Topic 11 Consumer Fraud and Ecommerce Fraud

Question 1

Phishing is the method of:
a. Using e-mail or other Internet applications to deceive people into disclosing valuable personal information.
b. Convincing a person to divulge personal information over the telephone.
c. Hacking into another’s computer files to access personal information.
d. Hiring a con artist to steal personal information from a person.

Answer 1

a)

Question 2

Multilevel marketing companies:
a. Are illegal.
b. Increase their distribution process by recruiting additional company sales representatives.
c. Can legally pay commission to representatives for simply signing up new recruits.
d. Require little time and effort to be successful.

Answer 2

b)

Question 3

In order to protect yourself from identity theft, you should:
a. Only give out your SSN when purchasing a product online or over the telephone.
b. Always shred receipts, credit card offers, doctor’s bills, insurance information, or any other documents that contain sensitive personal information.
c. Leave your wallet at home or in the car.
d. Maintain the same password for every personal account.
e. Do all of the above.

Answer 3

b)

Question 4

The Gramm-Leach-Bliley Act gives you the right to:
a. Periodically change your SSN to avoid identity theft.
b. Receive a yearly stipend to cover the losses incurred as a victim of identity fraud.
c. Claim your high credit report although an identity fraudster has damaged it severely.
d. Sue the perpetrator for more money than he or she defrauded from you.
e. Opt. out of having your personal information sold to organizations.

Answer 4

e)

Question 5

If you become a victim of identity theft, you should first:
a. Wait to see where the perpetrator is spending your money; then, using this information, plan an investigation with the local FBI organization.
b. Contact friends and neighbors to inquire if they have any useful information about the perpetrator.
c. Contact the Federal Trade Commission for assistance and advice.
d. Do none of the above.

Answer 5

c)

Question 6

Which of the following is a common characteristic of fraudulent money offer letters?
a. The letter will ask for help, convincing the victim that assistance is desperately needed.
b. Through the letter, the perpetrator will try to build a relationship of trust with the victim.
c. The letter promises the victim a large amount of money for little or no effort on the victim’s part.
d. The letter will make the victim feel that he or she is the only person receiving the “once in a lifetime” offer.
e. All the above.

Answer 6

e)

Question 7

The major reason that elderly people are so susceptible to telemarketing fraud is that they:
a. Are often financially in need.
b. Have an excess amount of cash to invest.
c. Are often lonely and enjoy talking to friendly callers.
d. Are none of the above.

Answer 7

c)

Question 8

Consumers should provide credit card numbers or bank account information over the telephone only when:
a. They initiated the call and are purchasing a legitimate product.
b. They are asked to give the information.
c. The entity receiving this information is a legitimate company.
d. They feel confident that the receiving entity will protect such information.
e. Doing so qualifies them to receive certain financial benefits.

Answer 8

a)

Question 9

What is the best defense against consumer fraud?
a. Signing up with the national do not call registry.
b. Purchasing credit card insurance.
c. Educating yourself about credit card risks.
d. Calling the Federal Trade Commission (FTC).

Answer 9

c)

Question 10

What does “https” stand for?
a. Hypertext transfer protocol (secure).
b. Hypertext transfer point (site).
c. Hypertext transfer protocol (system).
d. Hypertext transfer protocol (sign).

Answer 10

a)

Question 11

Which of the following is not listed in the chapter as a common characteristic of Nigerian scam letters?
a. The promise of money to lure victims.
b. Urgency to invest quickly.
c. Picture of perpetrator to assure victims.
d. Strong ties to high-ranking foreign officials to lure victims.

Answer 11

c)

Question 12

Which of the following institutions would not be very helpful to call in the event of identity theft?
a. IRS.
b. Social Security Administration.
c. Local chamber of commerce.
d. A credit reporting agency.

Answer 12

c)

Question 13

14. What is one way to determine if a website is secure or not?
    a. Look for the official logo of the company you want to deal with.
    b. Look for an “s” after the “http” in the URL of the Web site.
    c. Click on a link to see if it works.
    d. Call the FTC and ask about the ISP address of the Web site.

Answer 13

b)

Question 14

Those most susceptible to consumer fraud are often:
a. Uneducated or elderly.
b. Wealthy and prominent.
c. Troubled with credit card debt.
d. None of the above

Answer 14

a)

Question 15

Which of the following is not a fraud risk unique to e-business transactions?
a. Innovative technologies where security lags process development.
b. Selling new products.
c. Complex information systems.
d. Removal of personal contact.

Answer 15

b)

Question 16

E-business transactions make it easier to commit which of the following types of frauds?
a. Kickbacks.
b. Customer impersonation.
c. Setting up dummy companies.
d. Stealing petty cash.

