910 South Commerce
P.O. Box 220
Lovelady, TX 75851
T: (866) 225-0949
P: (936) 636-7337
F: (936) 636-7111
Email the Bank Lobby Hours
M-Th: 9 a.m. to 2 p.m.
F: 9 a.m. to 5:30 p.m. Drive-Thru Hours
M-Th: 8 a.m. to 3 p.m.
F: 8 a.m. to 5:30 p.m.
WHAT IS CORPORATE ACCOUNT TAKEOVER
Corporate Account Takeover is an evolving electronic crime typically involving the exploitation of businesses of all sizes, especially those with limited to no computer safeguards and minimal or no disbursement controls for use with their bank’s online business banking system. These businesses are vulnerable to theft when cyber thieves gain access to its computer system to steal confidential banking information in order to impersonate the business and send unauthorized wire and ACH transactions to accounts controlled by the thieves. Municipalities, school districts, large non-profit organizations, corporate businesses, and any customers that perform electronic transfers are potential targets. Losses from this form of cyber-crime range from the tens of thousands to the millions with the majority of these thefts not fully recovered. These thefts have affected both large and small banks.
This type of cyber-crime is a technologically advanced form of electronic theft. Malicious software, which is available over the Internet, automates many elements of the crime including circumventing one time passwords, authentication tokens, and other forms of multi-factor authentication. Customer awareness of online threats and education about common account takeover methods are helpful measures to protect against these threats. However, due to the dependence of banks on sound computer and disbursement controls of its customers, there is no single measure to stop these thefts entirely. Multiple controls or a “layered security” approach is required.
5 Tips to Prevent CATO
- 1. Use a computer that is dedicated only to handling online banking and bill pay. That computer or virtualized desktop would not have any other capabilities, such as sending and receiving emails or surfing the Web, since Web exploits and malicious email are two of the key malware infection vectors.
- 2. Online computer users should avoid using weak or default passwords for any online site and should refrain from using the same password for multiple sites. Use a "password manager" to put all your passwords in one database and avoid using the same password for more than one website
- 3. Institute and enforce a centralized plan for keeping computer applications, operating systems and security software updated. Make sure servers and workstations are fully patched promptly and regularly.
- 4. Implement a robust Intrusion Prevention Solution (IPS) to defend against cyber threats. An IPS provides policies and rules to block suspicious network traffic such as Web exploit kit attacks, SQL injection attacks, and banking Trojans that infect computers and steal data that allow intruders access to your banking accounts.
- 5. Before clicking on links or attachments in emails, always verify that the correspondent sent you the email with the link or attachment. Hackers are known for breaking into email accounts and sending malicious links and attachments. Verify with the sender to confirm the links or attachments are safe to click or open.