'Case Study About Frauds in Information System Essay\r'

'1. Compose a appearline of the case. Include how the phoney was perpetrated, the characteristics of the perpetrator(s) who committed the pseudo, the role the auditor(s) had in the case, and the direct and indirect effects the incident had on the g overning’s s cultivateholders (customers, vendors, employees, executive committee, and board of directors).\r\nComerica is be sued by Experi- Metal’s for a $560,000 phishing dishonor to their avow account. Experi- Metal, a custom auto- parts get downr, was dash by phishing criminals in January 2009. The fraud was perpetrated when the bank’s vice president received a phishing electronic mail telling him to fill bug forbidden online paperwork to perform schedule maintenance. The e-mail appeared to assume been dis get from the bank. The e-mail was sent from phishing criminals) Once the president sent over his enfranchisement the attack was started. Experi- Metal accuse Comerica of failing to take immediate action that could build eliminated some of the loss.\r\nThe bank processed over a million dollars in wires from the companies account. The attack was done in a takings of hours. Criminals tried to move millions of dollars to an Eastern Europe account. Comerica learned of the attack within four hours of the fraud. J.P. Morgan Chase contacted Comerica to promulgate suspicious activity in the account. The criminals were funding money into the Chase Accounts to move it overseas to Russia and Estonia. Comerica shut overmaster the scam but it was after the business confounded money. Comerica shut down the account but assuage processed 15 wires after finding out about the scam. Comerica filed suit against the bank for the phishing attack and to act to recoup some of the money that was paid out through the phishing attack.\r\nThe characteristics of the perpetrator are usually citizenry from oversea and the emails have spelling errors. The attacks come from abroad and the emails a llow contain misspelled and transposed letters. The attackers send out thousands of emails trying to get an individual to answer. The emails are mean to trick users into clicking on the link and entering their private study. The email will impersonate a connection such as a bank. The email will state there is a problem and fill the individual to ensure their education. It will include a cause of action prompting the user to respond or delete.\r\nThe direct and indirect effects on the brass instrument’s stakeholders were the bottom line would be understated because of the lost of money. â€Å"Phishing scams deceive you into revealing your personal, banking, or financial information through links in email that refer your browser to a look- similarly fake netsite that requests your personal, banking and/ or financial”.(Roddel, 2008, pg. 93) The board of directors would conduct to put some social occasion in smudge with the bank to make sure this doesn’ t happen again. This is a overlook of internal controls because the vice president should have corroborate the email before providing his credentials.\r\nThe direct impact is to cripple the come with and its availability of funds, breach confidentiality, and safety. Phishing has a veto impact on a bon ton’s revenue which is a direct impact on the stakeholders. The direct effect could include legal fees, and spare marketing expense to recapture lost revenues. An organization should communicate with its stakeholders when a phishing attack happens to eliminate the stakeholders losing impudence in the organization. An indirect effect to stakeholders is responding to media inquiries, and delivering messages to parties affected.\r\n2. evoke the fraud classification(s) the case can be categorized into (based on the data processing model). Include your rationale for the classification.\r\nâ€Å"By far the most common form of merged identity theft used by fraudsters is †˜phishing’. Phishing involves fraudsters send e-mails under the guise of a bank or other reputable comp some(prenominal), which appear authentic, to customers or users of that bad-tempered comp all. The emails invite them to log on to the connection’s website and verify their account detail, including their personal identification details” (Simmons & Simmons, 2003, pg. 8). The control condition of Experi-Metal’s received an email that appeared to be urgent.\r\nThe email stated the bank need to carry out scheduled maintenance on its banking software. It instructed the restraint to log in to the website via the link in the email. The email appeared to come from Comerica’s online banking site. The site asked the comptroller to enter a security code. The website was fraudulent and was used to get the information to process the fraudulent wires. 3. Suggest the type of controls that may have been in place at the time of the violation.\r\nThe g oal of any organization is to prevent or limit the impact of phishing attacks. The company probably had an in house phishing plan in place. Corporate organizations have policies and procedures to help monish phishing attacks. This should have included training of employees to avoid a phishing attack. The controls in place at Experi-Metal probably included a preventive plan that consisted of employee training and e-mail filters. at that place needs to be more impelling controls in place to prevent this from happening in the future. The controller should never have given his personal information out online without verifying through the bank. Management has to be made aware of the types of phishing attacks through education and an effective polity needs to be in place to cover these types of attacks. The system did not fail it was the actions of the controller which led to the phishing attack.\r\n4. Recommend two (2) types of controls that could be employ to prevent fraud in the fu ture and supernumerary steps management can take to justify losses. â€Å"Avoid emailing personal and financial information. If you get an unlooked-for email from a company or organisation agency asking for your personal information, contact the company or agency cited in the email, using a telephone number you get along to be genuine, or start a new Internet school term and type in the Web address that you know is correct” (McMillian, 2006, pg. 160). A variety of efforts aim to deter phishing through law enforcement, and automated detection. One thing that should be stressed at Experi- Metal is never follow links in an email claiming to be from a bank.\r\nBank institutions never ask you to verify your online banking username and password. The controller should have contacted the bank and corroborate the information before he entered the code. The motto is trust no email or web site. The business should have in place controls to keep this from happening outlet forward . Second, Experi- Metal should install a good Anti-virus and firewall security department software and adjust the settings to tighten up web security. Any customer or business that has an immoderate amount of wires the bank should place a hold on the account and it needs to be verified before anymore wires are processed.\r\nExperi-Metal could have substantiating pay on the account and this would eliminate any wires from being processed without their approval. Additional employee training should be offered to help employee’s be able to visiting card fraudulent emails. An individual should never respond to any emails asking for personal information. The bank should follow policy to protect and inform customers about fraudulent activity. 5. estimate the punishment of the crime (was it appropriate, as well as lenient, or too harsh) and whether the punishment would serve as a assay to similar acts in the future.\r\nThe court rule in favor of Experi- Metal in the case. Com erica was held liable for over half a million dollars stolen from Experi-Metal. The punishment was not hard because Comerica failed to act in good trustingness when it processed over 100 wire transfers in a few hours. The bank should have stop the wire transfers and contacted the company. A customer is place a bank responsible to keep their money safe. close to of the money was recovered but the judge ruled in favor of Experi-Metal based on the item the bank did not respond quick teeming in stopping the wire transfers. Banks are doing a better job at spotting fraud because of this case but there is still manner for improvement. This was a major case because it put closet on banks to strengthen their security posture. The judge is holding the banks responsible to the safe keeping of a company’s money.\r\n'