Does Your Business Use Online Banking? You Might Be Vulnerable to a New Attack

Business online banking malware threatens to hijack accounts

While business online banking systems can be extremely beneficial and decrease the tediousness of financial matters, industry experts recently discovered a disastrous new form of malware that targets these systems and wreaks havoc on users’ bank accounts.

Essentially, this malware is able to detect the online banking system being used, run automated scripts in the background while the legitimate user unknowingly logs into their account and change existing beneficiary account numbers or sort codes in attempts to disperse scheduled payments to fraudulent accounts. It specifically targets commercial online banking systems—like the ones you may use.

Industry experts believe this malware is able to operate in the following types of digital environments:

  • When an online banking system is used on a PC via web browser
  • When a template feature is available to make bulk changes to the payment details and information of existing beneficiaries
  • When a two-factor authentication is not required for downloading or uploading the payment beneficiaries’ template or payment files

In light of this new malware, take the following precautions to protect your business’ privacy and financial security:

  • Communicate with your banking service—If your online banking system meets each of the three pieces of criteria for this malware to operate, it’s crucial to contact your bank immediately to discuss your protection options. In addition, even if your banking system doesn’t meet the listed criteria, make sure your banking system uses two-factor authentication during key transactional processes.
  • Update your staff members—Seeing as your employees likely use the same devices that access your business' online banking systems, ensure that all staff members are routinely trained on cyber-security best practices. This includes detecting phishing scams, periodically updating passwords and limiting access to sites that aren’t work-related, such as online shopping or social media.

Consider changing your processes—If possible, transition to using certain devices with the sole purpose of conducting online banking. Make sure these devices operate on a secure internet server—possibly a different provider than what the rest of your business uses to ensure business continuity. Lastly, ensure that these devices implement maximum cyber-security measures and are routinely updated. This includes processes such as system updates, safety firewalls and anti-malware scanning. Periodically test your devices to be sure they can detect and avoid an attack.