Corporate Account Takeover (CATO)

What is Corporate Account Takeover or CATO?

Corporate Account Takeover, or CATO as it is referred to, is a type of business ‘identity theft’ in which a criminal entity steals a company’s valid online banking credentials. Small to mid-sized businesses remain the primary target of criminals, but any business can fall victim to these crimes. The criminal obtains electronic access by stealing the confidential security credentials of your employees who are authorized to conduct electronic transactions (wire transfers, Automated Clearing House/ACH, and others) on your corporate bank account.

How Do Cyber Criminals Access Business Computers?

Attacks are typically perpetrated quietly, by the introduction of malware through a simple email or infected website. For businesses that have low resistance to such methods of attack, the malware introduced onto its system may remain undetected for weeks or even months. Malware can be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of the malware. The malware installs key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website.

Another method being employed to steal confidential security credentials is called Phishing. Phishing mimics the look and feel of a legitimate financial institution’s website,e-mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution.

Cyber criminals use various methods to trick employees into opening the attachment or clicking on the link, including disguising an email to look as though it’s from a legitimate business. Often, these criminals will employ some type of scare tactic to entice the employee to open the email and/or provide account information. For example, cyber criminals have sent emails claiming to be from:

  • UPS (e.g.There has been a problem with your shipment)
  • Financial institutions (e.g. There is a problem with your account)
  • Better Business Bureaus (e.g. A complaint has been filed against you)
  • Court systems (e.g. You have been served a subpoena)

Warning signs visible to a business or consumer customer that their system/network may have compromised include:

  • Inability to log into online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the money);
  • Dramatic loss of computer speed;
  • Changes in the way things appear on the screen;
  • Computer locks up so the user is unable to perform any functions;
  • Unexpected rebooting or restarting of the computer;
  • Unexpected request for a one time password (or token) in the middle of an online session;
  • Unusual pop-up messages, especially a message in the middle of a session that says the connection to the institution’s system is not working (system unavailable, down for maintenance, etc.);
  • New or unexpected toolbars and/or icons; and
  • Inability to shut down or restart the computer.

What Can Business Customers Do To Protect Themselves (Best Practices)?

Each business should evaluate its risk profile with regard to Corporate Account Takeover and develop and implement a security plan,including sound business practices, to prevent and mitigate the risk of Corporate Account Takeover. Such plan should be appropriate to the unique circumstances of the business. However, in developing such a plan, each business should consider the following sound business practices, which are recommended in most cases, and any other sound business practices determined by the company:

  • Train your employees. First National Bank will NEVER ask for sensitive information, such as Account Numbers, Access IDs, or Passwords via e-mail, text or phone call.
  • Limit Administrative Rights - Do not allow employees to install any software without receiving prior approval.
  • Install and Maintain Spam Filters; real-time Anti-Virus & Anti-Spyware; Desktop Firewall & Malware Detection & Removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
  • Install routers and firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
  • Install security updates (patches) to operating systems and all applications as they become available.
  • Block Pop-Ups
  • Use strong password policies
  • Do not open attachments from e-mail - Be on the alert for suspicious e-mail
  • Monitor and Reconcile Bank Accounts Daily - especially near the end of the day

Contact First National Bank If You: 

  • Suspect a Fraudulent Transaction
  • If you receive an e-mail claiming to be from the Bank and it is requesting personal /Company information

Incident Response Plans

Customers are strongly encouraged write their own Incident Response Plan based on the unique nature of their enterprise. A general template would include:

  1. The direct contact numbers of key bank employees (including after-hours numbers);
  2. Steps the account holder should consider to limit further unauthorized transactions, such as:
  • Changing passwords;
  • Immediately ceasing all online activity and removing any computer systems that may be compromised from the network;
  • Requesting a temporary hold on all other transactions until out-of-band confirmations can be made;
  • Maintaining a written chronology of what happened, what was lost, and the steps taken to report the incident to the various agencies, financial institutions, and firms impacted;
  • Working with computer forensic specialists and law enforcement to review appropriate equipment; and 
  • Contacting their insurance carrier.