Filed the IC3. No crime to report but unauthorized use of the account.
----- Original Message -----
From: "Steven Peck" <[email protected]>
To: "NT System Admin Issues" <[email protected]>
Sent: Wednesday, August 26, 2009 1:12 PM
Subject: Re: Reporting user fraud
To be honest, that isn't your direct problem. File a criminal report.
Proceed from there.
On Wed, Aug 26, 2009 at 9:58 AM, Jonathan Link<[email protected]>
wrote:
The other thing to consider is where these employees sit in the fraud
triangle, opportunity, perceived personal need, rationalization of actions
Also consider, are they always there, do they never take vacation, do they
come to work sick when they shouldn't be? Has their behavior with other
coworkers changed recently? Do they have family members suddenly ill with
a
lot of medical bills?
On Wed, Aug 26, 2009 at 12:33 PM, David W. McSpadden <[email protected]>
wrote:
I will try it.
Just not finding anything....
I don't want to think about it being the girls so I am stuck mucking
around their pc's.
----- Original Message -----
From: Steven M. Caesare
To: NT System Admin Issues
Sent: Wednesday, August 26, 2009 12:32 PM
Subject: RE: Reporting user fraud
Malwarebytes and/or an offline scan for rootkit?
-sc
From: David W. McSpadden [mailto:[email protected]]
Sent: Wednesday, August 26, 2009 12:16 PM
To: NT System Admin Issues
Subject: Re: Reporting user fraud
FBI pointed to phishing email with a drive by bot\keylogger.
But Trend\VipreRescue\Spybot all come back negative??? Even using Fport
scanner I don't see anything out of the ordinary???
----- Original Message -----
From: Daniel Rodriguez
To: NT System Admin Issues
Sent: Wednesday, August 26, 2009 12:06 PM
Subject: Re: Reporting user fraud
Hmmm.... this sounds what happened to Bullit County in Louisville, Ky.
Someone was logging into the county network and was able to get $416K
wired
out of the country. They just reported it about two months ago. Seems
that
some hacker group was able to access their system and used login and
passwords of users within the system.
It is fixed, now, and they were able to recover a majority of the money.
They think that one, or some, of the users were either surfing where they
were not supposed to, or someone received some type of phishing email.
On Wed, Aug 26, 2009 at 11:40 AM, Jon Harris <[email protected]> wrote:
You forgot HR some of them can create positions with salaries or modify a
persons salary. Either way money could be leaking out that should not be.
Jon
On Wed, Aug 26, 2009 at 11:12 AM, Jonathan Link <[email protected]>
wrote:
A is too specific, could've been brute force or an easily guessed
password
in addition to malware/keylogger.
Can you determine what was accessed with any degree of certainty? What
regulatory agencies is your organization governed by? I'd start with
that.
Interestingly, did you read this Washington Post article?
http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?nav=hcmodule&sid=ST2009082500907
(beware the wrap)
I would also review banking information if this person is at all involved
with bookkeeping, AP or AR functions.
On Wed, Aug 26, 2009 at 10:59 AM, David W. McSpadden <[email protected]>
wrote:
If someone has access to your ssl website with valid username and
password
you assume that either 1 of 2 things have happened:
A someone has a keylogger and their computer is compromised.
B someone just out and out gave the information away.
Is that a correct assessment?
If you have the IP from the 'hacker' that accessed your website who do
you
report it too???
Most likely it is a bot and nothing can be done but who do you report it
too none the less???
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
