Skip to Content
September 26, 2016 Article 3 min read
It happens more than you think – cyber thieves stealing information to infiltrate an organization's financial systems and accounts to make unauthorized transactions. Here's how to prevent and – should you fall victim – detect and recover from a CATO attack.

Ground view of skyscrapersIt’s a time of great risk for organizations of all industries. Threats to security loom large, as cyber thieves work to take control of an organization's bank account by stealing employee passwords and other valid credentials. These cyber thieves then use the stolen information to gain access to an organization's finances to make unauthorized transactions (which include transferring funds from the company to their own accounts), create and add fake employees to payroll, and steal sensitive customer information.

This is called “Corporate Account Takeover,” or CATO, and it happens more than you think. Here are a few commonly asked questions and answers to help you protect your organization.

How does it happen?

Cyber thieves obtain login information from employees via phishing, phone call, and social networks. Phishing, in particular, is becoming more rampant in today's digital world: cyber thieves commonly send emails to targeted employees masquerading as a bank, delivery companies, courts, or the Better Business Bureau. Once the email is opened, malware is loaded onto the employee's computer, which records the login credentials and passwords of the targeted employees and sends them back to the criminals. In other cases of phishing, the email will directly ask for the client's account information.

Who does it affect?

It primarily exploits small and medium-sized organizations, especially those with limited to no computer safeguards. Municipalities, school districts, large non-profit organizations, corporate organizations, and any customers that perform electronic transfers are potential targets. Losses from this form of cyber-crime range from the tens of thousands to the millions, with the majority of these thefts not fully recoverable. These thefts have adversely impacted both large and small banks.

How can you prevent it?

Prevention starts with a strong partnership between organizations and their financial institutions. Organizations should work with their banks to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to funds.

Prevention starts with a strong partnership between organizations and their financial institutions.

According to the American Bankers Association, the following should be undertaken to prevent corporate account takeover. Organizations should:

  • Educate their staff about the warning signs, safe practices, and responses about corporate account takeover.
  • Ensure staff are using complex passwords and changing them periodically.
  • Ensure staff aren’t using unprotected internet connections.
  • Encrypt their sensitive data.
  • Keep virus protections up to date on computers.

Banks should:

  • Inform organizations about programs that safeguard them from authorized transactions. Positive Pay and other services offer call backs, device authentication, multiperson approval process, and batch limits that help protect businesses from fraud.
  • Inform organizations about their responsibilities about security safeguards.

How can you detect it?

To promptly detect Corporate Account Takeover, the Internet Crime Complaint Center (IC3) recommends that employees:

  • Monitor and reconcile accounts at least once a day.
  • Be sensitive to any changes in the performance of their computer (such as unexpected toolbars and unusual pop-up messages).
  • Run regular virus and malware scans on their computer hard drives.
  • Pay attention to warnings from their antivirus software.

How should you respond if you’re a victim?

According to the IC3, organizations should immediately contact their financial institution so that:

  • Access to accounts is disabled.
  • Online banking passwords are changed.
  • New accounts are opened as appropriate.
  • All recent transactions and electronic authorizations on the account can be reviewed.

Organizations that detect suspicious activity should cease all online activity and remove any computer systems that may be compromised from the network. They should also maintain a written chronology of what happened, what was lost, and the steps are taken to report the incident to the various agencies, financial institutions, and firms impacted. Finally, they should file a police report and provide the facts and circumstance surrounding the loss.