What is Corporate Account Takeover (CATO)?
Corporate Account Takeover, or CATO, was first identified in 2005 and is a type of business identity theft where malware is utilized to infect account holder’s computers to steal online banking credentials, hijack online banking sessions and commit electronic wire fraud. Listed as #1 on the FDIC fraud threat list, CATO is an extremely prevalent issue. According to a study by the Aite Group, electronic wire fraud cost U.S. organizations over $400 million in 2011, a number that is expected to grow to $800 million by 2016. CATO is not singular to the U.S., in fact, a study which examined Corporate Account Takeover losses over five years in 32 countries reported over $156 billion in losses.
What is malware?
Short for “malicious software”, malware is software designed to infiltrate a computer system without the owner’s informed consent. Examples include viruses, worms, Trojan horses, spyware, dishonest adware, crimeware, etc.
How does it work?
Criminals target unsuspecting business owners or employees through email, malicious websites, ads or links from popular social media sites such as Facebook. Victims unknowingly install software on their computers by clicking on a link in an email or on an infected site. Criminals use this software to monitor the victims’ accounts and steal their log in credentials to internet banking or other key systems. Often these criminals will wait until the right time and, then depending on your controls, they login after hours or if you are using a token, they wait until you enter your code and then they hijack your session and send you a message that internet banking is temporarily unavailable.
Where does it come from?
Malicious websites, including social media sites, Email, ads from popular websites.
Is my public email account secure?
Some experts believe email is the biggest security threat of all. Email has been the fastest, most effective method of spreading malicious software to the largest number of users. A good rule of thumb is to only include information in an email that you would feel comfortable sharing with a stranger.
How do I protect myself?