IDENTITY THEFT PAST PAPERS WITH ANSWERS – MASOMO MSINGI PUBLISHERS

QUESTION 1 : All of the following are correct statements about identity theft EXCEPT:

Identity thieves often engage in pretexting by impersonating the victim’s bank.
Solicitations for pre-approved credit cards are especially valuable to identity thieves.
The type of malware most commonly associated with identity theft is ransomware.
One way to conceal identity theft is to change the victim’s mailing address.

Identity thieves use malware to steal personal and business information from computers. The type of malware most commonly associated with identity theft is spyware , software that collects and reports information about a computer user without the user’s knowledge or consent. Dumpster diving can yield bills, credit card receipts, bank statements, and other items that contain a person’s name, address, and telephone number. Solicitations for pre-approved credit cards are especially valuable to identity thieves, but even nonfinancial information can be useful. Another way to obtain personal or business information is to surreptitiously change the victim’s mailing address (or email address) to an address selected by the identity thief. In this way, the identity thief receives the victim’s mail Identity thieves often engage in pretexting by impersonating the victim’s bank or another financial institution with which the victim has a business relationship.

QUESTION 2 : Which of the following is a recommended step that individuals should take to protect themselves from identity theft?

Use passwords that are at least eight characters long
Create unique answers for security questions
Limit personal information shared on social media
All of the above

The following are some of the steps individuals can take to protect their personal information and prevent identity theft: Do not give out government identification numbers unless absolutely necessary. Do not carry government identification cards (or numbers) in purses or wallets. Create complex passwords or passphrases that are at least eight characters in length and contain upper- and lowercase letters, numbers, and symbols. Do not reuse passwords. Use a different password for every website, account, or device. Never send personal information, such as a password or government identification number, via email. Reputable organizations will not request personal information by email. When available, use biometric authentication (e.g., fingerprints, voice recognition). Create unique answers for security questions. Do not choose answers containing personal information that is publicly available (e.g., name of high school, mother’s maiden name). Protect computers with strong and regularly updated firewall and antivirus software, and promptly install all security updates and patches. Avoid suspicious websites. Delete messages from unknown senders without opening them. Only download software from trusted websites. Avoid using unsecured, public Wi-Fi networks. Limit the amount of personal information shared on social media. Use software to permanently erase all data from hard drives before disposing of computers, smartphones, copiers, printers, and other electronic devices

QUESTION 3 : Which of the following best describes how a baiting scheme works in the context of identity theft?

Fraudsters impersonate the victim’s bank to persuade the victim into releasing information.
Fraudsters use imitation websites to trick computer users into entering sensitive data.
Fraudsters use telephone calls or voice messages to manipulate targets into revealing personal or business information.
Fraudsters trick victims into inserting malware-infected data storage devices into their computers.

In a baiting scheme, fraudsters leave malware-infected USB flash drives, CD-ROMs, or similar items in places where people will find them, such as parking lots. The items often have a label designed to elicit curiosity or greed in the victims (e.g., “FREE PRIZE”). Alternatively, the item could be left in a workplace break room with a label that seems relevant (e.g., “Year-end report 2018”). When the item is inserted into the victim’s computer, the computer or network In the context of identity theft, social engineering refers to the psychological manipulation of people to trick them into revealing personal or business information. Social engineering often involves pretexting , the act of using an invented scenario (i.e., a pretext) to persuade a person to release information or perform an action. Identity thieves often engage in pretexting by impersonating the victim’s bank or another financial institution with which the victim has a Vishing (or voice phishing ) schemes use telephone calls or voice messages to trick targets into revealing personal or business information.

QUESTION 4 : Employment identity theft occurs when a fraudster impersonates a business to commit financial fraud.

True
False

Business identity theft occurs when a fraudster impersonates a business to commit financial fraud. In an employment identity theft scheme, a fraudster impersonates another person to secure a job.

QUESTION 5 : Which of the following is NOT a reason why an identity thief might choose to target a business rather than an individual?

Businesses’ identification numbers are often publicly available online.
Businesses are less likely to notice new or unusual financial transactions.
Businesses usually engage in fewer transactions than individuals do.
Businesses tend to have easier access to credit and a higher credit limit.

For identity thieves, there are a number of reasons to target a business rather than an individual. First, the potential rewards are greater; businesses tend to have larger bank account balances, easier access to credit, and higher credit limits than individuals. Second, businesses are less likely to notice new or unusual financial transactions because they tend to engage in more transactions than individuals. Finally, the information necessary to commit business identity theft (e.g., business or tax identification numbers) is often publicly available online or in government

QUESTION 6 : _________________ is the most common type of identity theft.

Financial identity theft
Criminal identity theft
Business identity theft
Medical identity theft

QUESTION 7 : All of the following are methods of identity theft prevention recommended for individuals EXCEPT:

Use biometric authentication when available.
Avoid using unsecured, public Wi-Fi networks.
Instruct the post office to suspend mail during vacations.
Use the same password or passphrase for all accounts.

QUESTION 8 : Which of the following groups is NOT a favorite target of identity thieves?

Members of the military
College students
Seniors
Independent contractors

Anyone can be a victim of identity theft. The following groups, however, are favorite targets of identity thieves: Children Seniors Members of the military College students The deceased

QUESTION 9 : Which of the following is the best example of shoulder surfing?

