David Eves

  • David Eves posted a new activity comment 1 month, 3 weeks ago

    Mustafa: I think this is the culture that we live in right now. Just like many organizations assume they will have their security compromised at some point, many people have that same belief when it comes to their own data. It is funny to think that many organizations have strict password requirements that are updated often, and many employees…[Read more]

  • David Eves posted a new activity comment 1 month, 3 weeks ago

    Sean: I couldn’t agree more – when I was reading it, it felt as though the “promise” of big data was like the promise of the 1080P HDTV several years ago. The technology was there, and you could “buy an HDTV” but the signal coming to that TV would only be 720P. So you were buying an idea for the future. I don’t think it’s a question of big…[Read more]

  • I chose the following article because I thought it would be a good conversation piece given what we discussed in our lecture this past Saturday. Basically, the article is claiming that “big data” isn’t all it wa […]

  • James: great example and I am sorry to hear about your friend; that is an unfortunate series of events. Your friend, however, is a great example of what a “motivated” employee can do when the opportunity presents itself and the rationalization is there. I am sure that once he noticed he could get away with taking the money, it started as just bor…[Read more]

  • My name is David Eves and I am currently an auditor for Temple University. This is my final semester in the program (excluding the capstone) and I have thoroughly enjoyed it thus far. I live in Philadelphia, but […]

  • David Eves commented on the post, Realty Scams, on the site MIS5208 Spring 2017 2 months ago

    Blake: you bring up a good point and one that I was thinking about while reading this article – who does the blame really fall on in this situation? Obviously, the lending company has an obligation, but at what point does it become the victim’s responsibility to defend themselves? In a perfect world, I am sure every company would like to boast abo…[Read more]

  • David Eves commented on the post, Realty Scams, on the site MIS5208 Spring 2017 2 months ago

    Laly: thanks for the comment, and the insight. At my old job with the Purchasing Department here at Temple University, we were a front-facing department to both vendors and “customers” both internal and external. I would see about six of the scam attempts you outlined a week, each one cleverer than before. To your point, I think knowing that the…[Read more]

  • David Eves wrote a new post, Realty Scams, on the site MIS5208 Spring 2017 2 months ago

    To go with what was discussed last Saturday, and this week’s videos, I did some research on scams similar in nature to the 419 scams, and how they affected everyday people. I found the below article to be the m […]

    • Hey David, I enjoyed your post and was not aware things like that even happened. I’m sure plenty of people fall victim to such a scam. Email has most definitely changed the game for scammers. Email has provided the convenience and anonymity, along with the capability for easily contacting thousands of people at once, which enables scammers to work in high volume. Scammers only need to fool a small percentage of the tens of thousands of people they email for their ruse to pay off.

      According to, “Recognizing and Avoiding Email Scams” a U.S. Govt. publication, “any email scams have existed for a long time. In fact, a few them are merely “recycled” scams that predate the use of email”. The FTC has a list of the 12 most common (http://www.ftc.gov/opa/1998/07/dozen.shtm).
      The list includes:
      • “free” goods
      • investment opportunities
      • bulk email schemes
      • cable descrambler kits
      • “guaranteed” loans or credit
      • Make a Regular Income with Online
      • Put your computer to work for you!
      • bogus business opportunities
      • chain letters
      • work-at-home schemes
      • health and diet scams
      • easy money

    • I often wonder how many people fall victim to these scams. I know that they only need a small percentage to for these to work, but then I log onto to social media and see my friends posting some stupid thing saying that they don’t give facebook the right to steal their photos or something, and they believe they are protecting their account. Then you also have the pyramid schemes.

      Getting back to Dave’s post, the best way for this gentlemen to protect himself would have been to call the lender. Not the phone listed in the email, which may have been fake, but the one on his statement. They could tell him if the first contact was legit, and also where the money was to be sent. You also need to be wary of any email that says the payment system is down. Most websites will tell you to try again when you go to make the payment, but would not email you.

    • Laly: thanks for the comment, and the insight. At my old job with the Purchasing Department here at Temple University, we were a front-facing department to both vendors and “customers” both internal and external. I would see about six of the scam attempts you outlined a week, each one cleverer than before. To your point, I think knowing that the types of emails you identified are the ones these scams are predicated upon really help a person (or a company) in their respective defense. However, as the article revealed, these scams are evolving and randomness is only one characteristic. Now you must factor in timing and the notion that these attackers may have pre-existing knowledge (i.e. knowing that you just bought a house and need to make payments by a certain deadline), and that it is very concerning. I wonder – outside of communications – if there is any other way to defend against that?

    • Blake: you bring up a good point and one that I was thinking about while reading this article – who does the blame really fall on in this situation? Obviously, the lending company has an obligation, but at what point does it become the victim’s responsibility to defend themselves? In a perfect world, I am sure every company would like to boast about how they can successfully help their customers avoid these scams, but the reality is it is somewhat of a gray area because a company can only do so much. I think that the firm in this article should have / could have done more for their customers than just a notice buried at the bottom of emails, but – like you said – shouldn’t the victim have taken proper precautions as opposed to just blindly trusting an email requesting payment? It is an interesting situation when it’s not as clear-cut as the 419 scams we talked about it last week.

      • I agree, the companies can only do so much. The customer in this case should have been suspicious , especially of that second email.

