Corporate Account Take Over
First Credit Union of Scranton
Business Account Advice
Corporate Account Take Over (CATO) is the business equivalent of personal identity theft. Hackers, backed by professional criminal organizations, are targeting small and medium businesses to obtain access to their web banking credentials or remote control of their computers. These hackers will then drain the deposit and credit lines of the compromised credit union accounts, funneling the funds through mules that quickly redirect the monies overseas into hackers’ accounts.
As a business owner, you need an understanding of how to take proactive steps and avoid, or at least minimize, most threats.
- Use a dedicated computer for financial transactional activity. DO NOT use this computer for general web browsing and email
- Apply operating system and application updates (patches) regularly
- Ensure that anti-virus/spyware software is installed, functional and is updated with the most current version
- Have host-based firewall software installed on computers
- Use latest versions of Internet browsers, such as Explorer, Firefox or Google Chrome with “pop-up” blockers and keep patches up to date
- Turn off your computer when not in use
- Do not batch approve transactions; be sure to review and approve each one individually
- Review your banking transactions and your credit report regularly
- Contact your Information Technology provider to determine the best way to safeguard the security of your computers and networks
First Credit Union of Scranton encourages its business customers to perform a self-assessment of risks associated with the customer’s computer systems and business practices. This risk assessment should include an assessment of the risks associated with the following systems and other information technology that may apply, as well as mitigating controls that are in place to prevent the risks:
- Internet Usage
- Is a firewall utilized?
- Is an anti-virus protection provided?
- Are employees allowed to "surf" the internet?
- Does the company maintain a web page?
- Are employees allowed to visit social networking pages?
- Electronic Mail
- Is an anti-phishing system employed
- Are employees allowed to access personal email accounts?
- Is there a prohibition on sending non-personal company information, such as bank account numbers by unsecured email?
- Business Practices
- Are procedures utilized that require dual control over important functions?
- Are employees' duties clearly defined by job description?
- Are employees required to swap duties?
The underlying purpose for the self-assessment is to determine where weaknesses exist and to identify controls that may help to mitigate these risks.
Call us immediately at 1-800-327-3328 or 570-961-8953 if you believe that your First Credit Union of Scranton business account has been compromised.