Cyber thieves often target small businesses. The more you know, the safer your business.

Corporate Account Takeover is a type of fraud where thieves gain access to a business’ finances through stolen online banking credentials to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. This is a growing threat for small businesses.

1. Phishing / Spear–Phishing

The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site are formatted to look like a familiar bank or other entity.

2. Email Borne Viruses / Worms

Viruses and worms are delivered as attachments, or through a link, to a compromised web site. Before opening any attachments or clicking any links, be sure you know and trust the source!

3. Pharming

A user’s session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website’s IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192 86 99 140) of the website. Changing the pointers on a DNS server the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on the website.

4. Email Spoofing

Activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. This technique may allow the sender to bypass e-mail filtering rules. Could be used in combination with Phishing.

5. Trojan Horse Programs

A Trojan Horse, or Trojan, is a standalone malicious program that does not attempt to infect files, unlike a computer virus, nor does it replicate itself with the intent of infecting other computers unlike a computer worm. Trojan horses can make copies of themselves, steal information, or harm their host computer systems.

Example: Zeus is a Trojan horse that steals banking information by Man-in-the-browser. The victim’s browser is infected with the Trojan, which is capable of modifying the actions of the computer user in real-time and can also work independently of the user. The Trojan lies in the victim’s browser waiting for the user to access certain websites. Zeus can piggyback on the user’s session, allowing the thief to gather pertinent information.

Corporate Account Takeover Can Be Prevented

The best way to protect against corporate account takeover is a strong partnership with your financial institution. Benchmark Bank will work with you to understand security measures needed within your business and to establish safeguards on the accounts that can help us identify and prevent unauthorized access to your funds.

A shared responsibility between the bank and the business is the most effective way to prevent corporate account takeover. Consider these tips to ensure your business is well prepared:

  • Protect your online environment. Protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them frequently. Adopt advanced security measures by working with consultants or dedicated IT staff.
  • Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard your form unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
  • Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened. Practice ongoing account monitoring and reconciliation, especially near the end of the day.
  • Understand your responsibility and liabilities. Your account agreement will detail what commercially reasonable security measures are required of your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover.

Resources for Business Account Holders

For complete guidelines of the ACH rules, please refer to your NACHA ACH Rules CD.

Cyber Crime Awareness/Protection Resources

Additional Resources

*For more information regarding Corporate Account Takeover, you can refer to the following website: https://www.nacha.org/news/corporate-account-takeovers-can-lead-fraudulent-transactions