    • David, I would have to agree with you completely when you say communication is KEY. These hackers, although most likely did an efficient enough job to trick a new homeowner such as Howard here, could have easily been exposed through the simple and direct solution of communication. Sethi Partnership should have undoubtedly included more information on potential fraud in more than just their emails, and provided personal one-on-one counsel on ways to recognize and avoid scams.

      Villanova’s Department of Public Safety has an information-packed article on how to recognize and avoid scams, ranging from simple tips to vetting softwares. It can be found here: https://www1.villanova.edu/villanova/publicsafety/crime/recognizing_and_avoiding_email_s.html.

      According to the site, the following are some recommendations that can minimize your chances of falling victim to an email scam: filter spam, don’t trust unsolicited emails, treat email attachments with caution don’t click links in email messages, install antivirus software and keep it up to date, install a personal firewall and keep it up to date and configure your email client for security.

    • Great post, David. If we apply the same concept on fraud detection on an organization, the communication skills is a key also since the common drive for committing fraud is personal desired and needs, so having a close relationship with other on the same firm will help to predict who may commit a fraud and have a chance to stop him and decrease the impact.

  • David Eves posted a new activity comment 3 months, 3 weeks ago

    Mushima: great point because I think that that is exactly what was happening here – the auditors were treating the audits as tasks that had to get done, or a “check-box exercise,” as you put it. It appeared as though IT was treated separate from the business function at TJX, and that proved costly. The lack of PCI compliance is just one of many…[Read more]

  • David Eves posted a new activity comment 3 months, 3 weeks ago

    The attack that TJX Companies Inc. fell victim to was unfortunate on many levels, however, the worst aspect was that it was easily preventable from an IT audit perspective. In retrospect, the fatal flaws that were exploited by the criminals involved were glaring, and – as newly appointed CSO Owen Richel would soon find out – very correctable had…[Read more]

  • David Eves posted a new activity comment 3 months, 3 weeks ago

    Matt: great answers and I think the explanation you provide about internal auditors is accurate, which is why this particular case was so confusing. Was it just lack of IT governance, or IT / business knowledge, or both? Whatever the reason, it seems both internal and external auditors failed TJX; and I think it is more obvious form an internal…[Read more]

  • David Eves posted a new activity comment 3 months, 3 weeks ago

    Julien: great analysis and yes, the majority of the blame for this particular incident needs to fall on the auditors who overlooked a bevy of issues that directly resulted in the breach. Obviously, the PCI DSS compliance issues are huge, and very unfortunate to have been missed by the auditors. However, I think your point about the USB ports on…[Read more]

  • David Eves posted a new activity comment 3 months, 3 weeks ago

    Anthony: I couldn’t agree more with your ending – I would even take it a step further and say that the entire staff needs to focus on IT, from the top down. I got the sense that upper management viewed IT as one of those “as long as the lights are on, who cares?” departments, and we can clearly see how that worked out for everyone. Richel needs t…[Read more]

  • David Eves posted a new activity comment 3 months, 4 weeks ago

    I found this article over the weekend from Google Alerts, and I thought it was really interesting – and somewhat concerning. Apparently, there is a Chinese cyber security firm that has taken “social engineering” to the next level by removing the human interaction and reducing it down to the basic hardware. As the article states, Pentagon int…[Read more]

  • David Eves posted a new activity comment 3 months, 4 weeks ago

    Nathan: really good article, and I was just thinking this when commenting on someone’s post the other week – the more improvements / integrations we make with incorporating AI into Cyber Security, the stronger it seems, right? However, what is to stop the hackers from using it against us or – as this article reveals – making their own d…[Read more]

  • David Eves posted a new activity comment 3 months, 4 weeks ago

    Matt: I have always wondered why you don’t see more attacks like this, because – unfortunately – it really puts this type of business (especially during this time of year) in a “have-to-pay” position. I know the article says how it was resolved is still undetermined, but if we assume they paid the very arbitrary number of $73,000 – how much more…[Read more]

  • David Eves posted a new activity comment 3 months, 4 weeks ago

    Blake: I agree with you and Darin, and the article does raise an interesting question – why do people still fall for these sort of attack? I can tell you that the ones I see on an almost weekly basis are obvious, but is that just because I have the education? Many people in my office fall victim to rather simple attempts whether at work, or at…[Read more]

  • David Eves posted a new activity comment 3 months, 4 weeks ago

    James: I have to agree you with you, however, I am curious as to know what best practices or procedures were in place for this “upgrade” that was the catalyst for this breach? All the article details is that a “staff login” was used, but there is no information about how this was obtained and the route taken to the stolen data. What I mean is, was…[Read more]

  • David Eves posted a new activity comment 4 months, 1 week ago

    James: what a creative, yet ingenious concept, and the fact that is so close to becoming reality is crazy. While this is no way my field of expertise, I think I am following along on how it can be virtually insusceptible to breaches and eavesdropping, but – much like the article Anthony posted about AIs – couldn’t the system that operates the s…[Read more]

  • David Eves posted a new activity comment 4 months, 1 week ago

    Julien: This is another example of countries hurting themselves in an attempt to “secure data” by forcing companies who do business with them to have a local data repository that house their country’s specific data. I am sure that provides some sort of financial kick-back or incentive, but companies may just choose to not do business in Russi…[Read more]

  • Load More
Skip to toolbar