Important Fraud Alert

Protect Your Business from a Corporate Account Takeover (CATO)

It has become a growing and serious threat for businesses, schools, and municipalities of all sizes. It’s a sophisticated form of electronic fraud known as a Corporate Account Takeover or CATO. And it has allowed cyber thieves to steal millions of dollars from unsuspecting organizations of all sizes.

With CATO, cyber thieves are able to take control of company computers and confidential banking information to infiltrate accounts and transfer funds to their own accounts.

How do they do it?

In many cases, they target employees who utilize online banking and use sophisticated phishing scams and other tactics that allows them to plant dangerous malware that hijacks computer systems. Cyber thieves have been known to pose as credible organizations, such as the Better Business Bureau, IRS, or even banks, and may make phone calls or use social networks, such as Facebook to lure unsuspecting employees into providing private information.

Know the warning signs.

How do you know if your company’s computer systems may have been comprised? Here are some warning signs:

  • Dramatic loss of computer speed
  • Differences in the way things appear on the screen
  • Freezing or locking up of computer screens
  • Unexpected rebooting or restarting
  • Unexpected request for a token pass-code in the middle of an online session
  • Unusual pop-up messages, especially a message in the middle of an online banking session that says the connection to the bank system is not working (system unavailable, down for maintenance, etc.)
  • New or unexpected toolbars and/or icons
  • Inability to shut down or restart the computer

What you can do to protect your organization.

While any business can become a victim of a CATO, organizations that do not have strong Internet security policies are most vulnerable. There are, however, some steps you can take to reduce your company’s chances of being victimized:

  • Educate employees. Tell them about CATO and instruct them not to open unsolicited emails.
  • Review bank account activity carefully and regularly.
  • Separate banking responsibilities. For example, have one employee initiate ACH and wire transfers from one computer and another employee approve transactions on another computer.
  • Install a firewall and anti-virus software.
  • Create strong passwords. Do not use the same online banking password for everything.
  • Never leave a computer unattended while using any online banking service. Always lock computers when unattended.
  • Never access bank, brokerage or other financial services information at Internet cafes, public libraries, airports, etc.

Immediately report suspicious activity to Charles River Bank.

After notification of an incident, Charles River Bank will assist with:

  • Disabling online access to accounts
  • Changing online banking passwords
  • Opening new account(s) as appropriate
  • Assisting with review of all recent transactions and electronic authorizations on the account(s)
  • Confirming no one has requested an address change, check reorder, debit card order or other information be send to a different address

Be assured, at Charles River Bank, we use the highest level of security to protect your account and personal information while banking online. To learn more about other ways you can protect your business, visit http://www.mass.gov/ocabr/banking-and-finance/laws-and-regulations/dob-faqs/cato08212013.html

The Bank will reverse fraudulent transactions and will attempt to identify and notify any receiving financial institution of the fraudulent transactions.