Corporate Account Takeover
How does Corporate Account Takeover work?
- Criminals target victims by scams
- Victim unknowingly installs software by clicking on a link or visiting an infected Internet site.
- Fraudsters began monitoring the accounts
- Victim logs on to their Online Banking
- Fraudsters Collect Login Credentials
- Fraudsters wait for the right time and then depending on your controls – they login after hours or if you are utilizing a token they wait until you enter your code and then they hijack the session and send you a message that Online Banking is temporarily unavailable.
Where does Corporate Account Takeover come from?
- Malicious websites (including Social Networking sites)
- P2P Downloads (e.g. LimeWire)
- Ads from popular web sites
- Web-borne infections: According to researchers in the first quarter of 2011, 76% of web resources used to spread malicious programs were found in 5 countries worldwide: United States, Russian Federation, Netherlands, China, & Ukraine.
What is Malware?
- Short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent.
- Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.
What is Rogue Software?
- Form of malware that deceives or misleads users into paying for the fake or simulated removal of malware.
- Has become a growing and serious security threat in desktop computing.
- Mainly relies on social engineering in order to defeat the security software.
- Most have a Trojan Horse component, which users are misled into installing.
- Browser plug-in (typically toolbar)
- Image, screensaver or ZIP file attached to an e-mail
- Multimedia code required to play a video clip
- Software shared on peer-to-peer networks
- A free online malware scanning service
What is Phishing?
- Criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity in an electronic communication.
- Commonly used means:
- Social web sites
- Auction sites
- Online payment processors
- IT administrators
- What may be relied upon today as an indication that an email is authentic may become unreliable as electronic crimes evolve.
- This is why it is important to stay abreast of changing security trends.
- Some experts feel e-mail is the biggest security threat of all.
- It is the fastest, most-effective method of spreading malicious code to the largest number of users.