Corporate Account Takeover
from the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3)
What is Corporate Account Takeover?
Corporate Account Takeover is when a criminal steals a company’s online banking credentials. The criminal obtains access by stealing the login credentials of your employees who are authorized to conduct electronic transactions (wire transfers, Automated Clearing House/ACH, and others) on your corporate bank account.
How do criminals gain access to the accounts?
Criminals employ various methods to get victims to disclose personal or account information. These methods may include getting the victim to open an infected email attachment, accepting a fake friend request on a social networking site, or visiting a website that installs malware on their computer. Once the malware is installed on the computer it will gather information including login credentials to send to the criminals.
Another method used to steal login credentials is called Phishing. Phishing mimics the look and feel of a legitimate business’s website, e-mail, or other communication. Cyber criminals use various methods to trick employees into opening the attachment or clicking on the link, including:
- Disguising the email to look as though it’s from a legitimate business. Often, these criminals will employ some type of scare tactic to entice the employee to open the email and/or provide account information. For example, cyber criminals have sent emails claiming to be from:
1. UPS (e.g., “There has been a problem with your shipment.”)
2. Financial institutions (e.g., “There is a problem with your banking account.”)
3. Better Business Bureaus (e.g., “A complaint has been filed against you.”)
4. Court systems (e.g., “You have been served a subpoena.”)
- Making the email appear to provide information regarding current events such as natural disasters, major sporting events, and celebrity news to entice people to open emails and click on links.
- Using email addresses or other credentials stolen from company websites or victims, such as relatives, co-workers, friends, or executives and designing an email to look like it is from a trusted source to entice people to open emails and click on links.
The cyber criminal's goal is to get an employee to open the infected attachments or click on the link contained in the email and visit the nefarious website where hidden malware is often downloaded to the employee's computer. This malware allows the fraudster to “see” and track employee's activities across the business’ internal network and on the Internet. This tracking may include visits to your financial institution and use of your online banking credentials used to access accounts (account information, log in, and passwords). Using this information, the fraudster can conduct unauthorized transactions that appear to be a legitimate transaction conducted by the company or employee.
How to protect your business from this type of attack
- Educate everyone on this type of fraud scheme - Don’t respond to or open attachments or click on links in unsolicited e-mails. If a message appears to be from your financial institution and requests account information, do not use any of the links provided. Contact the financial institution using the information provided upon account opening to determine if any action is needed. Financial institutions do not send customers e-mails asking for passwords, credit card numbers, or other sensitive information. Similarly, if you receive an email from an apparent legitimate source (such as the IRS, Better Business Bureau, Federal courts, UPS, etc.) contact the sender directly through other means to verify the authenticity. Be very wary of unsolicited or undesired email messages (also known as “spam”) and the links contained in them. Review the content on our Customer Security Information page to learn more about Social Engineering as well as how to increase the level of Cybersecurity for your business.
- Be wary of pop-up messages claiming your machine is infected and offering software to scan and fix the problem, as it could actually be malicious software that allows the fraudster to remotely access and control your computer.
How to enhance the security of your computer and networks to protect against this fraud
- Limit the computers that are used for online banking and payments. A workstation used for online banking should not be used for general web browsing, e-mailing, and social networking. Conduct online banking and payments activity from at least one dedicated computer that is not used for other online activity.
- Do not leave computers with administrative privileges (superuser/admin rights) and/or computers used to perform online banking transaction unattended. Log/turn off and lock up computers when not in use.
- Use/install and maintain spam filters to help reduce the number of suspect emails you will receive.
- Train your employees on how to review every email they receive for legitimacy.
- Install and maintain real-time anti-virus and anti-spyware desktop firewall and malware detection and removal software. Use these tools regularly to scan your computer. Allow for automatic updates and scheduled scans.
- Install routers and firewalls to prevent unauthorized access to your computer or network.
- Install security updates to operating systems and all applications, as they become available. These updates may appear as weekly, monthly, or even daily for zero-day attacks.
- Block pop-ups.
- Keep operating systems, browsers, and all other software and hardware up-to-date.
- Make regular backup copies of system files and work files.
- Do not use public Internet access points (e.g., Internet cafes, public wi-fi hotspots (airports), etc.) to access online accounts or personal information.
What can I do to look for signs of a potential problem?
- Make a note of any changes in the performance of your computer such as:
- A dramatic loss of speed
- Changes in the way things appear
- Computer locks up so the user is unable to perform any functions
- Unexpected rebooting or restarting of your computer
- An unexpected request for a one time password (or token) in the middle of an online session
- Unusual pop-up messages
- New or unexpected toolbars and/or icons
- Inability to shut down or restart your computer
- Warning messages from your anti-virus software that alert you to potential viruses
- Run regular virus and malware scans of your computer’s hard drive
What do you do if you think you are a victim?
- If you believe your financial accounts may be compromised, contact the bank immediately to disable online banking access and to take other steps to minimize the financial impact to your business.
- If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission. You can also file a complaint with the FBI's Internet Crime Complaint Center at www.ic3.gov.
Visit http://www.us-cert.gov/cas/tips/ for more security guidelines