Answer 16

b)

Question 17

Which of the following is not an element of a company’s control environment?
a. Audit committee participation.
b. Management’s philosophy.
c. Hiring policies.
d. Independent checks.

Answer 17

d)

Question 18

Which of the following is not an internal control activity or procedure?
a. Physical safeguards.
b. Segregation of duties.
c. Internal auditors.
d. Documents and records.

Answer 18

c)

Question 19

Which of the following fraud risks involves changing IP addresses? a. Spoofing.
b. Sniffing.
c. False Web sites.
d. Customer impersonation.

Answer 19

a)

Question 20

Which of the following fraud risks involves viewing information as it passes along network channels?
a. Sniffing.
b. Spoofing.
c. False Web sites.
d. Web hijacking.

Answer 20

a)

Question 21

Using a subtly different Internet host name to mimic another business is known as:
a. Spoofing.
b. Sniffing.
c. Web-visit hijacking.
d. Falsified identity.

Answer 21

c)

Question 22

Passwords and biometrics are both:
a. Authorization controls.
b. Independent check controls.
c. Physical controls.
d. Document controls.

Answer 22

a)

Question 23

Which of the following human features is generally not used in biometrics?
a. Fingerprints.
b. Voice tones.
c. Retina patterns.
d. Weight.

Answer 23

d)

Question 24

Which of the following types of controls is least often used to protect IT processing equipment?
a. Physical controls.
b. Authorization controls.
c. Independent checks or reference.
d. Documents and records.

Answer 24

d)

Question 25

What is the most important factor in control effectiveness?
a. Clear policies regarding controls.
b. An understanding of e-business networks.
c. The use of random monitoring.
d. The “tone at the top.”

Answer 25

d)

Question 26

Secure web connections are based on:
a. DNS.
b. FTP.
c. HTTPS.
d. FTPS.

Answer 26

c)

Question 27

Which of the following statements correctly describes consumer fraud?
a. Any fraud that is committed by a consumer
b. Any fraud that targets individuals as victims
c. Any fraud that is committed against an organization
d. Any fraud that is instigated from a separate country

Answer 27

b)

Question 28

According to the Federal Trade Commission, what is the most common type of consumer fraud?
a. Identity theft
b. Ponzi scheme
c. Magazine fraud
d. Telephone fraud

Answer 28

a)

Question 29

Which of the following identity theft actions listed is part of the trial stage, first dimensional actions?
a. Efforts to gain victim’s personal information
b. Larger thefts, often involving personal interaction, without much chance of getting caught
c. Largest thefts committed after perpetrators have confidence that their schemes are working
d. Small thefts to test the stolen information

Answer 29

d)

Question 30

Which of these is a second dimensional action in the trial stage of the identity theft?
a. Larger thefts, often involving personal interaction, without much chance of getting caught
b. Smallest thefts that lay down a solid foundation for the perpetrator to commit identity theft
c. Largest thefts committed after perpetrators have confidence that their schemes are working
d. Small thefts to test the stolen information

Answer 30

a)

Question 31

Which stage is considered to be the most critical stage of the identity theft cycle?
a. Action stage
b. Trial stage
c. Discovery stage
d. Cover-up stage

Answer 31

b) This is where the fraudster’s work starts to pay off

Question 32

Which of the following statements defines shoulder surfing?
a. Criminals physically confront consumers forcing them to reveal their valuable information.
b. Criminals follow consumers to discover their buying habits.
c. Criminals sneak into victims’ homes and steal their information.
d. Criminals watch consumers from a nearby location as they give credit card information over the phone

Answer 32

d)

Question 33

Which of the following is NOT an action to minimize your risk of identity theft?
a. Opting out of pre-approved credit cards
b. Shredding mail that contains detailed information
c. Using strong passwords and changing them often
d. Using Social Security number on visiting cards

Answer 33

d)

Question 34

How do fraudsters use “cookie” type software?
a. To automatically remove web histories after one closes the web browser
b. To initiate pop-ups to unknown sites to gather valuable consumer information
c. To show the status of a Web site to be secure
d. To gather personal and confidential information from consumers’ hard drives

Answer 34

d)

Question 35

Which of the following is a true statement regarding the Gramm-Leach-Bliley Act?
a. The act gives financial institutions the right to share personal information for a profit.
b. The act expressly requires financial institutions to protect against identity theft.
c. The act allows financial institutions to share personal information, as long as it is not for a profit.
d. The act protects confidentiality of customer information.

