Over the last 20 years, the face of crime for America’s businesses has changed considerably.
Last week, reports surfaced that the software used for the Target data breach was sold by a Russian teenager. Yes, a teenager. It’s a significant revelation in what is becoming an important wake up call for businesses everywhere. As the December security breaches of Target and Neiman Marcus showed us, criminals—regardless of their age and location—are taking advantage of today’s digital infrastructure to commit crimes on a much larger scale than would have ever been imagined decades ago.
And, while the December security breaches have received widespread media attention, as they should, a similar type of crime is impacting America’s businesses everyday—corporate account takeover.
What is corporate account takeover?
Corporate account takeover occurs when thieves gain access to a business’s banking information by stealing online banking user credentials and passwords. Once they have the login information, they then initiate ACH transfers to accounts at other banks, often held by money mules.
The money mules then withdraw the funds and transfer them (via Western Union or a similar transfer service) to the criminals (usually in a different country). Once the money leaves the country, it’s gone forever.
Sounds like something in a movie, right? Unfortunately, corporate account takeover is more like a bad reality TV game show, except in this show, the bad guy usually wins. Not even the judges on American Idol can save a victimized business.
How could criminals gain access to my online banking credentials?
The criminals committing this type of crime are pretty smart. They typically target small-to-medium-sized businesses because they tend to carry higher balances than individuals. Plus, large corporations usually have higher levels of security in place to prevent such compromises. It’s a little bit like “The Story of the Three Bears”, where Goldilocks determines that the smallest bear’s porridge, chair and bed are always “just right”. And, by the time the bears return to find her, the damage is already done.
The FBI has identified the following methods used by thieves to gain access to a business’s banking credentials:
- The criminals send infected e-mails containing a Trojan horse virus, which once installed, records keystrokes. So, the next time you visit your bank Web site, the criminals are able to capture your ID and PIN.
- They embed pop-up advertisements on legitimate Web sites. These ads install viruses when you click on them.
If a criminal is able to successfully capture your banking credentials, chances are they’ve also gained access to your e-mail account. I know, it sounds scary. But, with active prevention, it doesn’t have to be all doom and gloom.
What can you do to keep your banking credentials protected?
Online security begins with your own internal protections and procedures. Maintaining up-to-date virus protection software is a good start, but it shouldn’t be the only security measure in place.
If you’re unsure as to the security level of your business computers and network, you might consider consulting with an IT expert to perform an audit on your existing setup. This will enable you to determine any weaknesses and receive enhancement suggestions. While hiring a consultant can be costly, it’s a lot less expensive than dealing with a security breach.
We also recommend visiting with your bank to determine what additional security measures you could use to prevent corporate account takeover. Banks have a number of optional security measures and procedures in their security arsenal. We don’t publish them online because—well—that would defeat the purpose.
In today’s digital society, banks and businesses now—more than ever—need to remain diligent in pursuing and implementing new security measures to protect businesses from corporate account takeover.