Corporate account takeover is a type of fraud where thieves gain access to a business’ finances to make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable.
The best way to protect against corporate account takeover is a strong partnership with Community State Bank. Work with Community State Bank to understand security measures needed within the business and to establish safeguards on the accounts that can help the bank identify and prevent unauthorized access to your funds.
- Educate your employees. You and your employees are the first line of defense against corporate account takeover. A strong security program paired with employee education about the warning signs, safe practices, and responses to a suspected takeover are essential to protecting your company and customers.
- Protect your online environment. It is important to protect your cyber environment just as you would your cash and physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated virus protection on your computer. Use complex passwords and change them periodically.
- Partner with Community State Bank to prevent unauthorized transactions. Talk to your bank about programs that safeguard you from unauthorized transactions. Device authentication, multi-person approval processes, and batch limits help protect you from fraud.
- Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop-ups, and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
- Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your bank if you have any questions about your responsibilities.
Industry and Law Enforcement Warning to Businesses on Business Email Compromises
Several warnings were released to raise awareness regarding an increase in phishing scams targeting businesses in an attempt to compromise their accounts. Known as Business Email Compromise, this scam is conducted by cybercriminals who compromise legitimate business email accounts to impersonate executives and conduct the unauthorized transfers of funds.
The following alerts outline the various versions of the scam, identify characteristics of the complaints received by law enforcement, and provide recommended mitigation tips: