Question 4 The controller of a small business received the following e-mail with

Question

Question 4 The controller of a small business received the following e-mail with an authentic- looking e-mail address and logo: From: To: Subject: Big Bank fantifraudabigbank.com/ Justin Lewis, Controller, Small Business USA Official Notice for all users of Big Bank! Due to the increased incidence offraud and identity theft, we are asking all bank customers to verify their account information on the following Web page: www.antifraudbigbank.com Please confirm your account information as soon as possible. Failure to confirm your account information will require us to suspend your account until confirmation is made. A week later, the following e-mail was delivered to the controller: rom. To: Subject: Big Bank /antifraudabigbank.com/ Justin Lewis, Controller, Small Business USA Official Notice for all users of Big Bank! Dear Client of Big Bank, Technical services at Big Bank is currently updating our software. Therefore, we kindly ask that you access the website shown below to confirm your data. Otherwise, your access to the system may be blocked. web.da-us.bigbank.com/signin/scripts/login2/user setup.jsp We are grateful for your cooperation. a. What should Justin do about these e-mails? b. What should Big Bank do about these e-mails? c. Identify the computer fraud and abuse technique illustrated.

Explanation / Answer

a)From reading the mails it is clearly evident this is an attempt to acquire confidential information so that it can be used for illicit purposes . Since the email looks authentic and appears authoritative, it is normal to not suspect it but one should confirm with the authorised bank before conforming to an action.

But if Justin Knows that these are fradulent mails he should:
•Notify all employees and management that the email is fraudulent and that no information should be entered on the indicated website.
•Notify Big Bank regarding the email.
•Educate the Organisation of computer fraud practices and its impact on business

b)•Immediately alert all customers about the email and ask them to forward any suspicious email to the bank security team. This needs to be done via a secured bank’s web site, not by an email message.
•Establish a mechanism that encourages customers and employees to notify Big Bank of suspicious emails promptly
•The warnings received by customers and employees should be investigated and remedial actions should be taken.
•Notify and cooperate with law enforcement agencies regarding the issue of fraudulent mails
•ISP of the perprator be detected and assist the law in taking its course to punish such person accodingly and discontinue his account

c)This computer fraud and abuse technique is called phishing. Its purpose is to get the information which is needed to commit identity theft. The perpetrator probably also used brand spoofing of Big Bank’s web site.

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.