Corporate Account Takeover Fraud
First identified in 2005, Corporate Account Takeover is a type of corporate identity theft in which cyber thieves steal business’ valid online banking credentials or hijack browser sessions to access a customer’s account. Once the cyber thief gains access to an account, they can conduct unauthorized transactions, change contact information, and gather information on the account’s history to commit other crimes.
In the beginning, banks were targeted for this fraud; however, as banks have strengthened their security, the cyber thieves set their sights on a new target: the corporate customer. Cyber thieves target employees and businesses of all sizes through phishing and other social engineering attacks with the goal of enticing them to download and spread malware that will allow unauthorized access to financial accounts and other sensitive information.
Banks must protect themselves by increasing internal awareness of this fraud, enhancing the ability to monitor for and detect it, and developing a response plan to address it. Most importantly, since banks cannot control the security of their customers’ devices, they must work to educate their clients of the risks and how they can protect themselves.
ABA is committed to addressing this issue through its participation on various collaborative working groups involving other industry associations, regulators, and law enforcement. As a participant within the Financial Services Information Sharing Center’s (FS-ISAC) Account Take Over Task Force (ATO-TF), the ABA assisted in the development of resources designed to educate banks and their retail and corporate clients about this fraud. See the “Publications” section for more information.
= ABA Members Only
ABA Endorsed Solutions
Updated: January 10, 2013