Answer 35

a)

Question 36

A Nigerian money offer e-mail is a form of which of the following scams?
a. Foreign advance-fee scam
b. Purchase of real estate scam
c. Clearinghouse scam
d. Multilevel marketing scam

Answer 36

a)

Question 37

A clearinghouse scam involves a victim receiving:
a. a letter that claims he or she has inherited a significant amount of money.
b. mail from a known party who claims to have access to large sums of money or assets.
c. a letter that falsely claims the writer represents a foreign bank.
d. an email containing their Social Security number and/or credit information.

Answer 37

c)

Question 38

Which of the following is not a characteristic of a Nigerian money offer scam?
a. States the need for urgent assistance
b. Makes the victim feel like he or she is the only recipient of the special opportunity
c. Involves someone trying to sell a piece of prime African real estate
d. The e-mail is the promise of money and asks for help

Answer 38

c)

Question 39

All of the following are types of foreign advance schemes, EXCEPT:
a. disbursement of money from wills.
b. multi-level marketing scams.
c. sale of crude oil below market price.
d. purchase of real estate scam

Answer 39

b)

Question 40

Which of the following is a variation of fraudulent MLMs, in which an organization sells illusionary products and
profits, instead of real products?
a. Ponzi scheme
b. Foreign advance scheme
c. Identity theft scheme
d. Shoulder surfing scheme

Answer 40

a) Ponzi scheme is one kind of fraudulent multi-level marketing scheme.

Question 41

Which of the following is the term for a fraudulent process whereby even representatives of legitimate MLMs are
required to buy large, expensive amounts of inventory.
a. Forward pricing
b. Snake oil
c. Front loading
d. Opportunity meeting

Answer 41

c)

Question 42

Snake oil plans are plans that:
a. make their money by getting new people to buy property in exotic locations.
b. promise enormous earnings or claim to sell miracle products.
c. motivate the purchase of unusually overpriced goods or services.
d. make people believe that they will make money simply because they are one of the earliest investors

Answer 42

b)

Question 43

Product testing is a fraud:
a. that requests consumers to review the products presented in the brochures and send their commentaries to the
supplier for review.
b. where consumers respond to an advertisement that promises income simply for stuffing envelopes.
c. that promise victims a job that involves strolling through stores, enjoying the displays, shopping for merchandise,
and then filing reports on the experiences they have had.
d. where perpetrators promise high pay for working on different projects

Answer 43

a)

Question 44

Accumulating documentation belongs to which stage of the identity theft cycle?
a. Action stage
b. Discovery stage
c. Trial stage
d. Concealment stage

Answer 44

a) Accumulating documentation is part of the action stage of the identity theft cycle. It refers to the process used by perpetrators to obtain needed tools to defraud
victims

Question 45

Which of the following is a hi-tech method by which thieves capture personal or account information from a credit
card, driver’s license, or even a passport?
a. Surfing
b. Skimming
c. Clawbacks
d. Phishing

Answer 45

b)

Question 46

Identify the complaint database developed by the U.S. Federal Trade Commission.
a. Consumer Watch
b. Fraud Watchdog
c. Consumer Sentinel
d. Identity Theft Assistance

Answer 46

c)

Question 47

Which of the following is described as the viewing of information that passes along a network line?
a. Sniffing
b. Spoofing
c. Hijacking
d. Impersonation

Answer 47

a) Sniffing is commonly used to gather information from unencrypted communications.

Question 48

The threat of falsified identity is less of a concern in the case of:
a. virtual private networks.
b. traditional EDI settings.
c. e-business.
d. unsecured online transactions.

Answer 48

b) Traditional EDI uses relatively limited access points, dedicated lines, and established value-added network providers as intermediaries.

Question 49

What is biometrics?
a. A vital part of the security of any electronic system
b. The use of unique features of the human body to create secure access controls
c. The most important aspect of internal control in an organization
d. An authorization that reassures users that transactions are valid

Answer 49

b)

Question 50

What is spoofing?
a. Using a subtly different Internet host name to mimic another business
b. Changing the information in e-mail headers or IP addresses
c. Extracting personal or corporate computer information from employees
d. Viewing the information that passes along a network line

Answer 50

b) This is a way for perpetrators to hide their identities.

Question 51

What is the term for when a hacker calls a targeted user posing as technical support and asks the victim to divulge the
account information so that immediate steps can be taken to prevent data loss from the account?
a. Social engineering
b. Spoofing
c. Data theft
d. Customer impersonation

Answer 51

a) Their goal is to obtain passwords and other identifying information

Question 52

In an electronic environment, no other control can better prevent fraud than the wise use of _________.
a. digital certificates
b. biometrics
c. anti-virus software
d. passwords

Answer 52

d)

Question 53

Which of the following is NOT a general type of control activity?
a. Adequate separation of duties
b. Independent checks on performance
c. Proper authorization of transactions and activities
d. Use of internal auditors

Answer 53

d)

Question 54

Which of the following are self-contained programs that represent one of the biggest threats in e-commerce fraud?
a. P2P programs
b. Internet worms
c. Trojan horses
d. Spyware

Answer 54

b) This is today’s largest threat to e-commerce.

