CORPORATE ACCOUNT TAKEOVER
At United Community Bank we are committed to your security and want to make you aware of an evolving electronic crime.
What is Corporate Account Takeover?
Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Corporate account takeover is a growing threat for small businesses. It is important that businesses understand and prepare for this risk.
Cyber thieves target employees through phishing, phone calls, and even social networks. It is common for thieves to send emails posing as a bank, delivery company, court or the Better Business Bureau. Once the email is opened, malware is loaded on the computer which then records login credentials and passcodes and reports them back to the criminals.
How does Corporate Account Takeover Work?
• Criminals target victims by scams
• Victim unknowlingly installs software by clicking on a link or visiting an infected Internet site
• Fraudsters begin monitoring the account
• Victim logs onto their Online Banking
• Fraudsters Collect Login Credentials
• Fraudsters wait for the right time and then they hijack the session and send the victim a message that Online Banking is temporarily unavailable.
Where does it come from?
• Malicious websites, including Social Networking sites
• P2P Downloads (e.g. LimeWire)
• Ads from popular websites
What can a Business do to PROTECT?
• Provide Security Awareness Training to Employees
• Secure your Computer and Networks
• Limit Administrative Rights (Do not allow employees to install any software without receiving prior approval.)
• Install and Maintain Spam Filters
• Surf the Internet Carefully
• Install and maintain up-to-date commercial Anti-virus and desktop firewall software on all computer systems
• Utilize routine and "red-flag" reporting for transaction activity
• Install Routers and Firewalls to prevent unauthorized access to your computer or network. Change the default passwords on all network devices.
• Install Security updates to Operating Systems and all applications as they become available
• Use the latest versions of Internet browsers, such as Internet Explorer, Firefox or Google Chrome with "pop-up" blockers enabled
• Do not open attachments from e-mail. Be on the alert for suspicious emails.
• Never access Bank Accounts at Internet Cafes or from public wi-fi hotspots (airports, etc)
• Use a dedicated computer for financial transaction activity
• Initiate ACH and Wire Transfer payment under dual control (Example: One person authorizes the creation of the payment file and the second person authorizes the release of the file)
• Reconcile Accounts Daily
• Note any changes in the performance of your Computer. Dramatic loss of speed, computer lock up, unexpected rebooting, unusualy popups, etc.
• Make sure that employees know how to and to whom to report suspicious activity to at your Company and the Bank.
Contact the Bank immediately at 866.505.3736 if you:
• Suspect a Fraudulent Transaction
• If you are trying to process an Online Wire or ACH Batch and you receive a maintenance page
• If you receive an email claiming to be from United Community Bank and it is requesting personal/company information.