Commercial account takeover is when cyber-thieves gain control of a commercial account by stealing the business’ valid online banking credentials. The most common way that these cyber-thieves gain access is by utilizing malicious software [malware]. Malware infects a business computer workstation or laptop to secretly access these systems without the business’ knowledge or consent. Malware is commonly distributed via e-mail links, phishing scams, social networking sites, and malicious websites.
Once the business’ online credentials are obtained, the cyber-thieves access the commercial accounts online and wire transfer, bill payment, intra-bank transfers, remote deposits or ACH transactions are initiated by the cyber–thieves. The cyber-thieves drain the balance in the commercial account, and in most cases, the customers do not discover the fraudulent transactions in time to recover the funds from the cyber-thieves. Businesses are faced with significant losses that can total hundreds of thousands of dollars.
Recommendations to reduce this risk:
Source: Jeff Schreiner, Secure Banking Solutions, MBA News, March 2011