Corporate Account Takeover

What to do if your business is victimized by Corporate Account Takeover (CATO):

  • Immediately shut down computer systems that may be compromised and disconnect those systems from Internet access.
  • If you suspect your business account has been a victim of a Corporate Account Takeover, please contact TFCU at 508-824-6466 and immediately take the following actions:
    • Disable online access to accounts.
    • Change online banking passwords.
    • Request that the credit Union’s security and auditing departments review all recent transactions and electronic authorizations involving the account(s) in question.
    • Ensure that no one has requested an address change, or re-ordered checks and/or debit cards to be sent to a different address.
  • Maintain a written chronology of what happened, what was lost, and the steps taken to report the incident to the credit union and any other parties, such as authorities and firms that could be impacted. Record the date, time, telephone number, person spoken to, and any other relevant information.
  • File a report with the police and any other relevant investigative agency regarding the intrusion. Having a police report on file will help when dealing with the credit union, insurance companies, and any other parties who have been notified of the fraudulent activity.

Steps you can take to help prevent CATO and protect your business:

  • Educate employees on an annual basis about online fraud and how to prevent it. Review risky online behavior, such as visiting social media websites and opening unsolicited e-mails and e-mail attachments. Show employees examples of suspicious websites and malicious software. New employees should receive this information shortly after joining your company.
  • Monitor accounts daily and pay attention to wire transfers and ACH transactions.
  • Reconcile accounts daily.
  • Change passwords at least monthly. Use strong passwords that include a combination of symbols, numbers, and letters. Use a different password for each account, and don’t save passwords to a computer.
  • Be aware that TFCU will never ask a member for sensitive information, such as user ID or password, over the phone or in an e-mail.
  • Instruct employees to never use a public computer or public Wi-Fi network to access the business’ online systems.
  • Log out of computers when not in use.
  • Equip all computers with the latest security and anti-virus software.
  • Install security updates promptly.
  • Ensure that adequate firewalls are in place.
  • Do not allow automatic login features, such as those that save login IDs and passwords for future use.
  • Restrict administrative rights to computers.

Comments are closed.