What is a Corporate Account Takeover?
Corporate Account Takeover (CATO) is a form of corporate identity theft where a business' online credentials are stolen by malware. Criminal entities can then initiate fraudulent banking activity. Hackers are targeting small to medium sized businesses to obtain access to their web banking credentials. The hackers drain the deposits and credit lines of the compromised bank accounts. A computer can be compromised very easily by visiting an infected website or by simply opening and email.
- Do not approve transactions. Be sure to review each transaction individually.
- Review your banking transactions regularly.
- Talk with your IT provider to determine the best way to safeguard your computers and network.
Security Steps Every Company Should Consider When Conducting Online Banking
- Use a dedicated computer for financial transactional activity. Do not use this computer for general browsing and email.
- Apply operating system and application updates regularly.
- Ensure that you install the most updated versions of antivirus/spyware security software and have host-based firewall software installed on the dedicated computer.
- Regularly run anti-virus scanning on your computer.
- Use the latest version of internet browsers, such as Explorer, Firefox, or Chrome and keep patches up-to-date.
- Activate a "pop-up" blocker on browsers to prevent intrusions.
- Do not store passwords in your browser.
- Do not share user ID's and passwords.
- Turn the computer off when not in use.
How does "Reg. E" apply to Non-Consumers using Internet Banking and/or Online Bill Pay?
A non-consumer using internet banking and/or bill pay is not protected under Regulation E. Special consideration should be made by the customer to review the controls in place to ensure that they are commensurate with the risk level the customer is willing to accept.
East Boston Savings Bank will never contact you to ask for your account number, PIN, password or other personal information via email, telephone or provide links within an email to update information. If you receive a request for your personal information, or you suspect you have inadvertently provided personal information to a questionable person, call us at 800-657-3272.