App State ripped off for $2M in Email Scam
Posted: Mon May 15, 2017 10:02 pm
http://www.yosefscabin.com/forum/
Wait, they kept their job? What gets you fired at ASU if losing two million dollars doesn't?bigCasu wrote:You have to make sure you have double and triple checked everything before you push the button on a $2 mil wire transfer. This employee should consider themselves lucky if they have retained their job, regardless if the money has been recovered or not.
You can find more unicorns than fired public employees.Gonzo wrote:Wait, they kept their job? What gets you fired at ASU if losing two million dollars doesn't?bigCasu wrote:You have to make sure you have double and triple checked everything before you push the button on a $2 mil wire transfer. This employee should consider themselves lucky if they have retained their job, regardless if the money has been recovered or not.
I work for a government agency and we have had plenty of people let go over the years.Rick83 wrote:I would say that it would depend on whether or not the employee followed the internal control procedures in place in the Controller's office, would determine if they are fired or not. If they didn't follow the procedures or were simply careless, and had been trained on the proper procedures, then they should be fired. If they were granted authority to perform wire transactions but were not trained on the proper internal control procedures, then whomever granted them the wire authorization rights should be fired. If the internal control procedures are lacking then a review should be completed. Wires over a certain amount should not be a single user function, one person should set up the wire and then a second person should be required to approve it before it's submitted which is all controlled by passwords and usually requiring a random number generating device, like a key fob, which are issued by the larger banks. It's difficult for governmental agencies to fire people so I doubt anything will be done unless it's proven the person was involved in the fraud.
Glad to hear that there's a government agency out there that's willing and able to terminate non-performers, I don't believe that's the normal practice of governmental institutions (especially at the federal and state levels) unless budget authorizations are cut and they're forced to eliminate positions. Didn't mean to offend government employees as there are tons of great, necessary and vital government workers but there's a stark difference between the private and public sectors. Also, glad to hear that you've got some internal controls on funds disbursement as all entities should, especially in today's world of cyber crime.JTApps1 wrote:I work for a government agency and we have had plenty of people let go over the years.Rick83 wrote:I would say that it would depend on whether or not the employee followed the internal control procedures in place in the Controller's office, would determine if they are fired or not. If they didn't follow the procedures or were simply careless, and had been trained on the proper procedures, then they should be fired. If they were granted authority to perform wire transactions but were not trained on the proper internal control procedures, then whomever granted them the wire authorization rights should be fired. If the internal control procedures are lacking then a review should be completed. Wires over a certain amount should not be a single user function, one person should set up the wire and then a second person should be required to approve it before it's submitted which is all controlled by passwords and usually requiring a random number generating device, like a key fob, which are issued by the larger banks. It's difficult for governmental agencies to fire people so I doubt anything will be done unless it's proven the person was involved in the fraud.
As for wires, we require double authorization for every wire transfer we make.
No offense taken here. I just wanted people to know not all tax payer back operations are run that way. Of course we're an off-shoot of a city so its a little different.Rick83 wrote:Glad to hear that there's a government agency out there that's willing and able to terminate non-performers, I don't believe that's the normal practice of governmental institutions (especially at the federal and state levels) unless budget authorizations are cut and they're forced to eliminate positions. Didn't mean to offend government employees as there are tons of great, necessary and vital government workers but there's a stark difference between the private and public sectors. Also, glad to hear that you've got some internal controls on funds disbursement as all entities should, especially in today's world of cyber crime.JTApps1 wrote:I work for a government agency and we have had plenty of people let go over the years.Rick83 wrote:I would say that it would depend on whether or not the employee followed the internal control procedures in place in the Controller's office, would determine if they are fired or not. If they didn't follow the procedures or were simply careless, and had been trained on the proper procedures, then they should be fired. If they were granted authority to perform wire transactions but were not trained on the proper internal control procedures, then whomever granted them the wire authorization rights should be fired. If the internal control procedures are lacking then a review should be completed. Wires over a certain amount should not be a single user function, one person should set up the wire and then a second person should be required to approve it before it's submitted which is all controlled by passwords and usually requiring a random number generating device, like a key fob, which are issued by the larger banks. It's difficult for governmental agencies to fire people so I doubt anything will be done unless it's proven the person was involved in the fraud.
As for wires, we require double authorization for every wire transfer we make.
Pretty much my experiences when I worked in that industry. Generally, wires over a certain amount required additional authority from a higher-up at a financial institution. This example certainly falls under that category. Likely the employee delivered the wire instructions to the bank. Not the bankers fault for following the demands of their client.Rick83 wrote:I would say that it would depend on whether or not the employee followed the internal control procedures in place in the Controller's office, would determine if they are fired or not. If they didn't follow the procedures or were simply careless, and had been trained on the proper procedures, then they should be fired. If they were granted authority to perform wire transactions but were not trained on the proper internal control procedures, then whomever granted them the wire authorization rights should be fired. If the internal control procedures are lacking then a review should be completed. Wires over a certain amount should not be a single user function, one person should set up the wire and then a second person should be required to approve it before it's submitted which is all controlled by passwords and usually requiring a random number generating device, like a key fob, which are issued by the larger banks. It's difficult for governmental agencies to fire people so I doubt anything will be done unless it's proven the person was involved in the fraud.
That $460,000 was turned into an official/bank/cashiers check. That's the only way to track that instrument as those items are 99% of the time considered guaranteed funds. If the crook was smart he would have signed that document over to someone and hoped to receive some portion of the funds back in cash. He certainly cannot try and cash or deposit that check at this point in time.Gonzo wrote:So....any word on the half a million bones that were still missing as of yesterday? They seem to be patting themselves on the back about their response a lot given the amount still missing.
I don't know the culpability of the one person who pressed send, but whether it's a procedure problem or a single human error, somebody ****ed up. They need to make overtures to alumni who can barely raise $500k in a fund raising campaign. I don't need anyone hung, drawn, and quartered necessarily, but do something to make me feel better about the check I write every year.
Has a suspect been identified? If not, he might be a she, or a person with a gender identity crisis. Just sayin.bigCasu wrote: That $460,000 was turned into an official/bank/cashiers check. That's the only way to track that instrument as those items are 99% of the time considered guaranteed funds. If the crook was smart he would have signed that document over to someone and hoped to receive some portion of the funds back in cash. He certainly cannot try and cash or deposit that check at this point in time.
A scam like this, the culprit could be on the other side of the world and likely never to be caught. The best the University can hope for is to recover the monies, which at some point a cost/benefit analysis will be needed. This is why it is so important to always double and triple check your work. I agree with C - the controls likely broke down at the University. Not the Bank.CVAPP wrote:Has a suspect been identified? If not, he might be a she, or a person with a gender identity crisis. Just sayin.bigCasu wrote: That $460,000 was turned into an official/bank/cashiers check. That's the only way to track that instrument as those items are 99% of the time considered guaranteed funds. If the crook was smart he would have signed that document over to someone and hoped to receive some portion of the funds back in cash. He certainly cannot try and cash or deposit that check at this point in time.
