Personal Business

Reset Password
Access Your
First time user? Enroll Today!
To report a lost or stolen debit card: 800-472-3272

Corporate Account Takeover

How to defend against Corporate Identity Theft

What is Corporate Account Takeover?


Corporate Account Takeover (CATO) is a form of corporate identity theft where cyber thieves gain control of a business’ online banking accounts by stealing employee passwords and other valid credentials.


Who is vulnerable?

Small to Medium sized businesses, municipalities, and non-profit organizations are among those being targeted by these thieves. In particular, they are looking for businesses with limited or no internal computer safeguards. This allows cyber thieves to gain access to their target’s computer systems, typically through malicious software (malware). Malware infects a business’ computer system not just through ‘infected’ documents attached to an email, but also when an infected website is visited. Another approach becoming more popular among cyber thieves is to send a fake friend request on a social network, like Facebook or Google+.

Once a business’ computer has been infected, the malicious software begins to gather information. The malware can steal passwords, user account names, even answers to security questions. This information is all sent back to the criminals, who then attempt to initiate a funds transfer from the victim’s account.

Can I do anything about it?

  Thankfully there is much you can do to help prevent corporate account takeovers. The following recommendations are divided into three categories: Protect, Detect, and Respond.


  1. You can protect your organization by first educating your employees of this type of fraud, and what they need to do when they suspect their computer’s security may have been compromised.
  2. Enhance the security of your computer(s) and network. Simple things such as having up to date anti-malware software running on all of your computers, and setting up your computer(s) to automatically install security updates can help prevent malware infection.
  3. Protect your online banking password and user name. Do not use the same password for online banking that you would use for another service (such as social media or email.) Using complex passwords that are difficult to guess is highly recommended.
  4. Do not respond to requests for the password to your online banking account. Such requests may be attempts by a cyber thief to steal your password. It is important to note that First State Bank will never request your password.
  5. Never open suspicious emails, or emails from an unknown sender.
  6. An an annual basis, perform a risk assessment of your network environment. This includes determining if the security controls you have in place are adequate. (Security controls such are things like anti-malware software, complex password, restricting the amount of users that can access your computer or network, etc.)



  1. Monitor and reconcile your banking accounts often, daily if possible.
  2. Run regular malware scans on your computer. Note any changes in the performance of your computer.
  3. Pay attention to any warnings about your online banking or computer security.



  1. If you detect suspicious activity, immediately cease all online activity and remove any computer systems that may be compromised from the network
  2. If you think you may have malware on your computer contact a computer security professional to clean and secure your computer.
  3. Immediately contact your bank so that they can disable online access to your accounts and begin taking steps to stop fraudulent transactions from taking place.
  4. Keep records of what happened and have a contingency plan to recover computer systems that you suspect are compromised.


Additional Resources

For more information on how to protect your organization from Corporate Account Takeovers, please visit the following websites.