I was just reading a newsletter from Comerica Bank with this topic discussed, and thought I’d share their information as it is very valuable.
“Account Takeover” is one of the largest fraud risks that banks are seeing among business customers. There are two ingredients required: (1) online access from a business computer, and (2) an employee not savvy enough to protect your business information.
Fraudsters trick the employees by:
- Social engineering like accepting a fake friend request from a social networking site
- Visiting a site where malicious software (malware) is unknowingly installed on your computer
- Spear phishing where a fraudulent e-mail that looks like it’s from a trusted source contains a bogus file attachment
Overall, it’s the fraudster’s goal to get your employee to open an infected file attachment or click on a link, which ultimately loads malware that captures your legitimate online credentials – and initiate a transfer from your account.
Account takeover is when criminals gain access to your bank account by stealing the valid online banking credentials of customers. The criminal’s process is:
- Target Employees
- Install Malware
- Get Access to Online Banking
- Collect and Transmit Data
- Initiate Funds Transfers
Thinking about this information, I felt there was more to share, so I’m listing additional comments. I am very aware of bogus e-mails and my employees know not to click any links (even those that appear to be valid). So what can you do to protect yourself?
- Limit access to online banking credentials to only those who absolutely need to know them. Set up “read only access” for those who review information but don’t need to create any transactions.
- Make sure employees know not to click any links in e-mails.
- If they are not sure if the e-mail is valid, log in directly to your bank and look for messages posted directly in the site
- Have a good virus software that scans for malware daily (this won’t prevent a takeover if they immediately use the information they get to access your account, however)
If you do find your account has been taken over contact your bank immediately and change all login information.
Be aware of scams to get your banking information, and make sure your staff understands all the ways fraudsters try to gain access to your account. Knowledge is the key to protecting yourself.
Candy
