Corporate account takeover (CATO) is a form of business identity theft which targets small and medium size businesses. This fraud scheme requires the criminal to gain access to the company’s online banking account by introducing malware to an employee’s workstation, or by convincing a company employee to allow a remote support session with the employee’s computer to be established. If the fraudster can access the company’s online banking account, the objective is to transfer funds out of the bank. Company employees are the first line of defense – employee awareness of the CATO threat along with consistent use of basic internal control procedures can minimize the risk of falling victim to this fraud scheme.

Phishing e-mail messages typically include an infected attachment or a link embedded within the message which will introduce malware to the employee’s workstation. The malware is deployed when the recipient opens the attachment or clicks on the link. Proceed with caution when receiving unsolicited e-mail messages or messages from a sender you don’t know. Phishing e-mails typically entice the recipient to take action, but are often awkwardly worded, confusing and suspicious. Cyber thieves distribute thousands of phishing e-mails hoping a recipient’s curiosity will override good judgment. Spread the word to all employees to be on the alert.

Social engineering tactics are often used by cyber thieves to convince an employee to disclose login credentials or even agree to permit a remote support session to be established with the caller to fix a problem affecting their workstation. Remote technical support sessions are a common practice for assisting users who encounter technical problems. Be certain you know exactly who you are dealing with, and understand why a remote support session with your computer workstation is necessary. Spread the word to all employees to be on the alert.

Avoid the use of basic e-mail to send confidential or sensitive information to a recipient. If you must use e-mail, use secure e-mail which employs the use of encryption. It is also prudent to consider encryption of all sensitive business data files and related back up files.

Each business PC workstation should utilize an up-to-date operating system and virus protection, and require complex passwords which expire and must be changed on a periodic basis. Review all application programs which reside on business PC workstations and laptops on a periodic basis.

Some companies restrict online banking access to a specified workstation which contains no applications or files containing non-public customer information to minimize exposure. Avoid accessing online banking from public wifi hotspots (such as coffee shops, hotels, airports, etc.) where the risk of potential vulnerabilities is elevated.

Employ dual control procedures when ACH entries, wire transfers or bill payment transactions are executed to transfer funds to a recipient at an external bank by requiring one employee to create the transaction, and a second supervisory employee to review and approve external funds transfers.

Be alert for any suspicious or unusual activity you encounter and react quickly. Suspicious account activity, or unusual network activity such as screen pop-ups or suspicious emails, are “red flags” worth further investigation. Review company bank account activity on a daily basis, and investigate any suspicious or questionable activity discovered promptly. Cyber criminals hope to target a company employee who is too busy with handling other work tasks to react quickly.