Wednesday, June 5, 2019
Case Study About Frauds in Information System Essay Example for Free
Case Study About Frauds in Information system Essay1. Compose a summary of the suit. Include how the fraud was perpetrated, the char conducteristics of the perpetrator(s) who committed the fraud, the role the auditor(s) had in the case, and the direct and indirect effects the incident had on the formations stakeholders ( guests, vendors, employees, executive committee, and board of directors).Comerica is being sued by Experi- Metals for a $560,000 phishing attack to their bank account. Experi- Metal, a custom auto- parts maker, was hit by phishing criminals in January 2009. The fraud was perpetrated when the banks vice president received a phishing email telling him to fill out online paperwork to perform scheduled maintenance. The e-mail appeared to excite been sent from the bank. The email was sent from phishing criminals) Once the president sent over his credentials the attack was started. Experi- Metal accused Comerica of failing to take flying action that could have e liminated some of the loss.The bank tinge over a million dollars in wires from the companies account. The attack was done in a matter of hours. Criminals well-tried to move millions of dollars to an Eastern Europe account. Comerica learned of the attack within four hours of the fraud. J.P. Morgan follow contacted Comerica to report suspicious activity in the account. The criminals were funding money into the Chase Accounts to move it overseas to Russia and Estonia. Comerica shut down the scam but it was after the business lost money. Comerica shut down the account but still processed 15 wires after finding out about the scam. Comerica filed suit against the bank for the phishing attack and to try to recoup some of the money that was paid out by dint of the phishing attack.The characteristics of the perpetrator are usually people from abroad and the emails have spelling errors. The attacks exercise from abroad and the emails will contain misspelled and transposed letters. The a ttackers send out thousands of emails act to get an individual to respond. The emails are intended to trick users into clicking on the link and entering their individualized expressation. The email will impersonate a company such(prenominal) as a bank. The email will state there is a problem and need the individual to verify their information. It will include a bm of action prompting the user to respond or delete.The direct and indirect effects on the organizations stakeholders were the bottom line would be minimize because of the lost of money. Phishing scams deceive you into revealing your personal, banking, or financial information through links in email that refer your browser to a look- alike bullshit website that requests your personal, banking and/ or financial.(Roddel, 2008, pg. 93) The board of directors would need to put something in pip with the bank to make sure this doesnt happen again. This is a lack of upcountry controls because the vice president should have verified the email before providing his credentials.The direct impact is to cripple the company and its availability of funds, breach confidentiality, and safety. Phishing has a negative impact on a companys revenue which is a direct impact on the stakeholders. The direct effect could include legal fees, and additional merchandise expense to recapture lost revenues. An organization should communicate with its stakeholders when a phishing attack happens to eliminate the stakeholders losing confidence in the organization. An indirect effect to stakeholders is responding to media inquiries, and delivering messages to parties affected.2. Suggest the fraud classification(s) the case can be categorized into (based on the data processing model). Include your rationale for the classification.By far the most common form of corporate individuality theft used by fraudsters is phishing. Phishing involves fraudsters sending e-mails under the guise of a bank or other reputable company, which ap pear authentic, to customers or users of that particular company. The emails sop up them to log on to the companys website and verify their account details, including their personal identification details (Simmons Simmons, 2003, pg. 8). The controller of Experi-Metals received an email that appeared to be urgent.The email stated the bank needed to carry out scheduled maintenance on its banking software. It instructed the controller to log in to the website via the link in the email. The email appeared to come from Comericas online banking site. The site asked the controller to enter a security code. The website was fraudulent and was used to get the information to process the fraudulent wires. 3. Suggest the type of controls that whitethorn have been in place at the time of the violation.The goal of any organization is to balk or limit the impact of phishing attacks. The company probably had an in house phishing plan in place. Corporate organizations have policies and procedures to help deter phishing attacks. This should have included training of employees to avoid a phishing attack. The controls in place at Experi-Metal probably included a preventive plan that consisted of employee training and e-mail filters. There needs to be more effective controls in place to prevent this from happening in the future. The controller should never have given his personal information out online without verifying through the bank. Management has to be made informed of the types of phishing attacks through education and an effective policy needs to be in place to cover these types of attacks. The system did not fail it was the actions of the controller which led to the phishing attack.4. pep up two (2) types of controls that could be implemented to prevent fraud in the future and additional steps management can take to mitigate losses. Avoid emailing personal and financial information. If you get an unexpected email from a company or government means asking for your per sonal information, contact the company or agency cited in the email, using a telephone number you know to be genuine, or start a new Internet session and type in the Web address that you know is correct (McMillian, 2006, pg. 160). A variety of efforts aim to deter phishing through law enforcement, and automated detection. One thing that should be tonic at Experi- Metal is never follow links in an email claiming to be from a bank.Bank institutions never ask you to verify your online banking username and password. The controller should have contacted the bank and verified the information before he entered the code. The motto is trust no email or web site. The business should have in place controls to keep this from happening going forward. Second, Experi- Metal should install a good Anti-virus and firewall protection software and adjust the settings to tighten up web security. Any customer or business that has an excessive amount of wires the bank should place a stop on the account a nd it needs to be verified before any longer wires are processed.Experi-Metal could have positive pay on the account and this would eliminate any wires from being processed without their approval. Additional employee training should be offered to help employees be able to notice fraudulent emails. An individual should never respond to any emails asking for personal information. The bank should follow policy to protect and inform customers about fraudulent activity. 5. Judge the punishment of the crime (was it appropriate, too lenient, or too harsh) and whether the punishment would serve as a deterrent to similar acts in the future.The court ruled in privilege of Experi- Metal in the case. Comerica was held liable for over half a million dollars stolen from Experi-Metal. The punishment was not hard because Comerica failed to act in good faith when it processed over 100 wire transfers in a few hours. The bank should have stopped the wire transfers and contacted the company. A custome r is holding a bank responsible to keep their money safe. Most of the money was recovered but the judge ruled in favor of Experi-Metal based on the fact the bank did not respond quick enough in stopping the wire transfers. Banks are doing a better agate line at spotting fraud because of this case but there is still room for improvement. This was a major case because it put pressure on banks to fortify their security posture. The judge is holding the banks responsible to the safe keeping of a companys money.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment