What is Corporate Account Takeover/Account Takeover?
Account Takeover is a fast growing crime where thieves typically use some form of malware to obtain login credentials to Online Banking accounts and fraudulently transfer funds from the account(s).
What is Malware?
Malware is short for malicious software, software designed to infiltrate a computer system without the owner’s consent. Malware includes computer viruses, worms, Trojan horses, spyware, dishonest adware, crime ware, most rootkits, and other malicious and unwanted software.
How does CATO/ATO work?
There are multiple ways that crooks can initiate an account takeover. They can target their victims with scams, causing them to unknowingly install software by clinking on a link or visiting an infected Internet site. They then start monitoring the system. The victim logs into the Online Banking platform and the fraudsters collect the login credentials. The fraudsters will then wait for the right time and then depending on the set controls—they login after hours or if the victim is utilizing a token they wait until the code is entered and then they will hijack the session and send a message that Online Banking is temporarily unavailable.
How does the money leave the account?
There are many methods that criminals use to accomplish their crime. Domestic and international wire transfers, business-to-business ACH payments, online bill pay, and electronic payroll payments have all been used to commit this crime.
Where does it come from?
Malicious software can come from malicious websites (including Social Networking Sites), E-mail, P2P Downloads (such as LimeWire) or from ads on popular websites.
How can I prevent CATO/ATO?
- Make sure your firewalls are installed and updated on your personal computer
- Do not open any attachments from e-mail and be on alert for suspicious e-mails
- Reconcile your accounts daily
- Note any changes in the performance of your computer—such as dramatic loss of speed, computer locks up, unexpected rebooting, unusual popups etc.
- Make sure your employees know how and to whom to report suspicious activity to at your company and the bank
Contact the bank if you:
- Suspect a fraudulent transaction
- If you receive an email claiming to be from the bank requesting personal or company information
What Fort Davis State Bank does to protect you:
At Fort Davis State Bank we strive to protect our customers from today’s common cyber threats. Our online banking platform has multiple security features integrated for your protection. Rather than being automated, all online access is granted through a customer service representative after thorough identity confirmation. Secure access codes are then required to specific delivery methods to ensure user access. Password requirements are set to increase security for the end user. While we do everything possible to protect your use of our services, always keep the following in mind:
- Never give out your login information to anyone including friends or family and especially to ANY third parties over the phone or by email
- Don’t write your credentials down anywhere
- Always use strong passwords with additional characters and numbers
- Change your password regularly
- Do not store your credentials on browsers or toolbars, malicious software can retrieve this information
- Install and update your firewall frequently
- We will never request any sensitive information via e-mail; if you receive something that looks suspicious, do not reply
Stop Identity Theft–Preserve Your Identity…Recover Your Good Name
As with any crime you can’t guarantee that you will never be a victim, but you can minimize your risk. By managing your personal information wisely, cautiously and with an awareness of the issues, you can help guard against identity theft.
- Don’t give out personal information on the phone, through the mail or over the internet, unless you’ve initiated the contact or are sure you know who you are dealing with.
- Be wary of promotional scams. Identity thieves may use phone offers to get you to give them your personal information.
- Carry only the identification information and the number of credit and debit cards that you’ll actually need.
- Cancel all unused credit accounts.
- Secure personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home.
- Guard your mail from theft by depositing outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox.
- Thwart an identity thief, who may pick through your trash or recycling bins to capture your personal information, by tearing or shredding your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards and credit offers you get in the mail.
- When ordering new checks, pick them up at the bank, rather than having them sent to your home mailbox.
- Keep your purse or wallet in a safe place at work, as well as copies of administrative forms that contain your sensitive personal information.
For additional information and advice, call the Federal Trade Commission (FTC) Identity Theft Hotline toll-free at 1-877-IDTHEFT (438-4338) or visit their ID Theft website: www.consumer.gov/scams.