Corporate Account Takeover

How does Corporate Account Takeover work?

  • Criminals target victims by scams
  • Victim unknowingly installs software by clicking on a link or visiting an infected Internet site.
  • Fraudsters began monitoring the accounts
  • Victim logs on to their Online Banking
  • Fraudsters Collect Login Credentials
  • Fraudsters wait for the right time and then depending on your controls – they login after hours or if you are utilizing a token they wait until you enter your code and then they hijack the session and send you a message that Online Banking is temporarily unavailable.

Where does Corporate Account Takeover come from?

  • Malicious websites (including Social Networking sites)
  • Email
  • P2P Downloads (e.g. LimeWire)
  • Ads from popular web sites
  • Web-borne infections: According to researchers in the first quarter of 2011, 76% of web resources used to spread malicious programs were found in 5 countries worldwide: United States, Russian Federation, Netherlands, China, & Ukraine.

What is Malware?

  • Short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent.
  • Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, crimeware, most rootkits, and other malicious and unwanted software.

What is Rogue Software?

  • Form of malware that deceives or misleads users into paying for the fake or simulated removal of malware.
  • Has become a growing and serious security threat in desktop computing.
  • Mainly relies on social engineering in order to defeat the security software.
  • Most have a Trojan Horse component, which users are misled into installing.
    • Browser plug-in (typically toolbar)
    • Image, screensaver or ZIP file attached to an e-mail
    • Multimedia code required to play a video clip
    • Software shared on peer-to-peer networks
    • A free online malware scanning service

What is Phishing?

  • Criminally fraudulent process of attempting to acquire sensitive information (usernames, passwords, credit card details) by masquerading as a trustworthy entity in an electronic communication.
  • Commonly used means:
    • Social web sites
    • Auction sites
    • Online payment processors
    • IT administrators 

Email Usage

  • What may be relied upon today as an indication that an email is authentic may become unreliable as electronic crimes evolve.
  • This is why it is important to stay abreast of changing security trends.
  • Some experts feel e-mail is the biggest security threat of all.
  • It is the fastest, most-effective method of spreading malicious code to the largest number of users.