Part 1 Part 2 Welcome to the Cyber Security Awareness Training To begin, please enter your name and email below. To pass the training, you must answer at least 80% of the answers correctly. You will presented with part one then, once completed, part two. You must complete both parts and answer all questions to continue. Please allow up to 2 hours to complete this training. Full Name Email 1. Criminals committing payment redirection fraud need access to their victim’s mailbox. What techniques do criminals rely on to access the email account of the victim?Phishing - with deceptive emails leading to fake login pagesCredential stuffing - with passwords leaked in data breachesBrute forcing - with easy-to-guess passwordsAll of the above 2. You are trying to log into your Office 365 account with your web browser. How you can make sure that the login page is genuine?The login page features the Microsoft logoThe URL in the bar at the top of the page starts with https://login.microsoftonline.com/The browser is showing a green padlockThe login page has saved my username and lets me pick it from a list 3. Why do cybercriminals target the legal profession? (Select all that apply) Legal practices tend to follow immature IT practices Legal practices facilitate high-value bank transactions Legal practices are less challenging targets compared to other small businesses Legal practices tend to have cyber insurance 4. Who is the typical attacker(s) behind a payment redirection fraud?Loner Larry – A 34 years old IT systems administrator, who still lives in his parents’ basement.Angry Amelia – A 28 years old IT expert with a gambling addiction.Wizard Willy – A 14 years old tech genius who hacks everything that can possibly be hacked.“Evil Corp” – An international organised crime group employing lawyers, linguists, hackers and social engineers. 5. What is multi-factor authentication?A security add-on that protects email accounts and other services from password-related attacksA security add-on that protects email accounts from email spoofingA security add-on that protects computers from different variants of virusesNone of the above 6. What are the benefits of password managers (also known as password wallet)? (Select all that apply) Helps you remember hundreds of unique and strong passwords Notifies you if any of your passwords are compromised in a data breach Helps generate file decryption passwords for files and folders encrypted by ransomware Blocks incoming and outgoing emails featuring passwords inside 7. Which one of these are business-grade antivirus software brands? (Select all that apply) ESET Symantec Sophos Amanda Windows Defender WannaCry 8. What is Business Email Compromise?A cybercrime affecting commercial, Government and non-profit organisationsA cybercrime that relies on email fraudA cybercrime that cost Australian businesses $60m in 2018All of the above 9. Which communications channels do phishing and social engineering rely on?EmailSMSTelephonePostal mailAll of the above 10. What are the possible consequences of being a victim of payment redirection fraud?Direct financial lossBeing suedBad reputation - Lost future business opportunitiesFines if the data breach is not reportedIncreased IT costs (clean-up, digital forensics)All of the above 11. Which of the following are the indicators your email account may have been hacked? (Select all that apply) Email forwarding rules appear out of nowhere Your phone disconnects from the mobile and changes to emergency calls only The smartphone runs out of battery quicker than usual You receive multi-factor authentication codes but have not attempted to sign in to your email Your computer is slow and unresponsive Colleagues and business partners receive emails that from you that you did not send 12. Which one of these parties can be part of a supply chain attack targeting your legal practice?IT ProviderFellow legal practitionersRecruitment agenciesClientsAll of the above 13. Why it is important to raise awareness within staff around security best practices and payment redirection fraud?Because employees are the first and last defence line when it comes to payment transactionsBecause security awareness training provides more CPE points than other modulesBecause security awareness is a one-off activity and the positive effects last for yearsNone of the above 14. Unsolicited emails with Word and PDF documents may contain hidden, executable code that can take over your computer. If the file is opened, the code allows a hacker to access your files and folders, camera, microphone and keystrokes on your keyboard?TrueFalse 15. What email alternatives could lower the risk of being a victim of Business Email Compromise (BEC) and payment redirection fraud? (Select all that apply) Securexchange – powered by InfoTrack WhatsApp Skype for Business Office 365 G Suite 16. Which insurance may come with complimentary cybersecurity incident response services?Public Liability (PL)Professional Indemnity (PI)Workers InsuranceCyber Insurance 17. What should you do if your firm becomes a victim of payment redirection fraud? (Select all that apply) Call the bank to stop all transactions Disconnect devices from the internet Wipe everything, then start rebuilding my IT environment immediately Contact my IT provider Change passwords from my compromised computer Ask for help from your cyber insurance provider 18. What is the best definition of a supply chain attack?Getting hacked through a trusted partner or service providerA convoluted cyber attack through a complex chain of eventsA denial-of-service attack preventing your trusted suppliers from contacting youNone of the above 19. A telephone call is a safe way to confirm the bank account details for a funds transfer.TrueFalse 20. Whom should you educate on a regular basis to keep a healthy level of security awareness around payment redirection fraud? (Select all that apply) New hires and existing staff Clients and customers Partners and suppliers All of the above Time is Up! Please ensure you have answered all questions before proceeding.