Watching a customer enter a PIN code at an ATM machine
Leaving a spyware-infected flash drive in a workplace break room
Following an authorized person into a restricted area
Accessing a computer network by convincing an authorized user to share log-in information

Shoulder surfing is the practice of observing another person (e.g., looking over the person’s shoulder) to gather personal information. Shoulder surfing is especially effective in crowded areas where a fraudster can stand close to a victim without being noticed. While in close proximity, the fraudster can eavesdrop on the victim’s telephone conversation, view the victim’s credit card number, or gather other personal information. Identity thieves often watch victims as they enter their PIN codes at ATM machines and fill out bank deposit slips at their banks. Leaving a spyware-infected flash drive in a workplace break room is an example of a baiting scheme. The other two scenarios are examples of piggybacking

QUESTION 10 : Credit card receipts, bank statements, and birthday cards can all provide dumpster divers with useful information for committing an identity theft scheme.

True
False

Dumpster diving involves looking through someone else’s trash. Fraudsters often engage in dumpster diving to find the personal and business information that makes identity theft possible. Most people do not destroy their personal financial data; they simply throw it away with the rest of their trash. Dumpster diving can yield bills, credit card receipts, bank statements, and other items that contain a person’s name, address, and telephone number. Solicitations for pre-approved credit cards are especially valuable to identity thieves, but even nonfinancial information can be useful.

QUESTION 11 : Which of the following is a recommended step that businesses should take to protect their customers and employees from identity theft?

Conduct regular employee training on information-handling best practices
Require employees to use complex passwords or passphrases
Only retain personal information for as long as it is necessary
All of the above

The following are some of the steps businesses can take to protect personal information and prevent identity theft: Limit the personal information collected from customers. For example, do not collect customers’ government identification numbers unless there is a legal requirement to do so. Restrict employees’ access to the personal information of customers and coworkers. Use network-security tools to monitor who accesses personal information. Do not retain personal information for longer than necessary. Adopt an information-handling policy that governs how personal information is stored, protected, and disposed of. Strictly enforce the policy, and discipline employees who violate it. Conduct regular employee training regarding the company’s information-handling policy and best practices for preventing identity theft. Ensure the security of buildings by using locks, access codes, and other security features. Keep physical documents containing personal information in locked rooms or locked file cabinets. Secure all computer networks and electronic information. Use encryption to protect all personal information stored by the company or sent to third parties. Encryption should also be used to protect information sent over the company’s wireless network. Restrict the use of laptops to those employees who need them to do their jobs. Require employees to use complex passwords or passphrases. Where permitted by law, perform background checks on prospective employees. Thoroughly investigate contractors and vendors before hiring them. Do not use government identification numbers as employee identification numbers or print them on paychecks. Perform regular audits of information-handling practices, network security, and other internal controls. Create a data breach response plan.

QUESTION 12 : Large businesses are usually at greater risk for business identity theft than smaller ones. A. True

False

Small businesses are particularly at risk for business identity theft because they have the lines of credit, capital, and other features desired by fraudsters, while often lacking the resources and technology needed to properly defend

QUESTION 13 : All of the following are methods of identity theft prevention recommended for businesses EXCEPT:

Limit employees’ access to customers’ personal information.
Restrict the use of laptops to those employees who need them to do their jobs.
Perform audits of information-handling practices only when required to do so by regulators.
Conduct background checks on prospective employees when permitted by law to do so.

QUESTION 14 : Seniors are usually more likely to report identity theft than younger victims.

True
False

Identity thieves target seniors because, compared to younger victims, seniors often have more available cash, check their credit reports less frequently, and are less aware of identity theft and other fraud. Generally, seniors are less likely to report identity theft than younger victims.

QUESTION 15 : Traditional identity theft involves the use of entirely fabricated personal information or a combination of real and fabricated information to create a new identity.

True
False

Synthetic identity theft involves the use of entirely fabricated personal information or a combination of real and fabricated information to create a new identity. In traditional identity theft, a fraudster steals an individual’s personal information and pretends to be that individual. For example, a fraudster might use an individual’s name, government identification number, and date of birth to impersonate the individual and gain access to the individual’s bank account. This is called an account takeover. Another type of traditional identity theft is true name fraud, in which a fraudster uses an individual’s personal information to open a new account in the individual’s name.

QUESTION 16 : An identity thief steals a victim’s credit card and uses it to buy an expensive TV. This scheme is an example of which of the following?

An account takeover
Business identity theft
Criminal identity theft
True name fraud

Financial identity theft occurs when a fraudster uses an individual’s personal information for fraudulent financial transactions. Examples of financial identity theft include: Using an individual’s stolen credit card or credit card number to purchase goods (account takeover) Impersonating an individual to gain access to the individual’s bank account (account takeover) Using an individual’s personal information to open a new credit card account (true name fraud) Business identity theft occurs when a fraudster impersonates a business to commit financial fraud. In addition to impersonating an existing business, fraudsters can use government business filings to reinstate a closed or dissolved business. They can also trick third parties by creating a new business with a name similar to an existing Criminal identity theft occurs when fraudsters falsely identify themselves as other people to law enforcement while being arrested or investigated for a crime.

QUESTION 17 : Second-hand computers, media drives, and mobile phones are safe from identity thieves if the former owner has manually deleted all personal information from such devices.

True
False

Fraudsters commonly obtain personal and business information from improperly discarded computers, media drives, copiers, printers, mobile phones, and other devices. Like computers, some copiers and printers have internal hard drives that store sensitive data. Because it is possible to recover deleted data, fraudsters might search for sensitive information on second-hand devices they purchase online or obtain from another source.

QUESTION 18 : To help prevent identity theft, businesses should strive to limit the personal information they collect from customers.

True
False

(Visited 201 times, 1 visits today)

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Written by MJ