Subject: IT Audit & Control Case Studies: Email phishing Identifications: 1. Email sent from abc@def.gov.au but not able to confirm whether the sender IP is true from the DEF mail server. Cannot confirm email authentication is correct or not because there is no proof of full email header to be identified. 2. There is CC to unofficial email amixcode@gmail.com and it is not known who owns it. 3. Contains a link that leads to a website similar to DEF but with an unofficial domain from DEF, namely: def.njnk.my.au 4. The results of the domain ownership of njnk.my.au, it looks like domain using the private feature so that no one knows fwho the owner is. 5. Checking the IP that leads to def.njnk.my.au web and it looks like the server is not from Australia. Recommendation Use a secure password with the following criteria: At least 8 characters Combinations of numbers, letters and special characters Do not use passwords that are easy to guess, for example passwords that use birth dates, numbers 12345, children's names, etc. Companies or official / legitimate agencies never ask for sensitive information, so be careful when providing information Companies or official / legal institutions use formal language Companies or legal institutions usually call by name The company or official / legal institution has an official domain so make sure the domain you are accessing is correct Official / legal companies or agencies do not insist on accessing their website. Sometimes phishing emails are coded entirely as hyperlinks. Therefore, accidentally or intentionally clicking anywhere in the e-mail will open a fake web page or download spam to your computer. The legitimate company or agency link matches the valid URL as well. If the link in the text is not identical to the URL that is displayed, then that is a sign that you have been taken to a place that you do not want to visit. And make sure the URL uses an official domain. Questions: 3. Describe the stages of the audit work and provide a detailed explanation at each stage that must be carried out for the case study. NOTES: Please give me detailed answers (with explanations), so I could learn from it and try to solve another audit problem myself. Thank you very much Subject: IT Audit & Control Case Studies: Email phishing Identifications: 1. Email sent from abc@def.gov.au but not able to confirm whether the sender IP is true from the DEF mail server. Cannot confirm email authentication is correct or not because there is no proof of full email header to be identified. 2. There is CC to unofficial email amixcode@gmail.com and it is not known who owns it. 3. Contains a link that leads to a website similar to DEF but with an unofficial domain from DEF, namely: def.njnk.my.au 4. The results of the domain ownership of njnk.my.au, it looks like domain using the private feature so that no one knows fwho the owner is. 5. Checking the IP that leads to def.njnk.my.au web and it looks like the server is not from Australia. Recommendation Use a secure password with the following criteria: At least 8 characters Combinations of numbers, letters and special characters Do not use passwords that are easy to guess, for example passwords that use birth dates, numbers 12345, children's names, etc. Companies or official / legitimate agencies never ask for sensitive information, so be careful when providing information Companies or official / legal institutions use formal language Companies or legal institutions usually call by name The company or official / legal institution has an official domain so make sure the domain you are accessing is correct Official / legal companies or agencies do not insist on accessing their website. Sometimes phishing emails are coded entirely as hyperlinks. Therefore, accidentally or intentionally clicking anywhere in the e-mail will open a fake web page or download spam to your computer. The legitimate company or agency link matches the valid URL as well. If the link in the text is not identical to the URL that is displayed, then that is a sign that you have been taken to a place that you do not want to visit. And make sure the URL uses an official domain. Questions: 3. Describe the stages of the audit work and provide a detailed explanation at each stage that must be carried out for the case study. NOTES: Please give me detailed answers (with explanations), so I could learn from it and try to solve another audit problem myself. Thank you very much