Corporate Account Takeover is a type of fraud where thieves gain access to a business’ finances through stolen online banking credentials to make authorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
This is a growing threat for small businesses. Cyber thieves target businesses through Phishing, Pharming, Email Spoofing, Email Borne Viruses, Trojan Horse Programs and Social Networking Threats.
1. Phishing / Spear – Phishing
The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site are formatted to look like a familiar bank or other entity.
2. Email Borne Viruses / Worms
Viruses and worms are delivered as attachments, or through a link, to a compromised web site. Before opening any attachments or clicking any links, be sure you know and trust the source!
A user’s session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website’s IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192 86 99 140) of the website.
Changing the pointers on a DNS server the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on the website.
4. Email Spoofing
Activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. This technique may allow the sender to bypass e-mail filtering rules. Could be used in combination with Phishing.
5. Trojan Horse Programs
A Trojan Horse, or Trojan, is a standalone malicious program that does not attempt to infect files, unlike a computer virus, nor does it replicate itself with the intent of infecting other computers unlike a computer worm. Trojan horses can make copies of themselves, steal information, or harm their host computer systems.
Zeus is a Trojan horse that steals banking information by Man-in-the-browser. The victim’s browser is infected with the Trojan, which is capable of modifying the actions of the computer user in real-time and can also work independently of the user. The Trojan lies in the victim’s browser waiting for the user to access certain websites. Zeus can piggyback on the user’s session, allowing the thief to gather pertinent information.
Helpful Tips with Preventing Corporate Account Takeover
The best way to protect against corporate account takeover is a strong partnership with your financial institution. Work with your bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them frequently. Adopt advanced security measures by working with consultants or dedicated IT staff.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard your form unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Benchmark Bank currently provides an added level of security with our online banking sites through a new program called Trusteer. This is a free service and can be easily downloaded with a click of a button. This system helps add value by protecting our customers against cybercrime, advanced malware and phishing attacks. Protect your identity and account against fraud and cybercriminals with Trusteer Rapport.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened. Practice ongoing account monitoring and reconciliation, especially near the end of the day.
- Understand your responsibility and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required of your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover.
Resources for Business Account Holders
For complete guidelines of the ACH rules, please refer to your NACHA ACH Rules CD, issued annually by Benchmark Bank.
- Sound Business Practices for Financial Institutions to Mitigate Corporate Account Takeover
- Sound Business Practices for Businesses to Mitigate Corporate Account Takeover
- Sound Business Practices for Third-Party Service Providers to Mitigate Corporate Account Takeover
- Corporate Account Takeover: What You Need to Know, April 25, 2011
- Fraud Advisory for Businesses: Corporate Account Takeover (PDF) (US Secret Service, FBI, IC3 and FS-ISAC) (PDF), October 2010
- Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams (PDF), October 2010
- Better Business Bureau’s Data Security Made Simpler Program
- Corporate Account Takeover: How to Protect Your Institution, Small Business, and Municipal Customers (teleseminar handouts), March 23, 2010 -
*For more information regarding Corporate Account Takeover, you can refer to the following website: www.Nacha.org