- SVB stays aware of the emerging trends in bank account fraud, like the rise of account takeover attacks, and we share this information with our clients via our Fraud Prevention Center.
- Your online and mobile environments — including systems like online banking and hardware such as smartphones, computers and servers — both protect and expose your company’s assets and information.
- Taking precautions to safeguard online accounts that go beyond simply using strong passwords and firewalls are vital.
When it comes to fraud protection strategies, companies can’t take a “set it and forget it” approach. Fraud trends and tactics are constantly shifting and evolving in response to changes in the world. In response to new ways of combatting frauds such as business email compromise or phishing scams, fraudsters come up with even more sophisticated and hard-to-detect ways to target and exploit victims – in particular high-profile consumers.
SVB pays close attention to the shifting fraud landscape, and when we see new trends emerge, we share the information with our clients. One of those trends is the rise of account takeover attacks. Here’s what you need to know to identify and protect against these types of scams.
What are account takeover attacks?
An account takeover occurs when a cyberthief gains credentials to an individual’s most sensitive online accounts. These thieves may target an individual’s personal bank account and effectively empty it, leaving the account-holder with zero balance—and potentially no way to recoup their money.
While some online scams are built on brute force—say, using powerful algorithms to crack a password—account takeovers require patience and sophistication on the part of the cyberthief. The criminals aim to learn passwords and login credentials through nuanced means such as:
Phishing (click here to learn more about phishing and other scams)
Placing malware on a user’s device in order to monitor their keystrokes to learn their user ID and password
Impersonating bank employees and asking customers for their passwords, PINs or one-time passcodes. (SVB will never ask for this information.)
Globally, banks are experiencing higher rates of account takeover attacks. Around the world, bank customers are being targeted more frequently and with more powerful tactics. By some measures, account takeover attacks steal nearly 30,000 credentials every minute.1
What can you do?
Take precautions to safeguard online accounts. Those precautions go beyond strong passwords and firewalls: Account holders must watch carefully for unsolicited requests for personal information such as passwords, responses to security questions or one-time passcodes.
Customers can use the following tips to keep themselves out of reach of account takeover attacks:
Don’t respond to unsolicited requests for account or personal information, such as user IDs, passwords, challenge questions or one-time passwords
Establish dual administration and have both administrators pay attention to any unexpected alerts about failed login attempts or new devices being added to your online account
If one users email is compromised, another user will be alerted of any unauthorized activity
To update your account and enroll in dual administration, email your Relationship team for the Administrator Change Request form
Be wary of clicking on links in emails or online advertisements
Pay attention to any unexpected alerts about failed login attempts or new devices being added to online accounts
Use anti-malware software such as Trusteer Rapport, available at no cost to all SVB clients
Enable account notifications that cover balance and transaction thresholds, password changes, and any additions or modifications to the user profile
Set transaction limits and require a secondary approval for payments
Additional Fraud Prevention Reminders
With Multi-Factor Authentication (MFA) currently enacted for all SVB Online Banking clients, please make sure that your Authenticate phone number has been validated to ensure that you do not face any challenges with MFA at the point of login
Keep personal and business information protected and secure with strong, unique passwords
Continuously monitor accounts for unusual activity
For more information about online fraud prevention techniques, visit SVB’s Fraud Prevention Center. If you suspect that you may be a victim of fraud, contact your Relationship Manager or email@example.com.
1 Source: NuData Security/Mastercard, “Account Takeover: Chronology of an Attack.” [https://nudatasecurity.com/resources/infographics/account-takeover-infographic/]
This article was originally published on October 13, 2020.
Defend Your Company from Business Email Compromise (BEC)
Fraudsters are using increasingly sophisticated strategies to scam companies via email. Here's how you can protect against this dangerous—and pervasive—threat.