Corporate Account Takeover Protecting Your Business From Financial - - PowerPoint PPT Presentation

corporate account takeover
SMART_READER_LITE
LIVE PREVIEW

Corporate Account Takeover Protecting Your Business From Financial - - PowerPoint PPT Presentation

Dec 29, 2022 21 likes •256 views

Corporate Account Takeover Protecting Your Business From Financial Fraud Legal Notice This presentation is for informational purposes and is not intended to provide legal advice. The guidance included is not an exhaustive list of actions, and

slide-1
SLIDE 1

Corporate Account Takeover

Protecting Your Business From Financial Fraud

slide-2
SLIDE 2

Legal Notice

This presentation is for informational purposes and is not intended to provide legal advice. The guidance included is not an exhaustive list of actions, and security threats change constantly.

slide-3
SLIDE 3

Do you do any of the following?

  • Originate ACH Credits – Direct Deposit Payroll
  • Originate ACH Debits – Direct Billing
  • Use Online Bill Pay
  • Use Wires – Domestic and/or International
  • Use Business Credit Cards

You could be at risk for Corporate Account Takeover…

slide-4
SLIDE 4

What is Corporate Account Takeover?

  • When cyber-thieves gain control of a business’ bank account by

stealing the business’s valid online banking credentials - such as usernames, passwords, authentication questions & answers, security keys.

  • Thieves can then initiate transfers via the online payment systems

business utilizes to send ACH payments, wire transfers, or other transfers to the thieves’ own accounts.

slide-5
SLIDE 5

Dissecting a CATO Attack

Target Victims Install Malware Online Banking Collect & Transmit Data Initiate Funds Transfer(s)

1 2 3 4 5

Criminals target victims by way of phishing, spear phishing or social engineering techniques. The victims unknowingly install malware on their computers,

  • ften including key logging and

screen shot capabilities. The victims visit their online banking website and logon per the standard process. The malware collects and transmits data back to the criminals through a backdoor connection. The criminals leverage the victim’s online banking credentials to initiate a funds transfer from the victim’s account.

slide-6
SLIDE 6

Common Techniques

  • Phishing – use email to obtain the information necessary to

steal an identity or cause the user to download malware.

  • Fake Popups – popups that appear to be legitimate, but install

malware.

  • Compromising Legitimate Sites – these sites look safe, but may

hide malicious code.

  • Exploitation of Software Vulnerabilities – use weaknesses in

software applications to gain access to system information and resources.

slide-7
SLIDE 7

Phishing Ploys

  • Email attachments – often .zip or .pdf files
  • Fake friend requests
  • Approved loan requests
  • Problems with a shipment
  • Better Business Bureau complaints filed against a business
  • Online account issues requiring entry of account information
  • Bank account issues – missing information, incomplete transfers, etc.
  • Subpoena notifications
slide-8
SLIDE 8

Phishing Ploys | Fake Bank Message

slide-9
SLIDE 9

Phishing Ploys | Fake Bank Message

slide-10
SLIDE 10

Phishing Ploys | Fake UPS Message

slide-11
SLIDE 11

Phishing Ploys | Fake Popup

slide-12
SLIDE 12

Phishing Ploys | Legitimate Message

slide-13
SLIDE 13

Protect, Detect and Respond

  • Education & prevention program developed by:

 US Secret Service (USSS)  FBI  Financial Services – Information Sharing & Analysis Center (FS-ISAC)  Internet Crime Complaint Center (IC3)

  • Delineates a security framework for business owners to follow
  • Many solutions are commercially reasonable for both small &

large businesses

slide-14
SLIDE 14

Protect | Educate All Employees

  • Don’t automatically click on email attachments or links
  • If the message appears to be from a legitimate source, contact the

business or organization through other ways:

 Call the business at a number known to be authentic  Go to the business’ legitimate website

  • Employ IT security best practices:

 Use strong passwords  Change passwords often – typically every 30-60 days  Don’t share passwords  Lock workstations when stepping away

slide-15
SLIDE 15

Protect | Enhance Network Security

  • Restrict capabilities on individual workstations:

 No administrative privileges  No web browsing or email capabilities on computers used for online banking or to access other online payment systems

  • Use spam filters
  • Install & maintain real-time anti-virus & anti-malware detection

and removal software

  • Enable desktop firewalls
  • Install & maintain a network firewall
  • Change the default passwords on all network devices
slide-16
SLIDE 16

Protect | Enhance Network Security

  • Install security updates on all operating systems and applications

as they become available

  • Keep all operating systems, browsers & applications up-to-date
  • Make regular backup copies of system & work files
  • Encrypt sensitive folders
  • Don’t use public Internet access points (e.g. wifi at restaurants,

hotels, airports, etc.) when accessing accounts or other personal information

  • Keep abreast of cyber threats
slide-17
SLIDE 17

Protect | Enhance Banking Security

  • Initiate ACH and wire transfers under dual control using two

separate computers

  • Ask your financial institution about “out-of-band” verification

methods such as call backs, SMS texts, and batch limits

  • Contact your financial institution immediately if you encounter

a message that the system is unavailable

slide-18
SLIDE 18

Detect

  • Monitor and reconcile accounts at least once a day
  • Discuss options offered by your financial institution to help detect
  • r prevent out-of-pattern activity
  • Note any changes in your computers’ performance
  • Pay attention to anti-virus or other warnings
  • Be on the alert for rogue emails
  • Run regular virus & malware scans on all hard drives
slide-19
SLIDE 19

Detect | Anti-virus Warning

slide-20
SLIDE 20

Respond | Take Immediate Action

  • If suspicious activity is detected, immediately cease all online

activity and remove any computer systems that may be compromised from the network

  • Make sure your employees know how and to whom to report

suspicious activity

  • Immediately contact your financial institution(s) in order to:

 Disable online access to accounts  Change online banking passwords  Open new account(s) as appropriate  Request a review of transactions  Request a review of online banking accounts to determine if information was changed or new users were added

slide-21
SLIDE 21

Respond | Next Steps

  • Maintain a written chronology of what happened, what was lost,

and the steps taken to report the incident – make sure to notify:

 Your financial institution(s)  Agencies such as the Federal Trade Commission or IC3  All consumers that were affected by the fraud  Any other businesses or organizations that may have been impacted

  • File a police report
  • Implement a contingency plan for recovering systems suspected
  • f compromise
  • Consider whether other company or personal data may have

been compromised

  • Report exposures to PCI DSS if you accept credit/debit cards
slide-22
SLIDE 22

Websites to Know

  • IC3 | www.ic3.gov
  • Your FBI field office | www.fbi.gov/contact-us/field/field-offices
  • Your USSS field office | www.secretservice.gov/field_offices.shtml
  • USSS Electronic Crimes Task Force | www.secretservice.gov/ectf.shtml
  • PCI DSS | www.pcisecuritystandards.org/security_standards/pci_dss.shtml
  • Federal Trade Commission | business.ftc.gov
slide-23
SLIDE 23

Learn More

  • IC3 | CATO Fraud Advisory
  • NACHA | Corporate Account Takeover What You Need to Know
  • NACHA | Sound Business Practices to Mitigate Corporate Account Takeover
  • Federal Communications Commission | Small Business Cyber Planner
  • US Chamber of Commerce | Internet Security Essentials for Business
  • Better Business Bureau | Data Security Made Simpler
  • National Cyber Security Alliance | STOP. THINK. CONNECT. Campaign