Skip to main content Skip to main content

The CityCentre lobby is temporarily closed, but the drive in is open.

[bgimage]

Corporate Account Takeover (CATO) Awareness

Companies are increasingly at risk of attack online. Businesses across the United States have suffered large financial losses from Corporate Account Takeovers with the vast majority of cyber thefts beginning with the thieves compromising the computer(s) of the business account holders.

Texas Gulf Bank helps protect our business clients’ and their efforts to protect themselves from identity theft and financial fraud by implementing protective business practices. Texas Gulf Bank is dedicated to safeguarding our Online Banking access and our clients’ sensitive information.

What Is Corporate Account Takeover (CATO)?
Corporate Account Takeover occurs when cybercriminals infiltrate a company’s network and steal credentials used for online banking. Once access is obtained, attackers can initiate unauthorized transactions – often through Wire Transfers or ACH (Automated Clearing House) payments – transferring funds to accounts under their control.

Three Key Steps to Defend Against CATO

1. PROTECT Your Business
Businesses play a critical role in preventing cybercrime. These proactive safeguards can help reduce the likelihood of compromise:

Educate Employees
Conduct regular security training on phishing, password safety, and suspicious activity recognition.

Protect your computers and devices:
Make sure all your computers, laptops, and tablets have trusted antivirus or anti-malware software installed and keep it updated. This helps block viruses, scams, and hackers.
You can also use tools like EDR (Endpoint Detection and Response), which are smarter security tools that can detect and stop threats before they cause damage.

Examples of tools you might use:
*Antivirus/Anti-malware
Norton, McAfee, Malwarebytes, Windows Defender
*EDR software
CrowdStrike, SentinelOne, Microsoft Defender for Endpoint
*Use Strong Passwords & MFA
Require complex, unique passwords and turn on multi-factor authentication for all key systems.
*Control Admin Access
Only allow software installations or changes with IT approval.
*Use Secure Devices
Do online banking only from dedicated devices – no browsing or email on them.
*Protect Your Network
Keep firewalls, routers, and Wi-Fi up to date. Use business-grade security with threat detection.
*Add Payment Controls
Require dual approval and out-of-band verification (like callbacks or text alerts) for outgoing wires and ACH.
*Get Expert Help
Work with cybersecurity pros for testing and improving your security setup.

2. DETECT Unauthorized Activity
Early detection is vital to minimize damage. Businesses should actively monitor for red flags and anomalies such as:
*Unusual Online Banking Behavior
Watch for signs like login failures, unexpected one-time password requests, or session terminations labeled as “maintenance.”
*Computer Irregularities
Be alert for slow performance, unexpected restarts, new pop-ups or toolbars, system crashes, or unknown software installations.
*Suspicious Contact Attempts
Watch for emails, calls, or texts impersonating the bank or vendors, especially those urging remote access, credential updates, or immediate action.

Reminder: Texas Gulf Bank will never call, text, or email you asking for your username, password, or security credentials. If you receive a suspicious message, call us directly using the phone number listed on our website.

3. RESPOND Quickly and Effectively
In the event of a suspected takeover, a swift and structured response can help contain the threat. Ensure your business has a formal Incident Response Plan that includes:
*Key Contacts:
Maintain a current list of bank contacts for online banking support, including a 24/7 emergency number: 713-595-7461
*Immediate Containment Actions
Immediately change passwords, disconnect affected devices from the internet, and pause outgoing transactions pending review.
*Documentation
Document all events, timestamps, involved individuals, and capture screenshots of suspicious activity when possible.
*Engage Third Parties
Notify your cybersecurity provider and insurance carrier, and fully cooperate with law enforcement and forensic investigators.

*Review and Strengthen
Assess the root cause, update security protocols, and retrain staff as needed.

*Additional Considerations
Although implementing security controls for banking and customer information is a good business practices, there may be specific state, federal, or industry regulations or guidelines that require dedicated controls or procedures to be in place in your company’s industry. Businesses should ensure they are complying with such requirements.

Additional Resources
Here are additional resources to consider when developing an information security program for your
company:
*Strengthen Your Cybersecurity
*Your Cybersecurity HQ

The Texas Gulf Bank website uses cookies to deliver the best user experience. By using our site, you agree to our cookie policy. Find Out More Here