Corporate Account Takeover (CATO)
Corporate Account Takeover (CATO) is a type of account takeover (ATO), where the target account belongs to a business as opposed to an individual. Account takeover occurs when an attacker manages to gain unauthorized access to a legitimate account – access which he uses to carry out nefarious activities such as initiate a fraudulent payment or wire transfer, steal sensitive data, etc.
To take over an account, the attacker needs to gain access to its access credentials (i.e. username and password, security token, etc.). Access credentials are stolen using phishing attacks, phone calls, and even social networks. Another way to steal account credentials is to infect a user’s computer or mobile device with malware capable of recording login credentials and passcodes and reporting them back to the criminals.
Examples of corporate account takeover attacks occasionally make their way to the courts, where the full detail of the attack can be discovered. For example, the Patco Construction Company sued Ocean Bank after Patco’s computers had become infected with malware, allowing fraudsters to make six wire transfers using the Automated Clearing House (ACH) transfer system amounting to more than $588,000. Only $243,000 of the stolen money was recovered.
There are different ways to protect against CATO, depending on the type of account and how it is accessed. Generally speaking, the following protection measures are used:
• Multifactor authentication, which prevents access to an account without a second factor of authentication that is implemented as a separate hardware device (i.e. smartcard, OTP token, biometric sensor, etc), or installed/stored on a separate computing device – typically a mobile device belonging to the accountholder.
• Phishing prevention solutions that aim to prevent credential theft.
• Malware protection to prevent malware-based credential theft.
• Fraud prevention technology that analyzes transaction originated from an account, to identify the anomalous ones that do not follow normal patterns, and that may indicate fraud.