- Securexchange

Criminals committing payment redirection fraud need access to their victim’s mailbox. What techniques do criminals rely on to access the email account of the victim?

Phishing - with deceptive emails leading to fake login pages

Credential stuffing - with passwords leaked in data breaches

Brute forcing - with easy-to-guess passwords

All of the above

Which of the following are the indicators your email account may have been hacked? (select four)

Email forwarding rules appear out of nowhere

Your phone disconnects from the mobile and changes to emergency calls only

The smartphone runs out of battery quicker than usual

You receive multi-factor authentication codes but have not attempted to sign in to your email

Your computer is slow and unresponsive

Colleagues and business partners receive emails that from you that you did not send

You are trying to log into your Office 365 account with your web browser. How you can make sure that the login page is genuine?

The login page features the Microsoft logo

The URL in the bar at the top of the page starts with https://login.microsoftonline.com/

The browser is showing a green padlock

The login page has saved my username and lets me pick it from a list

Why do cybercriminals target the real estate profession? (Select two)

Real Estate businesses tend to follow immature IT practices

Real Estate businesses facilitate high-value bank transactions

Real Estate businesses are less challenging targets compared to other small businesses

Real Estate businesses tend to have cyber insurance

Who is the typical attacker(s) behind a payment redirection fraud?

Loner Larry – A 34 years old IT systems administrator, who still lives in his parents’ basement.

Angry Amelia – A 28 years old IT expert with a gambling addiction.

Wizard Willy – A 14 years old tech genius who hacks everything that can possibly be hacked.

“Evil Corp” – An international organised crime group employing lawyers, linguists, hackers and social engineers.

What is multi-factor authentication?

A security add-on that protects email accounts and other services from password-related attacks

A security add-on that protects email accounts from email spoofing

A security add-on that protects computers from different variants of viruses

None of the above

What are the benefits of password managers (also known as password wallet)? (Select two)

Helps you remember hundreds of unique and strong passwords

Notifies you if any of your passwords are compromised in a data breach

Helps generate file decryption passwords for files and folders encrypted by ransomware

Blocks incoming and outgoing emails featuring passwords inside

Which one of these are business-grade antivirus software brands? (Select three)

ESET

Symantec

Sophos

Amanda

Windows Defender

WannaCry

What is Business Email Compromise?

A cybercrime affecting commercial, Government and non-profit organisations

A cybercrime that relies on email fraud

A cybercrime that cost Australian businesses $60m in 2018

All of the above

Which communications channels do phishing and social engineering rely on?

Email

SMS

Telephone

Postal mail

All of the above

What are the possible consequences of being a victim of payment redirection fraud? (Pick all that apply)

Direct financial loss

Being sued

Bad reputation - Lost future business opportunities

Fines if the data breach is not reported

Increased IT costs (clean-up, digital forensics)

All of the above

Which one of these parties can be part of a supply chain attack targeting your real estate business?

IT Provider

Fellow real estate professions

Recruitment agencies

Clients

All of the above

Why it is important to raise awareness within staff around security best practices and payment redirection fraud?

Because employees are the first and last defence line when it comes to payment transactions

Because security awareness training provides more CPE points than other modules

Because security awareness is a one-off activity and the positive effects last for years

None of the above

Unsolicited emails with Word and PDF documents may contain hidden, executable code that can take over your computer. If the file is opened, the code allows a hacker to access your files and folders, camera, microphone and keystrokes on your keyboard?

True

False

What email alternative could lower the risk of being a victim of Business Email Compromise (BEC) and payment redirection fraud?

InfoTrack’s Securexchange

Skype for Business

Office 365

G Suite

Which insurance may come with complimentary cybersecurity incident response services?

Public Liability (PL)

Professional Indemnity (PI)

Workers Insurance

Cyber Insurance

What should you do if your business becomes a victim of payment redirection fraud? (4 answers are correct)

Call the bank to stop all transactions

Disconnect devices from the internet

Wipe everything, then start rebuilding my IT environment immediately

Contact my IT provider

Change passwords from my compromised computer

Ask for help from your cyber insurance provider

What is the best definition of a supply chain attack?

Getting hacked through a trusted partner or service provider

A convoluted cyber attack through a complex chain of events

A denial-of-service attack preventing your trusted suppliers from contacting you

None of the above

A telephone call is a safe way to confirm the bank account details for a funds transfer.

True

False

Whom should you educate on a regular basis to keep a healthy level of security awareness around payment redirection fraud?

New hires and existing staff

Clients and customers

Partners and suppliers

All of the above