Question

An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...

An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to report his access was locked. He couldn’t login, even though he was using his correct user name and password. The platform reset his password. The next day when the adviser tried again to login, he was locked out of the system again. It became obvious that the adviser’s user ID had been compromised. At this point, the user ID was deleted.

1. Identify the malware attack experienced in the above scenario

2. What recommendations would you provide for preventing such type of attacks? The recommendations should be discussed individually for the scenario and should not be a general list of recommendations

Homework Answers

Answer #1

ANSWER:

Advisory practices attacked by a trojan virus

Case study 1

In this case study, a number of advisory practices were subject to a targeted malware attack via a trojan virus.

This virus helped the fraudsters,an eastern European syndicate,access several advisers'PCs and obatain the login details for systems that had been used.

this attempted fraud took place while the practice was closed over the christmas holidays.

"We locked up the office that afternoon just before christmas and went home.We were all looking forward to a nice long break,it'd been a busy year.We wouldn't be back in the office until the New Year."

Transactions were submitted to the platform over the christmas period using several advisers' user IDs..

Direct credit(EFT) bank account details were edited to credit the fraudster's 'mule' Australian bank account.From this account the fraudster would be free to transfer the funds overseas.

Luckily for the practice,the fraud was uncovered before any funds were paid out.

"Even though we were on holiday,we all continued to check our transaction updates via the platform each day.We called the platform right away and they were able to stop the fraudulent payments in time."

Preventing this type of fraud

:Its a good idea to check platform transaction updates sent by email or displayed online,every day,even when you're on leave.

: As an additional measure,ask someone else in your office to also check these online updates or emails every day to ensure they're valid.

: Look out for withdrawal requests,new accounts opened,asset sell downs and changes to contact details.

: Call us immediately if you suspect fraud or malware on your system.we'll suspend your login ID to ensure no further fraudulent transactions can occur.

: Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

Adviser subject to a malware attack causing account lock

Case study 2

A Melboume advisory practice was the target of a malware attack,where by the malware allowed the fraudster to gain access to an adviser's login details for all systems he had used recently.

The fraudster now had access to every website or account that required a login.this included personalbanking ,platform desktop software,Xpaln software and facebbook.

The next time the adviser tried to login to his platform desktop software,he was locked out.

He rang our account executive team to report his access was locked.He couldn't login,even though he was using his correct user name and password.

The platform reset his password.

The next day when the adviser tried again to login, he was locked out of the system again.

It became obvious that the advisers user ID had been compromised.At this point,the user ID was deleted.

Preventing this type of fraud

: Call us immediately if your platform access has been locked or you suspect fraud or malware on your system.we'll suspend your login ID to ensure no fraudulent transactions can occur.

: Bring in a tech specialist immediately to run and update security software and restore your systems back normal.

Opening email attachment causes all PCs in the office to shutdown

Case study 3

A staff member in an advisory practice opened a file attached to an email received one morning.

It turned out the attachment contained a 'worm' that infected not only the staff members PC ,it also spread to all other PCs in the practice network.

This malware caused all PCs in the office to shutdown.

The adviser needed to use the platform software that day to ensure his clients participated in a corporate action that was closing the following day.

With help from their business development manager,the office worked through the issue so they we able to log into the platform software to complete this critical work from a home laptop that hadnt been infected with the virus.

Preventing this type of fraud

: Never open attachments in emails if you dont know or trust the source.

: Ensure your office network is protected with up-to-date anti-virus software.

: Call us immediately if you suspect fraud or malware on your system.we'll suspend your login ID to ensure no fraudulent transactions can occur.

:Bring in a tech specialist immediately to run and update security software and restore your systems back to normal.

If you do not get anything in this solution,please put a comment and i will help you out.

Do not give a downvote instantly.It is a humble request.

If you like my answer,please give an upvote....Thank you.

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to...
An advisory practice was the target of an attack, whereby the malware allowed the fraudster to gain access to an adviser’s login details for all systems he had used recently. The fraudster now had access to every website or account that required a login. This included personal banking, platform desktop software, Xplan software and Facebook. The next time the adviser tried to log in to his platform desktop software, he was locked out. He rang our account executive team to...