Email account compromise (EAC) or account takeover (ATO) are forms of online identity theft that occur when a fraudster gains unauthorized access to someone else’s account like a bank account, email account, or online shopping account. Once in, they can change information such as login credentials or the email address associated with the account in order to make unauthorized transactions. As more and more people are conducting their business online, online fraud is on the rise, including corporate account takeover. Additionally, since access to email accounts can also control password resets and suspicious activity alerts, t fraudulent account activity can easily occur without being detected.
The last several Verizon Data Breach Investigations Reports have all found the use of stolen credentials as the most common way hackers gain unauthorized access to accounts. The 2020 Report includes insights from 3,950 confirmed breaches! Some of these attacks begin by sending phishing emails designed to look like a password reset request or links to fraudulent login pages enabling credential theft to occur. In addition, by clicking on links in phishing emails or texts, or by visiting a compromised website, employees could be unknowingly installing malware onto their home computers, malware that could be collecting usernames and passwords as they are entered. As you can see, cybercriminals can gain access to accounts in many ways.
Here are more examples of common methods used by fraudsters:
We continue to enhance our online banking platform to provide you with the most secure access to your accounts, and look forward to giving you even more control of your security configuration. In the meantime, here are some features you should take advantage of now within our business online banking platform.
Limit wire origination access to only the accounts that will be used to originate wires! To control the accounts wires can be originated from, simply select “Users” from the Commercial menu. Click the Edit option for the user. Click the “Assign Rights” button. Click on the Accounts tab. Turn off the withdrawal feature for the accounts that the user should not be allowed to send wires from. Turn on the withdrawal feature for the accounts the user can be allowed to send wires from.
You can also set up automatic alerts to notify you by phone, text message, or email each time a wire transfer is initiated. Each user has the ability to manage their own alert(s). To set up an alert, log into the System and select “Alerts” from the Settings menu. On the Alerts page, wire alerts can be created using the “New Alert” dropdown and selecting “Online Transaction Alerts”, or under “Security Alerts”.
You can also take advantage of multi-factor authentication, which requires a code delivered by token or SMS to log into online banking.
We also recommend that limiting ACH origination access to only the accounts that will be used to originate ACH transaction to reduce the risk of an unauthorized ACH transaction. To control the accounts ACH can be originated from, select Users from the Commercial menu. Click the “Edit” option for the user. Click the “Assign Rights” button. Click on the Accounts tab. Turn off the withdrawal feature for the accounts that the user should not be allowed to send ACH from. Turn on the withdrawal feature for the accounts the user can be allowed to send ACH from.
With this optional feature, any wire transfer or ACH created by a user will require a review and approval by a second user. Please note that if you elect to use this feature, all wire transfers and/or ACH transactions initiated by users given access to these services by your designated Company Administrator must be reviewed by a second Company user before they can be sent out. You must call us at (805) 880-7606 if you want to enable either of these features.
You have the ability to set up automatic alerts in to notify you by phone, text message, or email each time a wire transfer is initiated. Each user has the ability to manage their own alert(s). To set up an alert, log into the System and select “Alerts” from the Settings menu. On the Alerts page, ACH alerts can be created using the “New Alert” dropdown and selecting “Online Transaction Alerts”, or under “Security Alerts”.
If you see charges you don’t recognize on your account, or find that you can’t access your online banking with your user name and password, you should immediately alert your ARB relationship manager. Consider enrolling in Positive Pay or opening a new account if you believe your account number has been compromised. We also have card alerts you can take advantage of to alert you to debit card activity that is out-of-the norm.
Concerned that your personal information may have been stolen? The Federal Trade Commission maintains the IdentityTheft.gov website, which provides a step-by-step guide for both reporting and responding to identity theft. The FTC also maintains a blog, with helpful information on current scams, as well as when you should also considering filing a police report. You can also watch videos about how to report scams.