Genome Blog / articles / Corporate account takeover: what it is and how to protect your business
May. 12, 2023
Life is full of surprises, and some are highly unpleasant. Yes, our team once again talks about scams and fraud that people should be aware of to protect their data and finances.
This time, we will focus on a particular identity theft crime – the corporate account takeover, which targets businesses throughout various industries. Find out more about banking account takeover and how you can avoid it in Genome’s article.
What is a corporate account takeover?
A corporate account takeover (CATO) occurs when fraudsters target corporate accounts of various businesses to gain access to a company’s funds or sensitive data. To achieve this goal, malicious actors incorporate identity theft tactics to steal the credentials required to access the account.
As you can imagine, corporate account takeovers can often be aimed at the company’s bank account, and businesses need to be extra cautious. A banking account takeover can be devastating, as some criminals act carefully: they start draining your money in small amounts in hopes no one notices and not give out that the credentials were stolen.
Corporate account takeovers are part of a general issue called account takeover (ATO). The main difference is that the former is utilized against businesses, while the latter is targeted at accounts of individuals.
As in the case of many scams, the number of account takeover attacks grew significantly during the global lockdown period. According to research carried out by Sift among US citizens, between April 2019 and June 2021, the number of blocked ATO skyrocketed by 307%. And this is just inside the Sift network.
Examples of corporate account takeovers
Before listing some of the examples, let’s first take a look at the prime methods malicious parties use to conduct a corporate account takeover. Remember, to do so, they need to gain access to passwords, login information, security token, etc., to get into the corporate account. There are a couple of ways they can do so:
- Phishing and all phishing-related schemes. Fraudsters will try to fish out personal data via emails, texts, messages, and even phone calls to use them for the CATO. Some criminals use generic phishing scams. Others will incorporate identity theft and pretend to be another person or company to gain a person’s trust. For instance, some prefer smishing, which is a form of phishing that is done via texts and messengers. You can read more about smishing and its examples here. If the phishing attempt is successful, the malicious actors will steal personal data or trick a person into downloading malware to obtain data from the device. Either way, the stolen information can be used for a corporate account takeover.
- Trying their luck with passwords. Phishing is not the only way to obtain information that can be used for a corporate account takeover. Unfortunately, not all people and companies use strong enough passwords when they create accounts. The data gathered based on 15 million breaches among 17 different industries demonstrates that clearly. For instance, the word “password” was one of the most used passwords among businesses. And 20% of passwords were just the company’s name or its variation. Thus, it is easy for some fraudsters to guess such easy passwords using the trial and error method.
- The unfortunate consequences of breaches. From time to time, massive website breaches occur, which lead to information leaks, including passwords and other credentials. Some scammers get the databases of stolen passwords and then use them to conduct the corporate account takeover.
Now, let’s take a look at two examples of the corporate account takeover:
One of the employees from the design department, named Jack, works on a company presentation, which is due in 4 hours. Suddenly, he receives a Facebook message which seemingly comes from his co-worker, Brenda. In it, she asks him to give her access to Google Drive, as she urgently needs to check something on it. In the message, she explains that she contacted him via Facebook because she left her work laptop at home, thus not having access to the corporate email.
Jack, being in a hurry, throws caution out of the window, replies, and gives the Google Drive credentials.
Unfortunately, Jack got himself into the elaborate corporate account takeover scheme. This is how fraudsters did it: first, they skimmed social media pages and the website of the company Jack works for and gathered information on Brenda. The scammers created a fake Facebook page for Brenda, stealing her identity. They then started contacting the employees of the company in hopes that someone would get onto their phishing hook. And Jack did. As a result of a CATO, criminals will gain access to Google Drive and steal important data from it.
Here’s the account takeover: bank edition. A company’s COO, Ben, opens a business bank account. But, he is a bit neglectful: Ben uses the same password to log into the corporate banking app as for all his other websites and services. In addition to that, he disables two-factor authentication for account logins.
Time passes, and one of the websites that Ben uses is breached. His website password, which is also identical to the one for the banking app, gets stolen. Eventually, scammers come across the stolen password data and conduct a corporate account takeover against Ben’s business bank account: they start gradually siphoning funds from it until someone from the company notices.
How to prevent corporate account takeovers
- One of the best practices in preventing this type of fraud is establishing strict, straightforward, and all-encompassing rules and policies for all your employees on how to securely access corporate resources and work with information. Security training must be in place, as well as frequent emails that contain educational material on how to recognize potential fraud cases and safety precautions during working hours.
- Ensure that all the devices that employees use for work have the latest versions of antivirus software installed and that it is frequently updated.
- All staff members must only use corporate email and encrypted messaging apps when discussing work-related tasks and topics.
- Install VPN on all the devices used for work.
- All your corporate accounts must be duly protected to prevent breaches that may lead to corporate account takeovers. Use strong, unique passwords and enable two-factor authentication.
- If your company uses a corporate bank account, turn on all the notifications regarding account activity, such as information on logins, transfers, payments, etc. Monitor the outgoing transactions closely. If other employees have access to the corporate bank account, limit the amount of money they can transfer. Make sure they use complicated and one-of-a-kind passwords when logging into the account. Genome’s business wallets are very well protected on this front. We have a shared account feature that allows the company’s employees to securely manage the business wallet together. All the outgoing transfers and major action confirmation operations are protected with two-factor authentication.
What is an example of a corporate account takeover?
We provided some of the examples in the article above. Most commonly, the corporate account takeover occurs when employees are tricked into revealing personal information, passwords, and credentials as a result of phishing scams.
What are account takeovers?
An account takeover (ATO) is a type of fraud targeted at individuals. Its main goal is to gain access to the person’s account, which can be anything from email to bank, to steal information and funds.
What are the warning signs of a corporate account takeover?
Commonly, when malicious actors succeed in a CATO, they start changing credentials and other information. If we are talking about banking account takeovers, you may notice money transfers that weren’t authorized by you. Also, there may be multiple logins from devices you don’t recognize.