Fraudulent Account Takeover

Corporate Account Takeover is a type of business identity theft in which a criminal entity steals a business’s valid online banking credentials. Small to mid-sized businesses remain the primary target of criminals, but any business can fall victim to these crimes. Attacks today are typically perpetrated quietly by the introduction of malware through a simple email or infected website.

The Risks & How it Can Happen

The bank’s ability to protect you is severely undermined when your online credentials are compromised by a data breach initiated within your computer system. 

Once your computer is compromised, a criminal will attempt to fraudulently perform any function of online banking: Bill Pay, ACH transfers, wires, copies of checks and signatures, etc. Any possible way to financially defraud you will be used by smart criminals with the intent to steal your money or personal information.

Hackers often take aim at small firms' computers because they are easier to infiltrate than banks' systems. Ways they can breach your systems:

  • Employees visiting legitimate websites – especially social media – and clicking on infected documents, videos, or photos posted there
  • An infected document attached to an email
  • A link within an email that connects to an infected website
  • An employee using a flash drive that was infected by another computer

Once the employee opens an attachment or goes to the website, malware is installed on the computer. Then attackers infect your system and are able to obtain security credentials to access your company’s business accounts.

How You Can Protect Your Business

Take advantage of these additional SNBT business banking resources and keep your business information safe and secure.

Mitigate  

Protect your business from corporate account takeover by following these best practices and avoid becoming a victim of opportunity.

  • Do not open suspicious emails, open attachments, or click links on emails from unknown senders
  • Never connect an unknown USB device to your computer
  • Be cautious with emails or phone calls claiming to be from your financial institution, vendors, or government agency that ask for any type of nonpublic information (account information, online banking credentials, personal identification numbers, etc.)
  • Install and maintain anti-malware, anti-virus, and anti-spyware programs

Identify 

Monitor your business' account for vulnerabilities and in the event of a security breach, you'll be prepared to take steps to keep your business safe. 

  • Reconcile deposit accounts daily and monitor activity regularly
  • Contact your financial institution immediately if you suspect any transactions to be unauthorized or fraudulent
  • Set up email or text message alerts for online banking administrative functions such as: New user added, new payee account(s) added to ACH or wire external transfer list, changes to payee account numbers or routing numbers, password changes on existing users, security feature changes (being disabled), etc.
  • Immediately investigate unusual or unplanned activity

Respond 

If your business becomes the victim of corporate account takeover, a quick and sound response plan will be the key to recovering funds.  

  • Have an incident response plan written and tested ahead of time (do not wait until there is an actual attack). The plan should include how you will recover any unauthorized fund transfers and stop future occurrences.
  • Identify key employees that will be involved in the event of an attack:
    • Management: Oversee and coordinate process
    • IT Department (may be outsourced): Identify and mitigate further attacks
    • Bookkeeping/ACH Officer: Work with financial institution on recovery
    • Insurance Company
    • Attorney
    • Corporate Security: Contact law enforcement
    • Public Relations: Work on press release if needed

Incident Response Checklist 

Having a list to guide you when responding to a business security incident can make all the difference.

Learn More about Incident Response Checklist

Warning Signs of Corporate Account Takeover 

Stay one step ahead and know the warning signs so you can spot a corporate takeover from a mile away.

  • Inability to login to online banking system (cyber criminals may block access during an attack to distract the user and hide the theft)
  • Strange message that online account is not available
  • Sudden request for the user to input password (or security token) in the middle of the online session
  • Creation of new online user account(s) or new payees
  • Unusual user activity, such as login from a different IP address or at unusual times of the day
  • Password or security token information suddenly not accepted
  • External transfers to new payees (through ACH, Bill Pay, Wire)