Your privacy is very important to us. We would like to advise you that Internet email is not secure. Please do not submit any information that you consider confidential. We recommend you do not include your social security or account number or other specific identifying information.
You are leaving Marblehead Bank's website and linking to a third party site. Please be advised that you will then link to a website hosted by another party, where you will no longer be subject to, or under the protection of, the privacy and security policies of Marblehead Bank. We recommend that you review and evaluate the privacy and security policies of the site that you are entering. Marblehead Bank assumes no liability for the content, information, security, policies or transactions provided by these other sites.
Marblehead Bank's COVID-19 resource page, read more here.
Corporate account takeover is a form of financial fraud where cyber criminals gain access to business online banking accounts and initiate unauthorized fund transfers (e.g., ACH, check, wire transfers) to accounts that are under the cyber criminal's control. These funds are often then transferred overseas and out of U.S. jurisdiction. The FBI estimates that corporate account takeover attacks have cost American companies hundreds of millions of dollars.
Corporate account takeover attempts were first reported in 2006 and originally targeted large corporations, but the focus has been redirected toward small and mid-sized businesses, municipalities, and nonprofit organizations. Unlike larger corporations, these smaller companies are perceived to lack the resources needed to prevent and detect a security breach, making them a more attractive target to the cyber criminals.
Cyber criminals will phish for victims using social engineering techniques in an attempt to lure unsuspecting users into installing malware. These techniques include:
The cyber criminals use these techniques to trick the corporate employees into entering nonpublic information (e.g., online banking credentials) and into clicking on the malicious link or attachment. In successful phishing attempts, where the user has clicked on the infected link or opened the infected attachment and the malware has been downloaded to the employee's computer, the malware will:
The cyber criminals will then use the credentials to log into the online banking account to alter or create unauthorized external fund transfers from the business's account to an account they control. Money mules* are often used to open the domestic accounts where the money is first sent and to then transfer the funds overseas to the cyber criminals. The money mules are sometimes recruited by false work-at-home schemes and even though they often retain a commission for their part, they may not always be aware of the perpetrated fraud.
In addition to financial losses, corporate account takeover can result in reputational damages and other indirect losses to the business and financial institution.
Thousands of businesses have already fallen victim to these attacks and it is costing financial institutions and businesses millions of dollars. It is vital that both financial institutions and businesses do everything they can to mitigate, identify, and respond to corporate account takeover.
You can also visit the following websites to learn more about how to protect your small business:
Learn how you can improve your wealth base!
Rainy days or dream vacation - we have the savings plan for you!
Expanding family? Consider expanding your home!
Open an Account
Report a stolen card
Financial Learning Center
Visa Credit Card Login
Current Deposit Rates
Terms & Conditions
Learn more about mobile banking.
©2019 Marblehead Bank • All Rights Reserved • NMLS# 417751 • ABA 211372996 • Site Map