Commercial account takeover is when cyber-thieves gain control of a commercial account by stealing the business’ valid online banking credentials. The most common way that these cyber-thieves gain access is by utilizing malicious software [malware]. Malware infects a business computer workstation or laptop to secretly access these systems without the business’ knowledge or consent. Malware is commonly distributed via e-mail links, phishing scams, social networking sites, and malicious websites.

Once the business’ online credentials are obtained, the cyber-thieves access the commercial accounts online and wire transfer, bill payment, intra-bank transfers, remote deposits or ACH transactions are initiated by the cyber–thieves. The cyber-thieves drain the balance in the commercial account, and in most cases, the customers do not discover the fraudulent transactions in time to recover the funds from the cyber-thieves. Businesses are faced with significant losses that can total hundreds of thousands of dollars.

Recommendations to reduce this risk:

  • Monitor and reconcile accounts daily.
  • Ensure that all anti-virus and security software for all computer workstations and laptops, used for any online banking transactions is up to date and robust.
  • Any computer used for online banking or other crucial functions should be limited to those uses only. The computer should NOT be used for general internet browsing, emails, or social networking
  • Initiate all transfers and payments under dual control.

Source: Jeff Schreiner, Secure Banking Solutions, MBA News, March 2011

Additional Security Alerts