay informed about evolving threats and adjust security measures in a timely manner. Among other things, this can be achieved by connecting with alert groups, and business and industry resources about threats and frauds
Initiate payments under dual control, with assigned responsibility for transaction origination and authorization. Dual control involves file creation by one employee with file approval and release by another employee on a different computer.
Reconcile accounts online daily. At a minimum, pending electronic activity.
Take advantage of appropriate account services offered by its financial institution. Financial institutions offer a variety of services including debit blocks, Falcon Monitoring, call-backs, etc. Please contact Chelsea Savings Bank for Monitoring services provided.
Reporting Suspicious Activity
Monitor for and report suspicious activity. Ongoing monitoring and timely reporting of suspicious activity are crucial in deterring or recovering from these frauds. A business should report anything unusual to the financial institution, such as log-ins at unusual times of day, new user accounts, unauthorized transfers, etc., so the financial institution can immediately block the account and monitor activity.
Warning Signs of a Potential Compromise (but not limited to):
Inability to log into online banking (thieves could be blocking customer access so the customer will not see the theft until the criminals have control of the money)
Dramatic loss of computer speed
Changes in the way things appear on the screen
Computer locks up so the user is unable to perform any functions
Unexpected rebooting or restarting of the computer
Unexpected request for a one time password (or token) in the middle of an online session
Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working New or unexpected toolbars and/or icons
Inability to shut down or restart a computer
If you notice anything suspicious
Review all accounts regularly to detect unauthorized activity.
Notify Bank of the Chelsea Savings Bank (319-444-3144) immediately if you suspect that your Login ID or Password has become known to any unauthorized person.
Immediately change all passwords associated with the online account.
Disconnect from the internet all computers used for Online Banking.
Request a temporary hold on all other transactions until verbal confirmation is obtained.
Work with appropriate computer forensic specialist and law enforcement to review impacted equipment.