Skip Navigation
digital American flag in the sky over hay bales and green grass

Corporate Account Takeover

Business Identity Theft

Corporate Account Takeover is a type of business identity theft where cyber thieves gain control of a business' bank account by stealing employee passwords and other valid credentials. Thieves can then initiate fraudulent wire and ACH transactions to accounts controlled by the thieves. Heritage Bank is dedicated to helping educate customers on proper security protocol. The bank recommends the following to customers to help protect their account.

Helpful Tips to Protect Your Business

Computer Usage
  • Do not respond or open attachments or click on links in unsolicited emails. If a suspicious email appears to be from the bank, customers are encouraged to call the bank to verify
  • Do not click on pop-up messages that claim the machine is infected and offers software to scan and fix the problem
  • Use/install and maintain spam filters
  • Install and maintain anti-virus, anti-spyware, desktop firewall ad malware detection and removal software. Use these tools to regularly scan the computer, allow automatic updates and scheduled scans
  • Install routers and firewalls to prevent unauthorized access to the computer and/or network
  • Restrict computers used for Online Banking and payments. Computers used for Online Banking and payments should not be used for general web browsing, email, or social networking
  • Do not leave computers with administrative privileges and/or computers with monetary functions unattended. Computers should be locked or shut down when the employee leaves the workstation
  • Install security updates to operating systems and all applications as they are available
  • Keep operating systems, browsers, and all other software and hardware up-to-date
  • Conduct regular backup copies of system and work files
  • Encrypt sensitive folders with the operating system's native encryption capabilities
  • Do not sue public internet access points
  • Pay attention to warnings like alerts of virus or expiration of anti-virus software
  • Pay attention to cyber security threats and news
Online Banking Usage
  • If possible, require dual-control to initiate ACH transfers
  • Do not share Online Banking log-ins. Cash Management allows customers to set up multiple sub-users and control access for each user
  • Monitor and reconcile accounts on a regular basis; this should be conducted monthly at a minimum
Discovering Threats

Problems can be detected by staying aware of changes to computer performance:

  • Dramatic loss of speed
  • Changes in the way things appear
  • Computer locks up to the user is unable to perform any functions
  • Unexpected rebooting or restarting of the computer
  • Unexpected requests for a password or token in the middle of an online session
  • Unusual pop-up messages
  • New or unexpected toolbars and/or icons
  • Inability to shut down or restart


React to Threats
  • Immediately stop online activity after detecting a threat. (Disconnect Ethernet cable and/or any other network connections)
  • Ensure employees know whom to report suspicious activity to at the company and bank
  • Maintain a written report of what happened, losses, and steps taken to report incident to various agencies
  • If a loss occurred, file a police report and provide facts and circumstances surrounding the loss
  • File a complaint online at
  • Contact local field FBI Office
  • Have a contingency plan to recover systems

Contact the bank to take the following actions:

  • Temporarily disable online access
  • Change Online Banking passwords
  • Open new accounts if account numbers are compromised or deemed necessary
  • Ensure there have not been any new payees added to bill pay, address or contact information change requests, change to user  access, new debit cards, checks or account documents mailed to another address
Back to Top