Tricks of the Fraud Trade
This sneaky method involves tricking you into giving away personal information, often with an email that looks too good to be true.
a) Phishing
b) Ransomware
c) Spoofing
What is Phishing (A)?
Attackers use this trial-and-error method to guess login credentials by systematically attempting every possible combination until they find the correct one.
A) Credential Stuffing
B) Brute Force Attack
C) Dictionary Attack
What is a Brute Force Attack (B)?
When creating a password, this practice ensures it’s not something a hacker could guess, like "123456" or "password."
A) Password Complexity
B) Credential Rotation
C) Encryption Standards
What is Password Complexity (A)?
When a call center representative asks to confirm the last four digits of a member’s Social Security number, they’re performing this type of identity check.
A) Identify Verification
B) Knowledge-Based Authentication
C) Data Confirmation Check
What is Knowledge-Based Verification (B)?
This common risk mitigation strategy involves regularly saving copies of critical data in case of system failures or attacks.
A) Disaster Recovery Planning
B) Data Backup
C) System Redundancy
What is Data Backup (B)?
Fraudsters use this scheme to reroute pension payments to their own accounts by submitting fake direct deposit change forms.
A) Identity Theft
B) Payment Redirection Fraud
C) Wire Transfer Scam
What is Payment Redirection Fraud (B)?
An employee accessing pension member records at odd hours without a valid reason should raise this type of red flag.
A) Insider Threat
B) Access Policy Violation
C) Unauthorized Access
What is an Insider Threat (A)?
This routine maintenance task is essential for closing security gaps and keeping hackers from exploiting outdated vulnerabilities in your software.
A) System Hardening
B) Vulnerability Scanning
C) Software Patching
What is Software Patching (C)?
This step ensures that only authorized users access systems by asking for credentials like a password or PIN. It’s the first line of defense against unauthorized access.
A) Authentication
B) Access Control
C) Credential Verification
What is Authentication (A)?
To reduce the risk of phishing attacks, organizations train employees to recognize suspicious emails as part of this broader strategy.
A) Email Filtering Policies
B) Incident Response Planning
C) Security Awareness Training
What is Security Awareness Training (C)?
This in-person scheme may involve fraudsters closely following employees to gain unauthorized access to pension fund offices and sensitive data without raising suspicion.
A) Dumpster Diving
B) Tailgating
C) Prefixing
What is Tailgating (B)?
If a member reports they never requested the recent account changes you processed, this red flag should have you double-checking.
A) Payment Redirection Fraud
B) Unauthorized Account Access
C) Social Engineering Attempt
What is Unauthorized Account Access (B)?
This process limits employees' access to only the information and systems required for their tasks, focusing on minimizing permissions.
A) Least Privilege Principle
B) Access Control Management
C) Role-Based Authorization
What is the Least Privilege Principle (A)?
Verifying someone’s identity using physical characteristics like fingerprints or facial recognition falls under this type of authentication method.
A) Multi-Factor
B) Token-Based
C) Biometric
What is Biometric (C)?
To minimize downtime after a cyberattack or system failure, organizations create this detailed plan that outlines steps to recover and restore operations.
A) Disaster Recovery Plan
B) Business Continuity Strategy
C) Incident Response Plan
What is a Disaster Recovery Plan (A)?
This scam involves fraudsters leaving USB drives labeled "Confidential Pension Documents" in public areas, hoping employees plug them in to work computers.
A) Phishing Attempt
B) Shoulder Surfing
C) Baiting Attack
What is a Baiting Attack (C)?
A single employee has unrestricted access to both approving and processing pension fund transactions. This red flag could indicate a lack of this critical cybersecurity control.
A) Separation of Duties
B) Access Control Policies
C) Least Privilege Principle
What is Separation of Duties (A)?
This practice requires verifying your identity with something you know (password) and something you have (a code or device) to access accounts.
A) Biometric Verification
B) Multi-Factor Authentication (MFA)
C) Token-Based Security
What is Multi-Factor Authentication - MFA (B)?
This identity verification process ensures that employees can only access the systems or data relevant to their specific roles.
A) Identify & Access Management
B) Privilege Segmentation
C) Role-Based Access Control (RBAC)
What is Role-Based Access Control (C)?
This strategy involves dividing a network into smaller, isolated sections to limit the spread of malware or unauthorized access in case of a breach.
A) Firewall Zoning
B) Network Segmentation
C) Access Control Partitioning
What is Network Segmentation (B)?
This advanced scheme involves fraudsters creating fake pension fund websites that mimic the real one, tricking members into entering their login credentials or personal information.
A) Website Spoofing
B) Credential Harvesting
C) Man-in-the-Middle Attack
What is Website Spoofing (A)?
When someone calls claiming they’re the ‘lucky winner’ of a benefits payout, but their contact details don’t match your records, it’s time to call security before they cash in. What is this suspicious behavior called?
A) Identify Verification Mismatch
B) Pretexting
C) Record Discrepancy Alert
What is Identity Verification Mismatch (A)?
This advanced cybersecurity technique involves simulating attacks to identify and address vulnerabilities in your systems before malicious actors can exploit them.
A) Blue Team Assessment
B) Vulnerability Scanning
C) Penetration Testing
What is Penetration Testing (C)?
Platforms like LexisNexis and Socure use this type of analysis, combining historical records and real-time digital behavior, to verify identities and detect fraud.
A) Predictive Identify Verification
B) Behavioral Biometrics
C) Data Analytics Fraud Detection
What is Predictive Identity Verification (A)?
When an organization uses isolated virtual environments to analyze and detonate suspicious files without risking the main network, it’s employing this risk mitigation technique.
A) Sandboxing
B) Virtualization Testing
C) Containment Analysis
What is Sandboxing (A)?