Corporate Account Takeover (CATO)
Corporate Account Takeover (CATO) is a form of corporate identity theft where cyber thieves gain control of a business’ bank account by stealing employee passwords and other valid credentials. Thieves can then attempt to initiate fraudulent wire and ACH transactions to accounts they control.
If you don’t currently have formal computer security procedures in place, your business is unnecessarily at risk. It’s important to establish basic security procedures and controls for your business and to update and distribute these to all employees on a regular basis. Businesses with limited or no internal computer safeguards and disbursement controls for use with the bank’s online banking system are vulnerable to theft when cyber thieves gain access to their computer systems, typically through malicious software (malware). Businesses across the United States have suffered large financial losses over the last few years from electronic crimes through the banking system. We have established safeguards to help identify and prevent unauthorized access to your account; however, a shared responsibility between the DCB and our customers is the most effective way to prevent CATO.
Here are some important measures to put in place:
- Ensure all business networks/computers have current commercial Anti-Virus software and End Point Protection installed and are updated frequently.
- Review and reconcile all banking transactions on a daily basis and look for any unusual activity.
- Use caution when opening emails and clicking on any links that comes from unknown or unexpected sources. When in doubt, do not click the link included in an e-mail. Instead type out the web address to go there directly. https://www.webdcb.com
- Create strong passwords that have at least 10 characters and include a combination of numbers, special characters and mixed-case letters.Try not to use the same password for multiple websites.
- Prohibit the use of “shared” usernames and passwords
- Pay attention to alert emails sent from DCB, we use these notifications to inform you of unusual activity regarding your online profile. (i.e., new recipient added to payroll, password change, etc.)
- Initiate electronic transactions (such as payroll and wire transfers) under dual control and from dedicated PC’s with a transaction originator and a separate transaction authorizer. Do not allow a workstation used for online banking to be used for general Web browsing and social networking.
- Verify use of a secure session (“https”) in the browser for all online banking activity.(HTTPS://www.webdcb.com instead of HTTP://www.webdcb.com)
- Never access online banking or other financial services from Internet cafes, hotel business centers, public libraries, free Wi-Fi hotspots, etc.
- Cease all online banking activity if the online banking application appears different or questionable. Do not continue and contact DCB immediately.
- Contact us if you have not received proper authorization/information for use when submitting ACH/Wire transfers. You can reach DCB at (740) 657-7200 or via email at firstname.lastname@example.org.
- Train and educate employees on your information security policies and practices.
Microsoft Windows XP
Support for Microsoft Windows XP has ended as of April 8, 2014, as a result DCB does not support Windows XP utilizing the Online Banking system. We recommend upgrading to a supported version of Windows if utilizing Online Banking.
Fraudulent Emails and Websites
The Delaware County Bank and Trust Company would like to remind our customers to protect themselves from possible identity theft by remaining vigilant about sharing personal and account information with anyone.
The latest form of identity theft involves fraudulent emails sent to customers asking them to link to a bogus website and enter account and personal information. The bogus sites are designed to look like an official bank site, but they are not.
The Delaware County Bank and Trust Company will never ask our customers for account or personal information (Social Security Number, Personal ID, Account Numbers, etc.) via email.
If you feel that you may have received a fraudulent email, please follow these steps:
- DO NOT reply to the email.
- Contact DCB immediately at (740) 657-7200 or via email at email@example.com.
- Our Computer Security Team will look into the fraudulent activity.