Question 55

Passwords, biometrics, and digital signatures are examples of which of the following?
a. Physical controls
b. Segregation of duties
c. Authorization controls
d. Checks on performance

Answer 55

c)

Question 56

Why is it that Internet users’ information can be hijacked when they conduct web visits?
a. Social engineering has made it easy to do so.
b. Many managers lack the technical expertise to prevent and detect data theft.
c. Data can be transferred easily and quickly to any location in the world.
d. Subtle differences in Internet host names often go unnoticed by Internet users

Answer 56

d)

Question 57

What is the term that describes the act of trying to gain access to networks and secure information during a risk
assessment?
a. Troubleshooting
b. Intrusion detection
c. Encryption
d. Security audit

Answer 57

b)

Question 58

What is the term for a method of injecting Javascript and other browser commands into the Web site data?
a. Database query injection
b. HTML
c. Cross-site scripting
d. Java

Answer 58

c)

Question 59

Which of the following examples illustrates sniffing?
a. A fraudster impersonating a customer and buying equipment on the customer’s account
b. A fraudster viewing design data of a special project that is being transferred over a network
c. A fraudster using another employee’s passwords to access sensitive information
d. An Internet site mimicking another site by using .org instead of .com

Answer 59

b)

Question 60

What is the term for a technique in which hackers go to known business traveler locations like airports and set up
access points (which look like regular wireless networks) through their laptops to the Internet?
a. Social engineering
b. Spoofing
c. Phishing
d. Wartrapping

Answer 60

d)

Question 61

Which of the following human features is generally used in biometrics?
a. Height
b. Fingerprints
c. Complexion
d. Weight

Answer 61

b)

Question 62

The most difficult aspect of detecting e-business fraud is:
a. information about the transactions is captured in databases that are impossible to analyze.
b. correctly specifying the types of frauds that can occur and the symptoms they will generate.
c. the lack of hard-copy documentation, the very essence of e-business.
d. using technology to catch technology fraud

Answer 62

b) This is a difficulty because hackers are continually developing new frauds.

Question 63

Which of the terms below best describes the act of employees using sophisticated denial-of-service attempts on local
machines?
a. Phishing
b. Sniffing
c. Vandalism
d. Wartrapping

Answer 63

c)

Question 64

Which of the following e-commerce threats spreads via direct transfer or e-mail?
a. Internet worms
b. Trojan horse
c. Wartrapping
d. Phishing

Answer 64

a)

Question 65

Which of the following is the first step in looking for e-business fraud?
a. Identify the frauds that can occur in the type of business being investigated
b. Determine the symptoms of e-business fraud within the business being investigated
c. Gain an understanding of the business being investigated
d. Investigate any anomalies observed within the business being investigated

Answer 65

c)

Question 66

Which of the following is the last step taken by fraud examiners during an examination of a business when looking for
e-business fraud?
a. Investigate all symptoms of e-fraud found
b. Use information systems to highlight possible fraud activity
c. Analyze the results of database searches
d. Determine if the activity noted is an anomaly or usual business activity

Answer 66

a) Investigation of symptoms is the last step of fraud examiners.

Question 67

An IDS is used to:
a. Write computer scripts
b. Gain access to large networks
c. Monitor logs and detect potential break-ins
d. Troubleshoot networks

Answer 67

c)

Question 68

Which of the following activities would be the least practical for a fraud examiner?
a. Gaining an understanding of the tools and methods perpetrators use in e-business fraud
b. Gaining a working knowledge of computer networking systems
c. Learning the strengths and weaknesses of Windows
d. Getting to know each company employee’s interactions with the systems

Answer 68

d) To accomplish this in a business of any size would be too time-consuming.

Question 69

Which of the following is NOT a means of using technology to spot technology fraud?
a. Routinely search databases for symptoms
b. Utilize intrusion detection programs
c. Secure company systems
d. Train employees to recognize probable fraud

Answer 69

d) This my help detect fraud, but it is not a means of using technology.

Question 70

Which of the following is NOT an act of vandalism?
a. Deleting a customer data file
b. Pouring hot coffee on a company keyboard
c. Stealing company data lists
d. Throwing a computer monitor

Answer 70

c) This is illegal, and fraud or harm may be the intent, but it is not an example of vandalism.

Question 71

Which of these is a program that claims to do something useful, but also contains hidden behavior?
a. A Trojan horse
b. A normal computer virus
c. Adware
d. An Internet worm

Answer 71

a)