Corporate Account Takeover/Business Email Compromise

Corporate Account Takeover

Corporate Account Takeover occurs when cyber thieves gain unauthorized access to a business account - often through the theft of online credentials or by hijacking an online session - and inititiate transactions, change contact information, and gather information on the account's history to commit other crimes.

Businesses of all types and sizes are attractive targets for cyber criminals as they traditionally carry higher balances than retail accounts. Employees often serve as entry points into the company's networks by unknowingly providing their access credentials through phishing sites or by downloading malware onto the system after clicking on malicious links or opening infected attachments. Employees and businesses of all sizes are targeted through phishing and other social engineering attacks in order to download and spread malware that will allow unauthorized access to financial accounts and other sensitive information. Fraudsters also target senior executives in Business Email Compromise scams in order to gain access to the executive's legitimate email account, impersonate them, and direct employees to conduct wire transfers or payment transactions on their behalf.

Business Email Compromise

A current scam targeting corporate clients is Business Email Compromise in which a legitimate business email account is compromised through social engineering or computer intrusion techniques to impersonate an executive and conduct the unauthorized transfers of funds. The key to reducing the risk from BEC is to understand the criminals' techniques and deploy effective payment risk mitigation processes. (See the News and Resources section below for more information.)

Losses associated with these frauds can be substantial and devastating to the business. As banks have implemented controls to detect, prevent and respond to these frauds, businesses must do the same. Banks play an important role in this partnership by educating their corporate clients on the evolving risks, providing them with tips to identify these threats, and ensuring the customers take advantage of security controls offered by the bank to protect them.

ABA Position

ABA is committed to addressing this issue through its participation on various collaborative working groups involving other industry associations, regulators, and law enforcement. As a participant within the Financial Services Information Sharing Center’s (FS-ISAC) Account Take Over Task Force (ATO-TF), the ABA assisted in the development of resources designed to educate banks and their retail and corporate clients about this fraud.  See the “Publications” section for more information.

News

Regulatory Guidance

Publications

​Questions? Please contact Heather Wyson-Constantine for additional information.

 

 ABA Staff Contact

 
 

 ABA Products & Resources