Financial Literacy

Corporate Account Takeover (CATO) is a type of business identity theft where cyber thieves gain control of a business’ financial accounts by stealing sensitive employee credentials and information. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled and owned by the thieves.  Typically thieves access a computer by installing malware that can infect a computer through email or websites.  Phishing is another way thieves can obtain sensitive information.  Phishing mimics the look and feel of a legitimate financial institution’s website or email and prompts users to provide their credentials without knowing the information is being stolen.

To limit the Risk of Corporate Takeover Business Customers should do the following:

• Reconcile your transactions daily.
• Review risky behavior with employees, especially when opening unsolicited emails
• Educate employees on what suspicious websites and malicious software looks like.
• Minimize the number of machines used for online banking
• Always lock computers when unattended
• Install and Maintain Spam Filters
• Install and Maintain Anti-Virus Software
• Encrypt hard drives if possible, and if not, encrypt important documents including those containing sensitive information.
• Use routers and firewalls to prevent unauthorized access
• Activate Pop-Up Blockers
• User strong password
• Do not share credentials
• Do not use public wireless  or unsecured networks to access online banking
• Monitor bank activity daily
• Use Multi-Layer Security
• Contact the bank immediately if you suspect fraudulent activity

Remember the bank will never contact you requesting personal/company information

Action Steps for Businesses if a breach is suspected:
Cease all online activity and remove any compromised systems from the network.
Ensure all proper authorities are contacted, such as senior management at your firm, information technology personnel, banking institutions, and the police.
Maintain a written log of events that have transpired since abnormal activity was detected.
Consider what kind of data might have been accessed by the intruding party.
File a police report and provide any facts known about the circumstances surrounding the loss.
Have a contingency plan in place to recover systems that are suspected to have been breached.
Contact insurance carrier

Resources can be found at:

U.S. Chamber of Commerce, Internet Security Essentials: https://www.uschamber.com/CybersecurityEssentials

U.S. Chamber of Commerce, Strategies for Small Businesses: https://www.uschamber.com/sites/default/files/legacy/issues/defense/files/10_CYBER_Strategies_for_Small_Biz.pdf

Better Business Bureau, 5 Steps to Better Cybersecurity: https://www.bbb.org/council/for-businesses/cybersecurity/

Identity theft is the unlawful use of another person's personal information such as social security number, credit card number, date of birth, and mother's maiden name to make illegal purchases, withdrawals, or open new accounts in their name.

Some of the most common methods of identity theft include credit card or other financial institution fraud, phone or utility service theft, and the taking of government documents or benefits. One way in which you can help stop these activities and make our financial institutions safer is to protect your account information from thieves and unauthorized users.

Always be cautious of unsolicited emails (spam) from unknown senders who request your personal information. Email is not a secure form of communication and should never include any of your confidential information.

• Never provide any personal information, including you Social Security number, account numbers or passwords in response to an unsolicited internet request or phone call.
• Do not open any emails, download any files, nor click on any links from senders you do not recognize.
• Never access a website from a link provided in an email.
• Never reply to an email that asks for personal information or is marked "urgent" or "time sensitive".
• Change your password every 60 days.
• Do not use the same user name and password for multiple accounts.
• Review your account statements regularly and watch for any unusual activity.
• Keep your computer updated with the latest version of anti-virus software.
• Increase the security setting on your browser to prompt you whenever a web site attempts to install a new program.
• Avoid downloading software from unknown sources.
• Maintain all patches, or upgrades, to your operating system and browsers.
• Turn on “pop-up blockers” within your browsers.
• If possible, add a “firewall” to your computer or system.
• Be aware that fraudulent emails are often badly written and include misspellings and poor grammar.
• Do not fall victim to online auction, paying agent, lottery, secret shopper or similar scams. Be cautious if you receive a check or deposit accompanied by an instruction to transfer a portion of the money to someone else.
• Be cautious of any intimidating emails or callers who suggests dire consequences if you do not immediately provide or verify your personal financial information.
• Shred all documents that contain your Social Security number or bank account number.
• Use a U.S. Postal Service drop box rather than your curbside mailbox when mailing bill payments or other personal information.
• Contact your creditors if you are not receiving your billing statements in a timely fashion.
• Obtain your credit report annually from each of the three major credit bureaus.