Corporate Account Takeover Defense

by | Dec 20, 2023 | Business, Identity Theft, Technology

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

Corporate account takeover is a form of identity theft where an unauthorized individual gains access to your business bank account. Once the fraudster breaches the account, they have free rein to your hard-earned money and the ability to steal sensitive customer information. One of the biggest misconceptions about these attacks is they are highly technical. These attackers rely on simple deception to trick users into providing login details. These attacks are only becoming more common.

Common Attacks: A List by Michael Halstead at Launch Consulting
  • Phishing: This remains a popular method of attack as it has become much more sophisticated, such as testing to avoid common defensive tools. Artificial intelligence (AI) has also created new challenges with near-perfect phishing emails. SMS text messages have also become a popular technique. Unlike email, mobile phones don’t have strong filters to block text messages containing spam or smishing attempts.
  • Pretexting: The human equivalent of phishing where an attacker creates a false pretext, e.g., impersonating a person in authority, to deceive employees into revealing sensitive information or performing certain actions.
  • Business email compromise (BEC): This specifically targets corporate email accounts. Attackers compromise or spoof employee email accounts to trick others within the organization (or external parties) into performing fraudulent actions. This can include wire transfers, changing payment details, or disclosing sensitive information. In 2022, the FBI IC3 (Internet Crimes Complaint Unit) received 21,832 BEC complaints with adjusted losses of over $2.7 billion.
  • Social engineering: Uses human psychology and trust to manipulate individuals, often employees, into sharing sensitive information or granting unauthorized access. Like phishing, social engineering attacks have become much more sophisticated, using AI to impersonate legitimate entities via phone calls or video.
  • Phone calls impersonating legitimate entities: Attackers target company leaders, business partners, or financial institutions, to trick employees into revealing login credentials, account details, or sensitive information. Attackers then use them to gain unauthorized access to corporate accounts.
  • Deepfakes: The use of AI to create a video or audio recording of a high-ranking executive to trick an employee into transferring funds, sharing sensitive data, or giving an attacker control over a corporate account. Deepfake will likely become more prevalent as advances in AI are made and news of successful attacks increase.
  • Leveraging insiders: Bad actors use employees to assist with corporate account takeovers. The motivation can be financial, affinity to a particular cause, and/or threats of blackmail. Employees or individuals with privileged access can be convinced to misuse their privileges for personal gain or malicious purposes.
Your Best Defense Against Corporate Account Takeovers

Unfortunately, there is not one specific security practice and control that can prevent corporate account takeover attacks. It takes a combination of practices to reduce the risk. Below is a list of the six best practices to prevent corporate account takeover attacks.

  1. Defense in Depth – Companies must implement a defense-in-depth approach. Maintain a strong security posture remains key in preventing corporate account takeovers among other cyberattacks. It’s best to implement layers of defense including: vulnerability management, email and web filtering, network segmentation, third-party risk management, intrusion detection and monitoring, and incident response.
  2. Multifactor authentication (MFA) – It’s important to have strong multifactor authentication around all corporate accounts.
  3. Strong access management strategies – Implementing strong access management measures is essential.
  4. Contextual access management measures – Businesses should also implement contextual access management that considers a user’s current location, time of access, behavior patterns, network environment, the device being used, and other contextual information.
  5. Robust security monitoring – Having a team or third party that can continually monitor all security alerts that come in 24/7.
  6. Employee education and training, a human firewall – Employee education and awareness are key and one of the first lines of defense. This “human firewall” remains a very important defense in preventing corporate account takeovers. Ensure you regularly educate and train employees about the risks associated with corporate account takeovers, particularly those who have access or are in areas such as payments and finance. This includes making employees aware of the key things to look for in an email to know that it was a malicious email or had malicious intent in some way.

Read More:

Ag Roots: Chad and Sarah Widmer

Ag Roots: Chad and Sarah Widmer

In celebration of Ag Week, Alliance Bank is highlighting the stories of farmers in our community... When you get down to it, farmers are business owners. Chad Widmer went to school for diesel mechanics, but he learned quickly “you have to know your numbers” and “rely...

Ag Roots: Randy and Natalie Waling

Ag Roots: Randy and Natalie Waling

In celebration of Ag Week, Alliance Bank is celebrating the stories of farmers in our community...   How It Began Natalie Waling never imagined being a farm wife. “My parents were educators.” Her mom a high school English teacher and her father the Head of the...

Ag Roots: Craig Hall

Ag Roots: Craig Hall

In celebration of Ag Week, Alliance Bank is highlighting the stories of farmers in our community... Farming is all Craig Hall has ever known…and all he has ever wanted to do. Craig is the 6th generation to farm the ground that has been in his family for 160 years. As...

Contact Us

Need to get in touch or have questions about banking with Alliance Bank? Give us a call or fill out the contact form. Thank you!