Cybercriminals are targeting businesses with increasingly sophisticated attacks. Criminals use spoofed emails, malicious software spread through infected attachments and online social networks to obtain login credentials to businesses' accounts, transfer funds from the accounts and steal private information, a fraud referred to as "corporate account takeover."
What is Corporate Account Takeover?
Corporate account takeover is a type of fraud where thieves gain access to a business' finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Employees are targeted through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court or the Better Business Bureau. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.
How can I protect my business?
- Employee education is essential. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically.
- Partner with your bank to prevent unauthorized transactions. Talk to your banker about programs that safeguard you from unauthorized transactions. Positive Pay and other services offer call backs, device authentication, multi-person approval processes and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups, and suspicious emails. If detected, immediately contact us at (915) 532-1000 [El Paso] or (575) 323-6040 [Las Cruces], stop all online activity, and remove any systems that may have been compromised. Be sure to keep records of what happened.
Where can I receive additional information?
For additional information, you can also visit the following websites to learn more about how to protect your business:
- Better Business Bureau: Data Security Made Simpler
- Small Biz Cyber Planner (FCC)
- Data Security Made Simpler (Better Business Bureau)