Corporate Account Takeover (CATO) is account takeover (ATO) specifically targeting business-owned user credentials. It occurs when an attacker discovers how to obtain unauthorized access to a legitimate employee account – for example, a bank employee email — which is then used for nefarious purposes.
The ways in which adversaries obtain corporate-owned user credentials vary but high on the list is social engineering via telephone, phishing (and spear phishing), and imposter partner inquiries. Other methods include the attacker(s) installing key-logging malware to legitimate users’ desktop and mobile devices.
The actions hackers might take while impersonating the bank employee during CATO include fraudulent funds transfers (e.g. ACH, international wire), fraudulent external loan approvals, theft and reselling of intellectual property, and widespread social engineering within the enterprise.
"Our security team shared a screenshot of a phishing email sent to our executive team impersonating our COO. It was an urgent demand for the recipient to reset their office password. Since it was directed at leadership, we're being asked to be vigilant to avoid corporate account takeover."