Preventing Corporate Account Takeover
Fraudsters are increasingly targeting small and medium size businesses instead of large corporations. Why? Because many smaller businesses do not believe they will be a target and may lack the proper security measures to prevent an attack.
Corporate Account Takeover
One of the biggest threats is called "corporate account takeover," whereby the fraudster gains access to the business’s online banking accounts and quickly transfers the money into their own account. The following is how it works.
- Target the Victim - The fraudster targets an employee of the company, often a senior executive, using any number of techniques designed to either directly gather the login information or infect the computer with malware that can obtain it. These techniques include but are not limited to phishing, attachments or links to Web site infected with malware, fake friend requests on social networking sites and more.
- Install Malware - The next step is to install the malware onto the victim’s computer. This malware often contains the ability to transmit what key strokes are taken and even screenshots of what the victim is looking at. The Zeus Trojan is an example of one of the more prevalent pieces of malware on the Internet that targets online banking customers.
- Gather Information - When the victim logs into online banking the malware transmits the login information to the fraudster.
- Initiate Takeover - Once the login information is transmitted to the fraudster, they can use it to log in and transfer money out of the accounts, while appearing to be a legitimate user.
You can help protect yourself by using the following tips.
- Educate yourself and your employees about this type of scheme.
- Don't respond to or open attachments or click on links of unsolicited emails. If it appears to be from a trusted source (e.g. bank, IRS, Better Business Bureau, UPS, etc.) contact the source directly through other means to verify authenticity.
- Be wary of pop-up messages claiming your machine is infected and offering to fix the problem. These are often vehicles to install malware.
- Use and install spam filters.
- Install and maintain anti-virus, anti-spyware, anti-malware and firewalls. Set them to update automatically.
- Be sure to install all security updates for your operating systems and other applications.
- Monitor your accounts closely on a daily basis.
What to do if you suspect a problem.
- Immediately stop doing anything online that involves passwords or other sensitive information, such as online banking or shopping.
- Confirm that your anti-virus, anti-spyware, and anti-malware are up-to-date.
- Disconnect from the Internet and run a scan, deleting anything that is identified as a potential issue.
- If you think any of your accounts may have been compromised, contact your bank immediately.