Reference no: EM132995323
Question - Sarat Sethi is a newly hired accountant of Solomon Publishing House. She is an active member in a social media community. During her lunch break, she decided to access her social media account in her office computer. Her company's internet connection does not block access to any website in the internet. While browsing through her feeds, she mistakenly click on a link that opened a pop-up window that immediately closed after a few seconds. Since nothing happened, she decided to close her web browser and return to work. Before the day ended, she sent an e-mail to True Colors Corporation (True Colors), a Germany-based ink supplier, to confirm the receipt of an invoice amounting to $30,000 and requested for bank details to process the payment of the invoice through a fund transfer.
Two days later, Sethi received a reply from True Colors' accountant that instructs her to effect payment to an account number named under Unlimited Colors Inc. The e-mail also stated that True colors has already changed its name in their local securities regulator and is still in the process of updating all corporate documents. Sethi processed the payment using the information stated in the e-mail and the payment was approved by her superior.
A month after the wire transfer, Sethi received another email from True Colors that is following-up the payment on the last invoice sent. Sethi argued that the invoice was already paid through a fund transfer, and forwarded to True Colors a copy of the fund transfer form and the e-mail received a month ago. True Colors denied Sethi's claims and said that they did not receive the funds, nor provided Sethi their bank details.
Upon discovery of the irregularity, the case was subjected to an investigation and the IT team was instructed to trace the source of the fake e-mail. Upon tracing by the company's IT personnel, it was discovered that the e-mail originated from Namibe, Angola.
Requirement -
a. Describe the chain of events that exposed the company to networks risks, causing financial losses.
b. What actions that the company should have taken in order to prevent this situation?
1. What can a person to avoid getting victimized by a spoofing attack?
2. What do you think is the motivation for denial-of-service attacks?
3. Why is a distributed denial-of-services deemed more destructed than a regular DoS attack?
4. Why is public key encryption deemed more secured compared to private key encryption?
5. EDI creates an environment in which sensitive information, such as inventory amounts and price data, is no longer private. What potential dangers exist if the proper controls are not in place? Give an example.