How to Avoid Corporate Account Takeover (CATO)

What is CATO?

CATO is a type of fraud where thieves gain electronic access to a business’s bank accounts and conducts unauthorized transactions. The criminals gain electronic access by stealing confidential security credentials from employees who are authorized to conduct electronic transactions on business bank accounts. Losses from this cyber-crime can be substantial.  It has become a growing and serious threat for businesses, schools, and municipalities of all sizes. And it has allowed cyber thieves to steal millions of dollars from unsuspecting organizations of all sizes.  With CATO, cyber thieves are able to take control of company computers and confidential banking information to infiltrate accounts and transfer funds to their own accounts.

How do they do it?

There are several methods being employed to steal confidential security credentials. Phishing mimics the look and feel of a legitimate financial institution’s website, e-mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution.

A second method is Malware that infects computer workstations and laptops via infected e­ mails with links or document attachments. In addition, malware can be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of malware. The malware installs key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website.

Other viruses are more sophisticated. They alert the perpetrator when the legitimate user has logged onto financial institutions website, then trick the user into thinking the system is down or not responding. During this perceived downtime, the perpetrator is actually sending transactions in the user’s name.

Know the warning signs.

How do you know if your company’s computer systems may have been comprised? Here are some warning signs:

• Dramatic loss of computer speed
• Differences in the way things appear on the screen
• Freezing or locking up of computer screens
• Unexpected rebooting or restarting
• Unexpected request for a token pass-code in the middle of an online session
• Unusual pop-up messages, especially a message in the middle of an online banking session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
• New or unexpected toolbars and/or icons
• Inability to shut down or restart the computer
• Unusual business account activity

What you can do to protect your organization.

While any business can become a victim of a CATO, organizations that do not have strong Internet security policies are most vulnerable. There are, however, some steps you can take to reduce your company’s chances of being victimized:

• Review risky behavior with employees, especially when opening unsolicited emails.
• Educate employees on what suspicious websites and malicious “computer optimization” software looks like.
• Review bank account activity carefully and regularly.
• Limit administrative rights.
• Separate banking responsibilities. For example, have one employee initiate ACH and wire transfers from one computer and another employee approve transactions on another computer.
• Install and maintain anti-virus, anti-malware and anti-spam programs that periodically scan file systems.
• Ensure that programs are consistently updated through an organized patching process.
• Encrypt hard drives if possible, and if not, encrypt important documents including those containing sensitive information.
• Create strong passwords (at least eight characters long and includes a mix of upper and lowercase letters, numbers, and special characters). Do not use the same online banking password for everything.
• Never leave a computer unattended while using any online banking service. Always lock computers when unattended.
• Never access bank, brokerage or other financial services information at Internet cafes, public libraries, airports, etc.

Immediately report suspicious activity to Seamen’s Bank.

After notification of an incident, Seamen’s Bank will assist with:

• Disabling online access to accounts
• Changing online banking passwords
• Opening new account(s) as appropriate
• Assisting with review of all recent transactions and electronic authorizations on the account(s)
• Confirming no one has requested an address change, check reorder, debit card order or other information be sent to a different address

Be assured, at Seamen’s Bank, we use the highest level of security to protect your account and personal information while banking online. To learn more about other ways you can protect your business, visit https://www.mass.gov/service-details/frequently-asked-questions-about-corporate-account-takeovers.