Also known as CATO, the corporate account takeover is a form of identity theft where hackers use malicious malware to access and steal the financial and sensitive information of employees for carrying out illegal activities. Some of the common hotspots for carrying our Corporate Account Takeover attack are gaming, travel, hospitality, media, finance, and retail industries.
With the spread of Coronavirus people have been forced to stay indoors. Work from home is the new normal now but has resulted in a spike in the rate of cybercriminal attacks including Corporate Account Takeover Attacks.
Apart from these small and medium scale industries, municipalities along with various other Non-profit organizations are the constant targets for conducting a CATO attack.
How does The Scam work?
Cybercrooks use destructive tactics like phishing scams to gain unauthorized access to user’s accounts. They usually mimic providing account-related assistance and ask for a payment for this.
These account credentials are then used to exploit and carry out illegal financial transactions. Corporate Takeover attacks can have a greater impact and can cost any organization both money and time.
Phishing scams, Credential Surfing, Brute Force Attack, Man-in-the-middle attack, Social Engineering, Password Spraying, and Session Hijacking are some of the other tactics that lead to a Corporate Account Takeover attack.
Recent Examples of CATO Attack
- In March 2020. Marriott International declared that it has suffered a data breach that affected around 5.2 million of its guests.
- J. cREW also informed its customers that their data was accessed by a third-party organization.
- Another attack happened in Decathlon in Feb 2020, where its customer’s details were accidentally disclosed to an unsecured ElasticSearch Server.
What To Do If Your Account Has Been Compromised?
If you discover that your account has been compromised here are few steps that you should take on an immediate basis.
- Disconnect all the devices connected to the compromised network.
- Contact all the related authorities including the top-management of the organization and related banks to take possible corrective actions in time.
- Check what kind of data has been collected along with the implications that it can have.
Preventive Measures | Best Practices to Avoid CATO
Here are some of the best and effective practices that every business should practice to counter a Corporate Account Takeover attack.
- Train your employees about security measures.
- Also, educate them about the importance of keeping strong passwords, and ask them to lock their computers when not in use.
- Use powerful firewalls and security software to strengthen security walls and restrict network access.
- Encrypt all your sensitive information and avoid opening suspicious emails.
- Use a strong ad-blocker tool to block infected ads and pop-up alerts that redirects you to unknown and infects third party websites.
- In addition to this keep a regular backup of your device to reduce data loss.
A Corporate Account Takeover (CATO) Attack can impact the financial stability and reputation of any organization. You need to stay educated and follow all preventive measures to avoid being a victim of this lethal attack.