When the website of Fortune Department Store (Fortune) began acting sluggishly, the junior computer operator received an email:

From: IBM [antifraudibm@yahoo.com] To: Ms. Chan As part of our continuing commitment to protect your account and to reduce instance of fraud on your website, we are performing a periodic review. Therefore, you are requested to click the link shown below. You will be guided to provide information about your account. All your information is safe with us as we are your security provider. This procedure is essential for the continuity of your departments website. Otherwise, your website may be blocked. Please click: user-fortune.com/sigin/login.jsp We are grateful for your cooperation. The next morning, the website was worse. A call to IBM confirmed Fortunes suspicion: Someone had impersonated an IBM repairman to gain unauthorized access to the system and destroy the database. Fortune was also concerned that the intruder had devised a program that would let him get back into the system even after all the passwords were changed.

Required: (a) Describe the techniques that the perpetrator has employed to breach Fortunes internal security? (b) What could the company do to avoid this type of incident in the future?