Corporate Account Takeover Awareness
Companies are increasingly at risk of attack online. Businesses across the United States have suffered large financial losses from Corporate Account Takeovers with the vast majority of cyber thefts beginning with the thieves compromising the computer(s) of the business account holders. Texas Gulf Bank helps protect our business clients’ and their efforts to protect themselves from identity theft and financial fraud by implementing protective business practices. Texas Gulf Bank is dedicated to safeguarding our Online Banking access and our clients’ sensitive information.
What is Corporate Account Takeover?
Corporate Account Takeover (CATO) occurs when cyber criminals gain access to your computer systems and steal your online banking information. The thieves can then use this information to initiate fraudulent Wire Transfer and ACH (Automated Clearing House) transactions to accounts they now control.
Three Steps to Fight Back Against CATO
Business customers can help minimize the likelihood of a Corporate Account Takeover or other security incidents by incorporating the following practices into regular business operations:
- Education is key – Train your employees
- Secure your computer and networks – Install and maintain routers and firewalls including spam filters
- Update your anti-virus and anti-malware programs frequently
- Communicate to employees that passwords should be strong and not stored on the device used to access your online banking
- Limit Administrative Rights – Do not allow employees to install any software without prior approval
- Browse and surf the Internet carefully and responsibly
- Adhere to suggested dual control procedures for Wire/ACH transactions
- Use dedicated and isolated devices to originate and transmit Wire/ACH transactions
- Adopt advanced security measures by working with security specialists and additional resources to help build your company’s information security program
DETECT Unauthorized Access
Early detection of a security incident is critical to minimizing losses. In order to identify any unusual activity, account holders should monitor and reconcile account activities at least daily. In addition, account holders should be on alert for red flags related to computer and network anomalies. These signs include, but are not limited to, the following:
- Inability to log in to online banking (thieves could be blocking customer access so the customer won’t see the theft until the criminals have control of the account funds)
- Dramatic loss of computer speed
- Changes in the way things appear on the screen
- Computer locks up so the user is unable to perform any functions
- Unexpected rebooting or restarting of the computer
- Unexpected request for a one-time password (or token) in the middle of an online session
- Unusual pop-up messages, especially a message in the middle of a session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc)
- New or unexpected toolbars and/or icons
- Inability to shut down or restart the computer
Attackers may also attempt to contact account holders to obtain sensitive information or compromise your systems. Examples of these methods include, but are not limited to, the following:
- Attackers may send electronic messages or inquiries pretending to be from Texas Gulf Bank or other organizations. These messages may ask employees to install software or provide account information. These requests are likely fraudulent and should be verified before any files are opened, software is installed, or information is provided.
- Attackers may make phone calls and or send text messages or emails requesting sensitive information. Texas Gulf Bank will never call, email, or text a customer asking for sensitive information such as User ID’s and passwords. If in doubt, contact Texas Gulf Bank at 800-467-7216 to talk to a customer service member. Account holders should not call phone numbers that are listed in a suspicious email or text message.
RESPOND to an Attack Immediately
If an incident occurs, having established procedures and an Incident Response Plan is crucial to help minimize losses. Such a plan provides guidelines for employees to know what to do and who to contact for help. At a minimum the plan should include the following:
- The direct contact numbers of key bank employees who can provide online banking support in the event of a compromise (including the following after-hours number that is available 24-hours a day/7 days a week: 713-595-7461). These numbers were communicated to commercial customers upon enrolling in Online Banking and is included in the delivery of annual educational CATO training to all Commercial Online Banking customers.
- Steps to limit further unauthorized transactions such as:
- Changing passwords
- Disconnecting computers used to internet banking
- Requesting a temporary hold on all other transactions until out-of-band confirmations can be made
- Requirements for gathering and documenting information about what happened to assist the bank in its response to the compromise and to help in recovering funds
- Steps to contact your insurance carrier
- Procedures for working with computer forensics specialists and law enforcement
Although implementing security controls for banking and customer information is a good business practices, there may be specific state, federal, or industry regulations or guidelines that require dedicated controls or procedures to be in place in your company’s industry. Businesses should ensure they are complying with such requirements.
Here are additional resources to consider when developing an information security program for your company: