Corporate account takeover: what it is and how to protect your business

Genome Blog / articles / Corporate account takeover: what it is and how to protect your business

May. 12, 2023

Corporate account takeover: what it is and how to protect your business

Life is full of surprises, and some are highly unpleasant. Yes, our team once again talks about scams and fraud that people should be aware of to protect their data and finances. 

This time, we will focus on a particular identity theft crime – the corporate account takeover, which targets businesses throughout various industries. Find out more about banking account takeover and how you can avoid it in Genome’s article. 

What is a corporate account takeover? 

A corporate account takeover (CATO) occurs when fraudsters target corporate accounts of various businesses to gain access to a company’s funds or sensitive data. To achieve this goal, malicious actors incorporate identity theft tactics to steal the credentials required to access the account.  

As you can imagine, corporate account takeovers can often be aimed at the company’s bank account, and businesses need to be extra cautious. A banking account takeover can be devastating, as some criminals act carefully: they start draining your money in small amounts in hopes no one notices and not give out that the credentials were stolen. 

Corporate account takeovers are part of a general issue called account takeover (ATO). The main difference is that the former is utilized against businesses, while the latter is targeted at accounts of individuals. 

As in the case of many scams, the number of account takeover attacks grew significantly during the global lockdown period. According to research carried out by Sift among US citizens, between April 2019 and June 2021, the number of blocked ATO skyrocketed by 307%. And this is just inside the Sift network. 

Open an account

in Genome online

Get Started

Examples of corporate account takeovers

Before listing some of the examples, let’s first take a look at the prime methods malicious parties use to conduct a corporate account takeover. Remember, to do so, they need to gain access to passwords, login information, security token, etc., to get into the corporate account. There are a couple of ways they can do so:

  1. Phishing and all phishing-related schemes. Fraudsters will try to fish out personal data via emails, texts, messages, and even phone calls to use them for the CATO. Some criminals use generic phishing scams. Others will incorporate identity theft and pretend to be another person or company to gain a person’s trust. For instance, some prefer smishing, which is a form of phishing that is done via texts and messengers. You can read more about smishing and its examples here. If the phishing attempt is successful, the malicious actors will steal personal data or trick a person into downloading malware to obtain data from the device. Either way, the stolen information can be used for a corporate account takeover. 
  2. Trying their luck with passwords. Phishing is not the only way to obtain information that can be used for a corporate account takeover. Unfortunately, not all people and companies use strong enough passwords when they create accounts. The data gathered based on 15 million breaches among 17 different industries demonstrates that clearly. For instance, the word “password” was one of the most used passwords among businesses. And 20% of passwords were just the company’s name or its variation. Thus, it is easy for some fraudsters to guess such easy passwords using the trial and error method. 
  3. The unfortunate consequences of breaches. From time to time, massive website breaches occur, which lead to information leaks, including passwords and other credentials. Some scammers get the databases of stolen passwords and then use them to conduct the corporate account takeover. 

Now, let’s take a look at two examples of the corporate account takeover:

Example #1

One of the employees from the design department, named Jack, works on a company presentation, which is due in 4 hours. Suddenly, he receives a Facebook message which seemingly comes from his co-worker, Brenda. In it, she asks him to give her access to Google Drive, as she urgently needs to check something on it. In the message, she explains that she contacted him via Facebook because she left her work laptop at home, thus not having access to the corporate email. 

Jack, being in a hurry, throws caution out of the window, replies, and gives the Google Drive credentials. 

Unfortunately, Jack got himself into the elaborate corporate account takeover scheme. This is how fraudsters did it: first, they skimmed social media pages and the website of the company Jack works for and gathered information on Brenda. The scammers created a fake Facebook page for Brenda, stealing her identity. They then started contacting the employees of the company in hopes that someone would get onto their phishing hook. And Jack did. As a result of a CATO, criminals will gain access to Google Drive and steal important data from it. 

Example #2

Here’s the account takeover: bank edition. A company’s COO, Ben, opens a business bank account. But, he is a bit neglectful: Ben uses the same password to log into the corporate banking app as for all his other websites and services. In addition to that, he disables two-factor authentication for account logins. 

