Page 341 - Introduction to Electronic Commerce and Social Commerce
P. 341

328                                                     10  E-Commerce Security and Fraud Issues and Protections

                (b)  What is the security problem concerning social media   user. The overseas user tries to convince the customer to
                 applications?                                  wire funds, share bank account information, and open
               (c)  Why was the automation (agent-based) solution unsuc-  joint accounts.
                 cessful?                                     •  Letters, postal service, or e-mail. A bank customer is
                (d)  Why were the computer-use policies ineffective?  notified by an e-mail that he or she has won a large amount
               (e)  What was the problem with the bandwidth?    of money (e.g., a sweepstakes). Hackers ask for some pro-
               (f)  Describe the new security policy. Why does it work?  cessing money to release the prize money to the customer.
                (g)  Discuss the issue of privacy as it applies to this case.  •  Telephone scams. A customer is asked to provide per-
             2.  Assign teams to report on the latest major spam and scam   sonal information from a government check and receives
              threats. Look at examples provided by ftc.gov, the latest   repeated telephone calls, each asking for different per-
              Symantec report on the State of Spam, and white papers   sonal information (e.g., Social Security Number). Phone
              from IBM, VeriSign, McAfee, and other security firms.  scams usually target elderly customers and depend on the
             3.  Watch the video “Cyberattacks and Extortion” (13:55 min)   social  engineer’s  ability  to  develop  a  rapport  with  the
              at  searchsecurity.techtarget.com/video/Cyberattacks-   customer.
              and- extortion. Answer the following questions:  •  Cell phone scams. A customer is told that his or her debit
               (a)  Why are there more extortions online today? How are   card has been compromised and the customer is asked to
                 they accomplished?                             provide card details for replacement.
                (b)  What is involved in targeted e-mail attacks?
               (c)  What is an SQL injection attack?            The bank now provides information about social engi-
             4.  Data leaks can be a major problem. Find some major  neering schemes on its website (see bankwest-sd.com/etc.
              defense  methods. Check some major security vendors  htm). Employees direct customers to the site and provide
              (e.g., Symantec). Find white papers and Webinars on the  information about fraudulent schemes when the customers
              subject. Write a report.                        come into a branch. The bank also instituted an “Employee
             5.  Each team is assigned one method of fighting against online  Rewards Program” (to be described later).
              fraud. Each method should involve a different type of fraud   It is critical to combat social  engineering attempts in
              (e.g., in banking). Identify suspicious e-mails, dealing with  order to increase customer confidence in Internet security.
              cookies in Web browsers, credit card protection, securing  According to Kitten (2010), “the bank’s information security
              wireless networks, installing anti-phishing protection for  team regularly attend workshops and participate in forums
              your browser with a phishing filter, and so forth.  related to social engineering and other fraud schemes. The
                                                              information collected is immediately shared with the staff in
                                                              order to keep the entire bank team abreast of new and emerg-
             CLOSING CASE: HOW ONE BANK STOPPED               ing fraud threats. All staff members also are required to com-
           SCAMS, SPAMS, AND CYBERCRIMINALS                   plete online training in scheme detection that is designed by
                                                              the bank.”
           Some say that as many as 90% of phishers are targeting   Also according to Kitten (2010), the training program
           financial institutions. Let us see how one bank is protecting   includes:
           its customers.
                                                              •  Ability to identify phone scams, especially automated ones
                                                                (e.g., vishing attempts) that lure customers into divulging
             BankWest of South Dakota (bankwest-sd.com)         sensitive information.
                                                              •  Ability to identify phishing e-mails and use caution when
           As a privately owned entity, a bank can disregard short-term   clicking on links or opening file attachments.
           profit. Instead, a bank provides the utmost in customer care   •  Conduct monthly training and employee-oriented dem-
           and employee educational programs. However, one problem   onstrations on face-to-face personal social engineering
           is challenging: the increasing number of incidents of social   schemes.
           engineering experienced by customers. A few examples of
           scams that were noticed by the BankWest staff reported by   Employee Rewards
           Kitten (2010) are:
                                                              Employees who identify scams are rewarded with certifi-
           •  Sweetheart schemes.  There may be long-term online  cates and small monetary rewards; their manager is notified
              relationship between a bank’s customer and an overseas  and employees can take pride in the acknowledgement.
   336   337   338   339   340   341   342   343   344   345   346