Premium Essay

Tft2 Task4


Submitted By DannyB740
Words 328
Pages 2
TFT2 Task 4
As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security.
As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials.
Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft.
The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund Transfer Act (EFTA). This states that as long as the fraudulent wire transfer is reporting in a timely manner that the customer will not be held responsible for the amount. Depending on the length of time between the fraudulent activity and the reporting of the fraudulent activity the customer could bear a portion of the responsibility. If the fraud is reported within 2 business days the customer could be responsible for up to $50. If reported between

Similar Documents