Question

The controller of a small business received the following e-mail with an authentic-looking e-mail address and logo:

From: Big Bank [[email protected]]

To: Justin Lewis, Controller, Small Business USA

Subject: Official Notice for all users of Big Bank!

Due to the increased incidence of fraud and identity theft, we are asking all bank customers to verify their account information on the following web page: www.antifraudbigbank.com

Please confirm your account information as soon as possible. Failure to confirm your account information will require us to suspend your account until confirmation is made.

A week later, the following e-mail was delivered to the controller:

From: Big Bank [[email protected]]

To: Justin Lewis, Controller, Small Business USA

Subject: Official Notice for all users of Big Bank!

Dear Client of Big Bank,

Technical services at Big Bank is currently updating our software. Therefore, we kindly ask that you access the website shown below to confirm your data. Otherwise, your access to the system may be blocked.web.da-us.bigbank.com/signin/scripts/login2/user_setup.jsp

We are grateful for your cooperation.

REQUIRED

a. What should Justin do about these e-mails?

b. What should Big Bank do about these e-mails?

c. Identify the computer fraud and abuse technique illustrated.

Answer 1

(a): Here it is clear that the email sent to Justin is just an attempt to acquire confidential information and the information will then be used for illicit purposes by the sender of the email. Hence Justin should take systematic actions with regards to these e-mails. First of all he should notify and inform all employees of his organization that the e-mail is fraudulent and that no one should reply to these e-mails. Next he should ensure that all employees are aware about how to deal with such fraudulent e-mails. He can organize a training and orientation program for employees if there is a need for the same to educate them with regards to such fraud practices. Lastly he should notify Big Bank about the e-mail.

(b): Big-Bank should start by immediately alerting all its customers that they should not respond to any e-mails that is asking them to provide their confidential banking related information. The bank should also request its customers to forward them such mails so that they can take reasonable actions and steps in this regard. Next the bank should investigate these e-mails and then should put proper remedial measures in place so as to ensure that the interest of its account holders is protected. Lastly the bank should notify the law enforcement agencies to ensure that legal action is taken against the sender of these e-mails.

(c ): The computer fraud and abuse technique that has been illustrated here is called phishing. Phishing is a cybercrime in which the targets are usually contacted by e-mails or phone calls and the targets are then lured to provide their confidential and sensitive information like credit card details or bank details etc.