Building legacies one customer at a time...

Corporate Account Take Over (CATO)

What is Corporate Account Takeover (CATO)?

Corporate Account Takeover, or CATO, was first identified in 2005 and is a type of business identity theft where malware is utilized to infect account holder’s computers to steal online banking credentials, hijack online banking sessions and commit electronic wire fraud. Listed as #1 on the FDIC fraud threat list, CATO is an extremely prevalent issue. According to a study by the Aite Group, electronic wire fraud cost U.S. organizations over $400 million in 2011, a number that is expected to grow to $800 million by 2016.  CATO is not singular to the U.S., in fact, a study which examined Corporate Account Takeover losses over five years in 32 countries reported over $156 billion in losses.

What is malware?

Short for “malicious software”, malware is software designed to infiltrate a computer system without the owner’s informed consent.  Examples include viruses, worms, Trojan horses, spyware, dishonest adware, crimeware, etc.

How does it work?

Criminals target unsuspecting business owners or employees through email, malicious websites, ads or links from popular social media sites such as Facebook.  Victims unknowingly install software on their computers by clicking on a link in an email or on an infected site.  Criminals use this software to monitor the victims’ accounts and steal their log in credentials to internet banking or other key systems.  Often these criminals will wait until the right time and, then depending on your controls, they login after hours or if you are using a token, they wait until you enter your code and then they hijack your session and send you a message that internet banking is temporarily unavailable.

Where does it come from?

Malicious websites, including social media sites, Email, ads from popular websites. 

Is my public email account secure?
 
Some experts believe email is the biggest security threat of all.  Email has been the fastest, most effective method of spreading malicious software to the largest number of users.  A good rule of thumb is to only include information in an email that you would feel comfortable sharing with a stranger.
 
How do I protect myself?

  • Understand the threat and educate your employees.  Instruct employees to report suspicious activity immediately.
  • Reconcile accounts often, no less than monthly.
  • Secure your computer and networks.  Install firewalls and routers to prevent unauthorized access to your computer and network.
  • Install and maintain real time spam filters, anti-virus software and anti-spyware software.
  • Surf the internet carefully and block Pop-Ups.
  • Install security updates to operating systems and all applications as they become available.
  • Do not open attachments from email unless you absolutely trust the source. 
  • Do not trust emails claiming to be from your bank that are requesting personal information.