Corporate Account Takeover

Business Identity Theft

Corporate Account Takeover is a type of business identity theft where cyber thieves gain control of a business' bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled by the thieves. Heritage Bank is dedicated to helping educate customers on proper security protocol. The bank recommends the following to customers to help protect their account.

Helpful Tips to Protect Your Business

Do not respond or open attachments or click on links in unsolicited emails. If a suspicious email appears to be from the bank, customers are encouraged to call the bank to verify
Do not click on pop-up messages that claim the machine is infected and offers software to scan and fix the problem
BLOCK POP-UPS
Use/install and maintain spam filters
Install and maintain anti-virus, anti-spyware, desktop firewall ad malware detection and removal software. Use these tools to regularly scan the computer, allow automatic updates and scheduled scans
Install routers and firewalls to prevent unauthorized access to the computer and/or network
Restrict computers used for Online Banking and payments. Computers used for Online Banking and payments should not be used for general web browsing, email, or social networking
Do not leave computers with administrative privileges and/or computers with monetary functions unattended. Computers should be locked or shut down when the employee leaves the workstation
Install security updates to operating systems and all applications as they are available
Keep operating systems, browsers, and all other software and hardware up-to-date
Conduct regular backup copies of system and work files
Encrypt sensitive folders with the operating system's native encryption capabilities
Do not sue public internet access points
Pay attention to warnings like alerts of virus or expiration of anti-virus software
Pay attention to cyber security threats and news

Problems can be detected by staying aware of changes to computer performance:

Dramatic loss of speed
Changes in the way things appear
Computer locks up to the user is unable to perform any functions
Unexpected rebooting or restarting of the computer
Unexpected requests for a password or token in the middle of an online session
Unusual pop-up messages
New or unexpected toolbars and/or icons
Inability to shut down or restart

Immediately stop online activity after detecting a threat. (Disconnect Ethernet cable and/or any other network connections)
Ensure employees know whom to report suspicious activity to at the company and bank
Maintain a written report of what happened, losses, and steps taken to report incident to various agencies
If a loss occurred, file a police report and provide facts and circumstances surrounding the loss
File a complaint online at www.ic3.gov
Contact local field FBI Office www.fbi.gov/contact-us/field/field-offices
Have a contingency plan to recover systems

Contact the bank to take the following actions:

Temporarily disable online access
Change Online Banking passwords
Open new accounts if account numbers are compromised or deemed necessary
Ensure there have not been any new payees added to bill pay, address or contact information change requests, change to user access, new debit cards, checks or account documents mailed to another address