CATO

Corporate Account Takeover (CATO)

CATOs occur when cyber thieves gain control of systems by stealing sensitive employee credentials and information. Criminals can then initiate fraudulent wire transfers and transactions through the ACH to any account. Thieves typically access a computer via malicious software (malware) that can infect a computer through e-mail, websites, or as malware disguised as software.
– Domestic and International Wire Transfers
– Business-to-Business ACH payments
– Online Bill Pay and electronic payroll payments have all been used to commit this crime

How Do They Do It?
– User contracts malware
– Phishing
– Browsing to an infected website
– Zeus, SpyEye, other banking trojans
– Malware waits or is preparing to phone home
– Waits for the user to log into a sensitive site, e.g. internet banking
– Steals login credentials, sends them to a foreign server
– Piggybacks on an ACH/Wire on valid transaction
– Change wire transfer information
– Informs the user that internet banking is not available or initiates a DDoS to the internet banking site.

Best Practice recommendations for Businesses

Educate all employees on this type of fraud scheme:

• Review risky behavior with employees, especially when opening unsolicited emails.
• Educate employees on what suspicious websites and malicious “computer optimization” software looks like.

Enhance the security of computer networks:

• Install and maintain anti-virus, anti-malware, and anti-spam programs that periodically scan file systems.
• Utilize firewalls and routers to restrict network access.
• Ensure that programs are consistently updated through an organized patching process.