To be honest, that isn't your direct problem. File a criminal report. Proceed from there.
On Wed, Aug 26, 2009 at 9:58 AM, Jonathan Link<[email protected]> wrote: > The other thing to consider is where these employees sit in the fraud > triangle, opportunity, perceived personal need, rationalization of actions > Also consider, are they always there, do they never take vacation, do they > come to work sick when they shouldn't be? Has their behavior with other > coworkers changed recently? Do they have family members suddenly ill with a > lot of medical bills? > > > On Wed, Aug 26, 2009 at 12:33 PM, David W. McSpadden <[email protected]> > wrote: >> >> I will try it. >> Just not finding anything.... >> I don't want to think about it being the girls so I am stuck mucking >> around their pc's. >> >> ----- Original Message ----- >> From: Steven M. Caesare >> To: NT System Admin Issues >> Sent: Wednesday, August 26, 2009 12:32 PM >> Subject: RE: Reporting user fraud >> >> Malwarebytes and/or an offline scan for rootkit? >> >> >> >> -sc >> >> >> >> From: David W. McSpadden [mailto:[email protected]] >> Sent: Wednesday, August 26, 2009 12:16 PM >> To: NT System Admin Issues >> Subject: Re: Reporting user fraud >> >> >> >> FBI pointed to phishing email with a drive by bot\keylogger. >> >> But Trend\VipreRescue\Spybot all come back negative??? Even using Fport >> scanner I don't see anything out of the ordinary??? >> >> ----- Original Message ----- >> >> From: Daniel Rodriguez >> >> To: NT System Admin Issues >> >> Sent: Wednesday, August 26, 2009 12:06 PM >> >> Subject: Re: Reporting user fraud >> >> >> >> Hmmm.... this sounds what happened to Bullit County in Louisville, Ky. >> Someone was logging into the county network and was able to get $416K wired >> out of the country. They just reported it about two months ago. Seems that >> some hacker group was able to access their system and used login and >> passwords of users within the system. >> >> It is fixed, now, and they were able to recover a majority of the money. >> They think that one, or some, of the users were either surfing where they >> were not supposed to, or someone received some type of phishing email. >> >> >> On Wed, Aug 26, 2009 at 11:40 AM, Jon Harris <[email protected]> wrote: >> >> You forgot HR some of them can create positions with salaries or modify a >> persons salary. Either way money could be leaking out that should not be. >> >> >> >> Jon >> >> On Wed, Aug 26, 2009 at 11:12 AM, Jonathan Link <[email protected]> >> wrote: >> >> A is too specific, could've been brute force or an easily guessed password >> in addition to malware/keylogger. >> >> Can you determine what was accessed with any degree of certainty? What >> regulatory agencies is your organization governed by? I'd start with that. >> >> >> >> Interestingly, did you read this Washington Post article? >> >> >> http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?nav=hcmodule&sid=ST2009082500907 >> >> (beware the wrap) >> >> I would also review banking information if this person is at all involved >> with bookkeeping, AP or AR functions. >> >> On Wed, Aug 26, 2009 at 10:59 AM, David W. McSpadden <[email protected]> >> wrote: >> >> If someone has access to your ssl website with valid username and password >> you assume that either 1 of 2 things have happened: >> >> A someone has a keylogger and their computer is compromised. >> >> B someone just out and out gave the information away. >> >> >> >> Is that a correct assessment? >> >> >> >> If you have the IP from the 'hacker' that accessed your website who do you >> report it too??? >> >> Most likely it is a bot and nothing can be done but who do you report it >> too none the less??? >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