Time passes, and one of the websites that Ben uses is breached. His website password, which is also identical to the one for the banking app, gets stolen. Eventually, scammers come across the stolen password data and conduct a corporate account takeover against Ben’s business bank account: they start gradually siphoning funds from it until someone from the company notices.  

How to prevent corporate account takeovers

  1. One of the best practices in preventing this type of fraud is establishing strict, straightforward, and all-encompassing rules and policies for all your employees on how to securely access corporate resources and work with information. Security training must be in place, as well as frequent emails that contain educational material on how to recognize potential fraud cases and safety precautions during working hours.
  2. Ensure that all the devices that employees use for work have the latest versions of antivirus software installed and that it is frequently updated.
  3. All staff members must only use corporate email and encrypted messaging apps when discussing work-related tasks and topics.
  4. Install VPN on all the devices used for work.
  5. All your corporate accounts must be duly protected to prevent breaches that may lead to corporate account takeovers. Use strong, unique passwords and enable two-factor authentication.    
  6. If your company uses a corporate bank account, turn on all the notifications regarding account activity, such as information on logins, transfers, payments, etc. Monitor the outgoing transactions closely. If other employees have access to the corporate bank account, limit the amount of money they can transfer. Make sure they use complicated and one-of-a-kind passwords when logging into the account. Genome’s business wallets are very well protected on this front. We have a shared account feature that allows the company’s employees to securely manage the business wallet together. All the outgoing transfers and major action confirmation operations are protected with two-factor authentication.     

Open an account

in Genome online

Get Started

FAQ

What is an example of a corporate account takeover?

We provided some of the examples in the article above. Most commonly, the corporate account takeover occurs when employees are tricked into revealing personal information, passwords, and credentials as a result of phishing scams.

What are account takeovers?

An account takeover (ATO) is a type of fraud targeted at individuals. Its main goal is to gain access to the person’s account, which can be anything from email to bank, to steal information and funds. 

What are the warning signs of a corporate account takeover?

Commonly, when malicious actors succeed in a CATO, they start changing credentials and other information. If we are talking about banking account takeovers, you may notice money transfers that weren’t authorized by you. Also, there may be multiple logins from devices you don’t recognize.

articles

You may also like

articles
Jul. 18, 2024

Online casino games are by far the most convenient way to use a casino. There is no need to waste time going to crowded brick-and-mortar casinos or another country. No wonder the iGaming market is expected to reach over $136 billion by 2029, showing a stable annual growth rate (2024-2029) of 6,20%. There are different types of such companies, so our Genome team dedicated an article to specific online casino games offered by pay-by-mobile casinos. Such iGaming businesses found their rightful niche on the market. Today, the use of smartphones for various tasks is unprecedented, thanks to their accessibility and

articles
Jun. 28, 2024

Managing a business is not only about producing products and making a profit. Mutual respect and trust between employers and their staff are crucial to the company’s success.  That’s why a business owner and their salaried employees need to understand the concepts of gross salary (gross pay) and what it consists of. In this article, you will learn more about gross pay and how it differs from net pay.   What is a gross salary? Also known as gross pay, gross salary is the term that describes the individual’s total earnings (based on hourly rate, monthly salary, etc.) before any expenses

articles
Jun. 26, 2024

Cryptocurrency: the basics When you think about money, your first association will likely be physical cash or bank cards. However, times are changing, and more types of payment methods are emerging for people’s convenience. One of the newest additions to the trend is cryptocurrencies — funds that only exist in digital form and operate on decentralized networks.   Unlike more traditional payment options, cryptocurrencies are considered more private, as they are generally not regulated by traditional financial institutions. In most cases, they operate based on blockchain technology, like the famous Bitcoin.  Cryptocurrencies are stored in digital wallets, the ownership of which

articles
Jun. 20, 2024

One of the main things a company needs to keep a close eye on to stay afloat is different numbers and metrics. One such metric is the cost of goods sold, which represents how much money a business will need to spend to produce its goods. Calculating and accurately planning your expenses related to production costs will save you a lot of headaches in the future — and money, of course. Find out the formula for the cost of goods sold and a step-by-step calculation guide.  What is the cost of goods sold (COGS)? The cost of goods sold is