Take Charge of Cybersecurity to Deter Corporate Account Takeovers

T. Gedetsis, April 2021

Take Charge of Cybersecurity to Deter Corporate Account Takeovers

Cybercriminals are increasing the frequency and complexity of their attacks, as well as the methods they’re using to gain access to personal and business information. Keeping your company’s digital information secure requires awareness and vigilance, especially at a time when more work is being done virtually than ever before. A type of fraud that has accelerated in the past year is the corporate account takeover, in which cyber thieves illegally gain access to a business's highly sensitive information and accounts.

Once they gain access, fraudsters can make unauthorized transactions, including transferring funds from the company, creating and adding new fake employees to payroll, and stealing sensitive customer information that may not be recoverable. Corporate account takeover attacks are costing businesses millions of dollars every year.

Key Learnings

  • The incidence of corporate account takeovers – when hackers take control of company’s financial accounts – is on the rise.
  • Companies should alert employees of the increased risk of corporate account takeovers and put extra security measures in place.
  • Scammers’ tactics include gaining access through phishing, “vishing” and spoofed websites.
  • Before logging into a financial account website or online portal, make sure it is secure and legitimate.

Know How Scammers are Getting Access

Part of the challenge for businesses is that fraudsters are using multiple, sophisticated methods to gain access, and when employees are increasingly working in an online environment, they may not always employ the heightened scrutiny or security needed to avoid corporate account takeover attacks.

The KeyBank Information Security and Fraud teams have identified several different attack variations used to direct clients to malicious websites that impersonate their financial institutions’ login interface.

  • Social Engineering: Using sites like LinkedIn, Slack or chatrooms, cybercriminals target their activities to employees at firms who may have access to the company’s network or financial systems.
  • Phishing: Emails that look like legitimate internal emails from the company or from its financial institution that have a link or download that installs malware on the recipient’s computer.
  • Vishing or “voice phishing”: In January 2021, the Federal Bureau of Investigations (FBI) warned of an increased use of vishing attacks, which occurs during a phone call to users of VoIP (Voice over Internet Protocol) platforms.
  • Fraudulent Google or other browser search results: Fraudsters take over the search results for a financial institution or product’s name so that users who are searching click on a spoofed website instead of their intended online destination.

When targeted individuals are successfully directed to a spoofed webpage using these methods, their employee username and password are captured and used to gain access to financial accounts. The KeyBank Fraud team has also received reports of clients who have been targeted with vishing calls that ask for one-time passcodes in order to create and approve fraudulent ACH (Automated Clearing House) transactions.

Enhance Security Controls and Protect Your Corporate Accounts

Companies can prevent corporate account takeovers by implementing protocols for financial transactions and making sure employees are aware of the risk of sharing credentials on the phone or through unverified, unsecured links.

Enterprises should:

  • Closely monitor account activity and security emails specifically for suspicious ACH and wire activity.
  • Initiate ACH and wire transfer payment under dual control (e.g., one person authorizes the creation of the payment file, and the second authorizes the release of the file). Dual controls provide flexible user access levels that allow clients to separate duties among users.
  • Access financial interfaces such as KeyNavigator® by navigating directly to the website and verifying your dashboard URL is secure, e.g., for KeyNavigator, it should be keynavigator.key.com. Do not access your financial institution by searching on Google, Bing or another browser search engine as this could lead to a spoofed site and result in credential hacking.
  • Know that KeyBank will never contact clients for login IDs, passwords or one-time passcodes.
  • Report to the fraud hotline if you think that any user’s access has been compromised or if your company is a victim of any type of fraud.

While scammers are constantly evolving the methods they use to gain access to your networks or accounts, the KeyBank Information Security and Fraud team is also continually tracking trending fraud issues to help you protect yourself and your organization. For more information on how to keep your business information secure, please visit us at key.com/cybersecurity.

Connect With Us

  • Social Share Icon
  • Social Share Icon
  • Social Share Icon

Find an Expert