Introduction
The case study concerns the story of Ahmad, a United States resident who returned from his vacation to discover that he had been a victim of a variety of frauds that used his personal information. The thieves had withdrawn money from the victim’s account using a check, reactivated his credit cards and made purchases, had car repairs done under his name, and bought furniture using his credit. The method the thieves used to obtain Ahmad’s information remained unknown, but they had access to details such as his mother’s maiden name. Ultimately, he was able to prove his innocence and refund the fraudulent charges, taking measures to ensure that such an event did not occur again.
Bank Recommendations
There are two possible approaches JP Morgan could have used to ensure that the fraudulent incident did not occur. One involves confirming the cashing of every check with the owner of the account remotely, using their contact information. With this method, Ahmad would have been notified of the $7,200 withdrawal before it could occur and confirmed that the check was fraudulent. However, the tactic is inconvenient for both the bank and the owner of the account. Another tactic would be to allow the account’s owner to set the maximum sum that could be cashed via a check without their physical presence. Ahmad’s limit would be below $7,000, and the second transaction would be blocked, safeguarding most of his money.
Check Website Recommendations
The thieves could break into the victim’s check printing service account because of its inferior protection. All they required was information about the login and the answer to the secret question, which involved the personal information of Ahmad’s mother. The website should have used multifactor authentication, which Moore (2017) describes as highly effective at preventing most varieties of online fraud. With it, Ahmad’s account would have been inaccessible unless one had physical access to his phone. As such, he would be safe while out of the country, and any variety of intrusion would be highly challenging when he was in the United States.
Furniture Store Recommendations
Under the assumption that the store representative who interviewed the thieves was their associate, it is challenging to suggest ways to prevent fraud without inconveniencing legitimate customers. A financial transaction occurred, and the store used the money to purchase the furniture that was ordered. The store should have implemented better monitoring policies and discovered its employee’s suspicious activities earlier. Had it done so, the incident would not have occurred, and the thieves may have been caught.
Credit Card Company Recommendations
The credit card company was susceptible to the fraud because it failed to detect the fact that the people posing as Ahmad were not him. It required the man’s personal information, which they were able to supply due to his careless handling of mail. Collins, Ricks, and van Meter (2015) note that company personnel should require proper user identification, Ahmad’s ID, in this case. The thieves had a sufficiently convincing fake version to persuade the delivery driver, but the employees of a credit card company would have better methods of checking its authenticity. As such, they would have been able to detect a fake and contact the police.
Prevention Recommendations for Ahmad
Ahmad did not take the proper measures to safeguard his information or to make sure that his finances stay safe while he was out of the country. LaPiedra (2014) suggests that he should have begun worrying when he failed to receive several bills and credit card statements. Moreover, Ahmad should have notified his partnered financial institutions that he would be leaving the country. Had he done so, they would know that anyone claiming to be him or acting in his name was highly suspicious. As such, the credit card company would know that the application is fake, and the bank would hesitate before accepting the check.
Mitigation Recommendations for Ahmad
The thieves still had access to Ahmad’s personal information after the incident, though they were unlikely to use it again for fear of attracting the police’s attention. As such, he should have gone to all services that relied on it and made sure to reinforce their security in any way possible. Ahmad also should have demanded that the initial sum used for the testing be returned to him, as it was part of the overall fraud. It may not have been significant compared to the amount withdrawn with the second check, but it was still financial harm done by the scammers.
Phishing Website Detection
Most phishing websites with fake products attract users by offering unrealistically low prices and requiring confidential information before they can purchase the product. Hadnagy and Fincher (2015) recommend that the user thinks critically about the possibility and analyzes the URL to see whether it looks legitimate. It is generally easy to distinguish a fake review from a real one based on the lack of specifics or the repetition of specific points. Additionally, the visitor should be aware of what constitutes their personal information and leave the website when it tries to extract it from them. With these steps, they are likely to avoid most attempts at phishing that use fake storefronts, regardless of their reviews.
Conclusion
Ahmad became a victim of fraud because he did not secure his personal information adequately and because the companies that worked with him did not employ proper security measures. He should have taken care to ensure that no significant financial operations take place in his absence. The check printing service should have enabled multifactor authentication to block any intrusion attempts. The credit card company should have required identification before agreeing to reissue the cards, and other fraud protection steps should have taken place.
References
Collins, P.A., Ricks, T.A., & van Meter, C.W. (2015). Principles of security and crime prevention (4th ed.). New York, NY: Routledge.
Hadnagy, C., & Fincher, M. (2015). Phishing dark waters: The offensive and defensive sides of malicious emails. Indianapolis, IN: John Wiley & Sons.
LaPiedra, J.R. (2014). Identity lockdown: Your step-by-step guide for identity theft protection. Morrisville, NC: Lulu Publishing.
Moore, M. (ed.). (2017). Cybersecurity breaches and issues surrounding online threat protection. Hershey, PA: IGI Global.