MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 254: BE WARY OF CORPORATE ACCOUNT TAKEOVER (CATO)

Reference Number ACG-CSB 061522254

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

   Corporate Account Takeover (CATO) is account takeover (ATO) specifically targeting business-owned user credentials. It occurs when an attacker discovers how to obtain unauthorized access to a legitimate employee account. The ways in which adversaries obtain corporate-owned user credentials vary but high on the list is social engineering via telephone, phishing (and spear phishing), and imposter partner inquiries. Other methods include the attacker(s) installing key-logging malware to legitimate users’ desktop and mobile devices. The actions hackers might take while impersonating the bank employee during CATO include fraudulent funds transfers, fraudulent external loan approvals, theft and reselling of intellectual property, and widespread social engineering within the enterprise.

   CATOs occur when cyber thieves gain control of systems by stealing sensitive employee credentials and information. Criminals can then initiate fraudulent wire transfers and transactions through the ACH to any account. Thieves typically access a computer via malicious software (malware) that can infect a computer through e-mail, websites, or as malware disguised as software. It is necessary to fully understand the severity of these attacks and its effects on client confidence, as well as its potential implications on your institution’s reputation.

   Attackers typically attempt corporate account takeover attacks by stealing employee usernames, passwords, or personal info allowing them to gain access. This theft can come in many forms, including social engineering emails or social media activities, credential stuffing, or brute force or botnet attacks to try numerous password combos quickly. Top corporate targets tend to be purchasing, HR, IT, and management due to their level of organizational access.

   There are several methods being employed to steal confidential security credentials. Phishing mimics the look and feel of a legitimate financial institution’s website, e-mail, or other communication. Users provide their credentials without knowing that a perpetrator is stealing their security credentials through a fictitious representation which appears to be their financial institution. A second method is Malware that infects computer workstations and laptops via infected e­ mails with links or document attachments. In addition, malware can be downloaded to a user’s workstation or laptop from legitimate websites, especially social networking sites. Clicking on the documents, videos, or photos posted there can activate the download of malware. The malware installs key-logging software on the computer, which allows the perpetrator to capture the user’s ID and password as they are entered at the financial institution’s website.

   Other viruses are more sophisticated. They alert the perpetrator when the legitimate user has logged onto financial institutions website, then trick the user into thinking the system is down or not responding. During this perceived downtime, the perpetrator is actually sending transactions in the user’s name.

RECOMMENDATION

   All PNP personnel as well as the public are advised to follow these tips to avoid being a victim of Corporate Account Takeover (CATO):

  • Minimize the number of machines used for various business functions. Consider conducting online banking on dedicated machines segregated from other business functions.
  • Always lock computers when unattended, especially those with administrator access.
  • Install and maintain anti-virus, anti-malware and anti-spam programs that periodically scan file systems.
  • Utilize firewalls and routers to restrict network access.
  • Ensure that programs are consistently updated through an organized patching process.
  • Consider creating regular backup copies of system files.
  • Encrypt hard drives if possible, and if not, encrypt important documents including those containing sensitive information.
  • Avoid utilizing open internet access points for internet connectivity.
  • Be aware of emerging information security threats and what measures can be taken to mitigate the risk of unauthorized intrusion.

For additional information, please refer to the following websites:

  • https://www.seamensbank.com/fraud-prevention/cato/
  • https://www.hypr.com/corporate-account-takeover/
  • https://www.mass.gov/service-details/frequently-asked-questions-about-corporate-account-takeovers

POINT OF CONTACT

   Please contact PMAJ JUN-JUN S DAGURO, Police Community Relations Officer thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 8723-0401 local 7483 for any inquiries related to this CYBER SECURITY BULLETIN.