Phishing Scams Graded Assessment
Question 1) Which three (3) techniques are commonly used in a phishing attack ? (Select 3)
- Breaking in to an office at night and installing a key logging device on the victim's computer.
- Sending an email with a fake invoice that is overdue.
- Make an urgent request to cause the recipient to take quick action before thinking carefully.
- Send an email from an address that very closely resembles a legitimate address.
Question 2) You are working as an engineer on the design of a new product your company hopes will be a big seller when you receive an email from someone you do not personally know. The email is addressed to you and was sent by someone who identifies herself as the VP of your Product division. She wants you to send her a zip file of your design documents so she can review them. While her name is that of the real VP, she explains that she is using her personal email system since her company account is having problems. You suspect fraud. What kind of attack are you likely under ?
- A phishing attack.
- A whale attack.
- A man in the middle attack.
- A spear phishing attack.
Question 3) Phishing attacks are often sent from spoofed domains that look just like popular real domains. Which brand has been spoofed the most in phishing attacks ?
- Microsoft
- IBM
- Apple
Question 4) Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal ?
- Suspicious attachments
- There are spelling errors.
- Poor quality layout
- There is a hyperlink in the body of the email
Question 5) Which three (3) of these statistics about phishing attacks are real ? (Select 3)
- BEC (Business Email Compromise) scams accounted for over $12 billion in losses according the US FBI.
- 76% of businesses reported being a victim of phishing attacks in 2018.
- Phishing attempts grew 65% between 2017 and 2018.
- 94% of phishing messages are opened by their targeted users.
Question 6) Which is the most common type of identity theft ?
- Phone or utility fraud
- Loan or lease fraud
- Credit card fraud
- Government documents or benefits fraud
Point of Sale Breach Graded Assessment
- Government agencies.
- Social media companies like Facebook and Instagram.
- Restaurants and small retail stores.
- Large online retailers like Amazon.com
- Maintain a vulnerability management program
- Protect cardholder data
- Require use of multi-factor authentication for new card holders
- Build and maintain a secure network and systems
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update antivirus software
- All employees with direct access to cardholder data must be bonded
- Develop and maintain secure systems and applications
- Employee Education
- Mobile Device Management (MDM)
- Discontinue use of magnetic strip readers and cards
- Tokenization
- After the card data has been received by the credit card processor
- While stored on the PoS device hard drive
- While in transit between the PoS device and the credit card processing center
- While in RAM
- Credit card thieves sell stolen credit cards directly to carders using weekly dark web auctions. The carders then encode credit card blanks with the stolen numbers and resell the cards
- Credit card thieves resell stolen card numbers to dark web companies that use call-center style operations to purchase goods on behalf of customers who pay for them at discounted rates using real credit cards
- Credit card thieves use stolen credit cards to buy merchandise that is then returned to the store in exchange for store credit that is sold at a discount for profit
- Stolen credit card numbers are sold to brokers who resell them to carders who use them to buy prepaid credit cards that are then used to buy gift cards that will be used to buy merchandise for resale
8 Comments
Thank you !
ReplyDeleteYou are amazing
1- Some of the earliest known phishing attacks were carried out against which company?
ReplyDeleteAnswer: America Online (AOL)
Thanks MS ..
DeleteQuestion 2) Which three (3) of these control processes are included in the PCI-DSS standard? (Select 3)
ReplyDeleteMaintain a vulnerability management program
Protect cardholder data
Build and maintain a secure network and systems
Thanks you Fortrex..
DeleteIntroduction to Phishing Scams Knowledge Check
ReplyDeleteQuestion 1
Some of the earliest known phishing attacks were carried out against which company?
Answer: America Online (AOL)
Question 2
You have banked at "MyBank" for many years when you receive an urgent email telling you to log in to verify your security credentials or your account would be frozen. You are not wealthy but what little you have managed to save is in this bank. The email is addressed to "Dear Customer" and upon closer inspection you see it was sent from "security@mybank.yahoo.com". What kind of attack are you under?
Answer: As a phishing attack.
Question 3
True or False. HTTPS assures passwords and other data that is sent across the Internet is encrypted. Links in email that use HTTPS will protect you against phishing attacks.
Answer: False
Question 4
Which feature of this email is a red flag, indicating that it may be a phishing attack and not a legitimate account warning from PayPal?
Answer: Suspicious sender's address.
Question 5
Which three (3) of these statistics about phishing attacks are real? (Select 3)
Answer:
15% of people successfully phished will be targeted at least one more time within a year.
The average cost of a data breach is $3.86 million.
Phishing accounts for 90% of data breaches.
Question 6
Which range best represents the number of unique phishing web sites reported to the Anti-Phishing Working Group (apwg.org) in Q4 2019?
Answer: Between 130,000 and 140,000.
Thanks for this Dave
DeleteKnowledge Check: Introduction to Point of Sale Attacks
ReplyDelete### Question 1
Which is the standard regulating credit card transactions and processing?
Select one:
a. GDPR
b. Sarbanes-Oxley (SOX)
c. NIST SP-800
-> d. PCI-DSS
Correct!
### Question 2
Which three (3) of these are PCI-DSS requirements for any company handling, processing or transmitting credit card data? (Select 3)
Select one or more:
-> a. Protect stored cardholder data
Partially correct!
b. Cardholder data may not reside on local PoS devices for more than 48 hours
-> c. Install and maintain a firewall configuration to protect cardholder data
-> d. Do not use vendor-supplied defaults for system passwords and other security parameters
### Question 3
PCI-DSS can best be described how?
Select one:
a. A financial regulation in the United States that supplements Sarbanes-Oxley with missing provisions covering the payment card industry
-> b. A voluntary payment card industry data security standard
c. A provision of the European GDPR that covers payment card data privacy regulations
d. A financial regulation in the United States covering the payment card industry that replaced Sarbanes-Oxley
### Question 4
What are the two (2) most common operating systems for PoS devices? (Select 2)
Select one or more:
a. Mac i/OS
b. POSOS
-> c. Linux
-> d. Windows
### Question 5
If your credit card is stolen from a PoS system, what is the first thing the thief is likely to do with your card data?
Select one:
-> a. Sell it to a distributor
b. Use it to buy merchandise
c. Sell it to a carder
d. Use it as part of a larger identity theft scheme
### Question 6
True or False. There are more successful PoS attacks made against large online retailers than there are against small to medium sized brick-and-mortar businesses.
Select one:
True
-> False
### Question 7
True or False. A study conducted by the Ingenico Group found that credit card transactions were sufficiently secure as long as all participants were in strict compliance with PCI-DSS standards.
Select one:
True
-> False