Corporate Account Takeover

What is Corporate Account Takeover?

Corporate Account Takeover (CATO) is a form of corporate identity theft where cybercriminals use malware to steal a business's online credentials. Once they have these credentials, they can initiate fraudulent banking activities. While there are several methods to steal credentials, the most common involves malware infecting a business's computer workstations and laptops.

How Corporate Account Takeover Works:

1. Target the Company: The fraudster targets a business or its employee, often a senior executive, using various techniques to either gather login information directly or infect the computer with malware. These techniques include phishing, malicious website links, fake social media friend requests, and more.
2. Install Malware: The malware is installed on the victim's computer, allowing it to record keystrokes and take screenshots. The Zeus Trojan is a prevalent example of malware targeting online banking customers.
3. Gather Information: When the victim logs into online banking, the malware transmits the login information to the fraudster.
4. Initiate Takeover: With the stolen login information, the fraudster can access the accounts and transfer money, posing as a legitimate user.

How to Prevent Corporate Account Takeover:

Prevention requires layered security and widespread education about CATO (or ATO). Here are some practices to help prevent becoming a victim:

• Conduct online banking from a dedicated, secure computer that does not have email or web browsing capabilities.
• Be cautious of emails requesting account information or verification, especially those with attachments or links.
• Install and maintain a dedicated firewall, especially with a broadband or dedicated internet connection.
• Regularly change passwords and never share login credentials with third-party providers.
• Limit administrative rights on workstations to prevent malware installation.
• Use commercial antivirus and firewall software, ensuring it is regularly updated.
• Keep operating systems and key applications patched with the latest security updates.
• Clear your browser cache before starting an online banking session.
• Ensure a secure session (https) for all online banking activities.
• Avoid using automatic login features that save usernames and passwords.
• Never leave your computer unattended while using online banking services.
• Avoid accessing financial services from public computers or networks.
• Familiarize yourself with the institution’s account agreement and your liability for fraud.
• Share information about suspected fraud with other businesses.
• Immediately report suspicious transactions, particularly ACH or wire transfers, to your financial institution.

Signs Your Computer Has Been Compromised:

• Unexpected messages or images appear.
• Programs start or fail to start unexpectedly.
• Your firewall reports unexpected internet connections.
• Friends receive emails from you that you did not send.
• Your computer frequently freezes or slows down.
• System error messages increase.
• The operating system fails to load.
• Files or folders are deleted or changed.
• Your web browser behaves erratically.

Helpful Links:

• NACHA’s Fraud Resource Center
• Corporate Account Takeover page from the CSBS

For more detailed information on preventing CATO, visit the IC3 website, which offers valuable resources on the "Protect, Detect, and Respond" framework recommended by many security firms and government agencies.