Account takeover scams

Prevent cyberthieves’ access to your financial accounts

One of the more insidious fraudulent activities perpetrated by cyberthieves on businesses are account takeover schemes, which are becoming increasingly difficult to detect and prosecute. 

How account takeover works
Corporate account takeover occurs when fraudsters gain access to a business’s financial accounts to make unauthorized transactions. That could include transferring funds from the business, making purchases on its credit accounts, adding fake employees to the payroll or stealing customer information. 

Cyberthieves are using the same points of entry to penetrate a business as they have for a decade. They’re just getting much better at deploying more advanced technology to dupe their targets. According to Javelin Strategy and Research, the most common access points for cyberthieves are email and downloads from the internet. 

Fortifying your defenses
When it comes to reducing the threat of account takeover fraud, businesses are their own first line of defense. Employee education is crucial to minimizing the threat — teaching employees about the dangers and how to approach account takeover attempt. 

Be wary of suspicious emails: Cyberthieves continue to perfect techniques for masking phony emails as legitimate. Emails must be closely scrutinized for fake email addresses and domain names and salutations that include your full name or an email address. 

Double check urgent requests: Emails urging an immediate response to a request should be carefully inspected by multiple employees. 

Verify all money and information requests: Any request for funds or sensitive information should be verified by contacting the sender using a known phone number. 

Act immediately: If you think you’ve been targeted by a cyberthief, contact your  financial institution directly to warn them of the attempt. You should also report it to the FBI Internet Complaint Center, the Federal Trade Commission spam unit, and the Cybersecurity and Infrastructure Security Agency. 

While it may not be possible to thwart all attacks, businesses must ensure they are keeping up with the latest security technology, such as data encryption, firewalls for all information portals, antivirus applications and operating system updates. 

About This Author


Ross Bentzler

Ross Bentzler is Executive VP and Information Security Officer for Alpine Bank. Ross has worked in the information technology field for two decades, focusing on information security for 13 years.

More about Ross Bentzler

Allpoint It’s your money after all. Find a surcharge-free ATM