Corporate Account Takeover

In May 2010, Golden State Bridge, an engineering and construction company based in Martinez, Calif., was robbed of more than $125,000 when cybercriminals hacked into its bank account. The hackers made two automated clearinghouse batch transactions with the office manager’s user name and password, routing stolen money to eight other banks across the country. Ann Talbot, Golden State’s chief financial officer, learned later that the office manager had violated policy by visiting a social networking site, which the company believed was how her computer was infected with malicious software, or “malware,” that antivirus software did not detect.

A California escrow firm was forced to take out a high-cost loan to pay back $465,000 that was stolen when hackers hijacked the company’s online bank account. Computer criminals broke into the network of Redondo Beach-based Village View Escrow, Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm. Owner Michelle Marisco said her financial institution at the time, Professional Business Bank of Pasadena, California, normally notified her by e-mail each time a new wire was sent out of the company’s escrow account. However, the attackers apparently disabled that feature before initiating the fraudulent wires.

What to do if your business is victimized by CATO:

• Immediately shut down computer systems that may be compromised, and disconnect those systems from Internet access.
• If you suspect your business account has been a victim of a Corporate Account Takeover, please contact BankFive at 774-888-6100 and immediately take the following actions:
  • Disable online access to accounts.
  • Change online banking passwords.
  • Request that the bank's security and auditing departments review all recent transactions and electronic authorizations involving the account(s) in question.
  • Ensure that no one has requested an address change, or re-ordered checks and/or debit cards to be sent to a different address.
• Maintain a written chronology of what happened, what was lost, and the steps taken to report the incident to the bank and any other parties, such as authorities and firms that could be impacted. Record the date, time, telephone number, person spoken to, and any other relevant information.
• File a report with the police and any other relevant investigative agency regarding the intrusion. Having a police report on file will help when dealing with the bank, insurance companies, and any other parties who have been notified of the fraudulent activity.

• Educate your employees at least annually about online fraud and how to prevent it. Review risky online behavior, such as visiting social media websites and opening unsolicited e-mails and e-mail attachments. Show employees examples of suspicious websites and malicious software. New employees should receive this information shortly after joining your company.
• Monitor accounts daily and pay particular attention to wire transfers and ACH transactions.
• Reconcile accounts daily.
• Change passwords at least monthly. Use strong passwords that include a combination of symbols, numbers, and letters. Use a different password for each account, and don’t save passwords to a computer.
• Be aware that BankFive will never ask a customer for sensitive information, such as user ID or password, over the phone or in an e-mail.
• Instruct employees to never use a public computer or public Wi-Fi network to access the business’ online systems.
• Log out of computers when not in use.
• Equip all computers with the latest security and anti-virus software.
• Install security updates promptly.
• Ensure that adequate firewalls are in place.
• Do not allow automatic login features, such as those that save login IDs and passwords for future use.
• Restrict administrative rights to computers.

• Federal Communications Commission: 10 Cybersecurity Strategies for Small Businesses
• Better Business Bureau: Data Security Made Simpler