Home / Resources / Security / Business Security

Corporate Account Takeover

Learn what you can do to prevent cybercriminals from gaining control of your business banking account.

During a corporate account takeover (CATO), cybercriminals use your stolen business banking account login information (ex. user name, password) to initiate fraudulent wire or ACH transactions. Cybercriminals may use phishing emails, phone calls or social media networks to gain access to your account; or they may infect your computer or mobile device with malware to record login information. Visiting a fraudulent website or clicking an infected link or attachment from an email may compromise your computer.

Protect Your Business Banking Account

Educate employees with online banking access on how to guard against CATO attempts.

  • Do not click links or attachments in unsolicited emails. If you receive a suspicious email appearing to be from the bank, call us using a known number to confirm if it is legitimate.
  • Never click on pop-ups that claim your computer is infected and that offer software to scan and fix the issue.

Enhance the security of your computers and network

  • Restrict use of computers dedicated to online banking and payments (no general web browsing, email or social networking).
  • Never leave computers with administrative privileges and/or online banking access unattended − always lock or shut them down.
  • Install and maintain spam filters, anti-virus and anti-spyware software; and block pop-ups.
  • Secure routers and firewalls.
  • Install the latest security updates to operating systems and applications.
  • Keep operating systems, browsers, software and hardware up-to-date.
  • Back up files regularly and encrypt sensitive folders.
  • Do not use public internet access when banking online.
  • Watch for virus alerts and anti-virus software expiration notices.
  • Keep up-to-date on the latest cyber security threats and news.
  • Monitor bank accounts daily to detect unauthorized activity.

Ensure that employees are trained on how to report suspicious activity to Luther Burbank. We may assist with the following:

  • Disabling online account access
  • Changing the account password
  • Opening new account(s), if needed
  • Confirming if anyone has recently: added new payees; requested an address or phone number change; created new user accounts; changed access to existing user accounts; changed existing wire/ACH templates; changed the PIN; or ordered new cards, checks or other account documents to be sent to an unauthorized address.

Signs of a Possible CATO Attack

  • Unusual activity on your business banking account
  • Dramatic loss of computer/internet speed
  • Unusual appearance of the online banking site or pop-up messages
  • Unexpected rebooting or inability to shut down/restart your computer
  • Sudden locking of your computer while in use
  • Unexpected requests for your PIN/password during an online banking session
  • Unsolicited phone calls requesting your PIN/password

Responding to a CATO Attack

  • Immediately cease all online activity and remove any computers from the network that may be compromised.
  • Submit a report to law enforcement (local police department and FBI) via the IC3 portal

Contact Luther Burbank immediately if you believe you have been the victim of a CATO attack; if your login information and/or account number have been compromised; or if you notice any unauthorized activity on your account. Call 888.578.4495 or contact your branch directly.