Protecting Your Business from Account Takeover

When it comes to your business accounts, Corporate Account Takeover is a very real threat. Corporate Account Takeover is a form of business identity theft where cyber thieves gain control of a business' bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled by the thieves.

How thieves gain access to your accounts.

Although there are several methods being employed to steal credentials, the most prevalent involves malware that infects a business' computer workstations and laptops. A business can become infected with malware via infected documents attached to an e-mail or a link contained within an e-mail that connects to an infected web site. In addition, malware can be downloaded to users' workstations and laptops by visiting legitimate websites - especially social networking sites - and clicking on the documents, videos or photos posted there. This malware can also spread across a business' internal network.

Prevention, detection and reporting recommendations for business customers account control

  • Reconcile all banking transactions on a daily basis and activate account alerts that notify you of online or account activity.
  • Initiate ACH and wire transfer payments under dual control, with a transaction originator and a separate transaction authorizer.
  • Perform periodic risk assessment of the banking products/services you use; including; regular reviews of user access levels, dollar limits and activity.
  • Immediately report any suspicious transactions to the financial institution.
  • Stay in touch with other businesses and industry sources to share information regarding suspected fraud activity.

Recommended computer security tools and practices

  • Develop and Implement an Information Security Program specific to your business.
  • Engage IT professionals to recommend security best practices.
  • Install a dedicated, actively managed firewall. A firewall limits the potential for unauthorized access to a network and computers.
  • Install commercial anti-virus software and website filtering tools on all computer systems.
  • Ensure virus protection and security software are updated regularly.
  • Ensure computers are patched regularly, particularly operating system and key applications, with security patches.
  • Consider installing spyware detection programs.
  • Be suspicious of e-mails purporting to be from a financial institution, government department or other agency requesting account information, account verification or banking access credentials such as usernames, passwords, PIN codes and similar information. If you are not certain of the source, do not click any links.
  • Require use of two factor authentication.
  • Create strong complex passwords.
  • Require passwords to be changed at a minimum every 90 days.
  • Use different passwords for all accounts and websites.
  • Prohibit the use of "shared" usernames and passwords for online banking systems.
  • Never share username and password information with third-party providers.
  • Limit administrative rights on users' workstations.
  • Carry out all online banking activities from a dedicated, stand-alone computer system from which e- mail and Web browsing are not possible.
  • Verify use of a secure session ("https") in the browser for all online banking.
  • Avoid using automatic login features that save usernames and passwords for online banking.
  • Never leave a workstation unattended while using any online banking or investing service.
  • Configure workstations to automatically lock their screens after a short period of non-use.
  • Use only secure non-public internet to access online banking. Never access bank, brokerage or other financial services information at Internet cafes, public libraries, etc. Unauthorized software may have been installed to trap account number and sign on information leaving the customer vulnerable to possible fraud.

Recommendations for corporate account takeover victims

Immediately cease all activity from computer systems that may be compromised.

Disconnect the Ethernet, wireless or other network connections to isolate the system from remote access.

Immediately contact your financial institution and request assistance with the following actions:

  • Disable online access to accounts.
  • Change online banking passwords.
  • Open new account(s) as appropriate.
  • Request the financial institution's agent review all recent transactions and electronic authorizations on the account.
  • Consider asking your banking representative about using Positive Pay.
  • Ensure that no one has requested an address change, title change, PIN change or ordered new cards, checks or other account documents be sent to another address.
  • Email and other websites you frequent may have also been compromised. It is recommended that you change the password for each. 
  • Hiring a forensic expert to help with investigating affected systems.
  • Engaging IT professionals to restore your network and enable resumption of business operations of affected systems.

Contact your insurance agent to discuss any guidance they may provide and if required to report the event.

Maintain a written chronology of what happened, what was lost and the steps taken to report the incident to the various agencies, banks and firms impacted. Be sure to record the date, time, contact telephone number, person spoken to, and any relevant report or reference number and instructions.

File a police report and provide the facts and circumstances surrounding the loss. Obtain a police report number with the date, time, department, location and officer's name taking the report or involved in the subsequent investigation. Having a police report on file will often facilitate dealing with insurance companies, banks, and other establishments that may be the recipient of fraudulent activity. The police report may initiate a law enforcement investigation into the loss with the goal of identifying, arresting and prosecuting the offender and possibly recovering losses.

This is for information purposes and is not intended to provide legal advice. The guidance included is not an exhaustive list of actions and security threats change constantly. 

Additional information security and risk assessment resources for business customers:

Federal Trade Commission Data Security: https://Ftc.gov/infosecurity

NACHA Current Fraud Threats Resource Center: https://www.nacha.org/content/current-fraud-threats-resource-center