Fraud Week Quiz 2018 | Counter Fraud and Probity Services (CFPS)

1. ‘Malware’ is a term used to describe ‘malicious software’. Which of the following emails that you might receive is most likely to be a scam?

https://www.elkhornservice.com

An email from an estate agent claiming to have brochures attached for properties that may be of interest to you.

An email from an online retailer inviting you to join up now at a discounted price.

An email from a company with whom you’ve not had any dealings, containing an invoice for goods / services supplied.

An email from your child’s school with an attached Holiday Break Timetable.

Correct! Wrong!

Emails purporting to be from leading companies, and including invoice attachments, can be scams. Always verify the source of an email. Often, only a preferred username will be initially shown, but the actual full email address, if viewed, may trigger a concern. Where it is a scam, the email may invite you to open the attachment to view the invoice, but these attachments actually contain malware and should be deleted without opening.

HSC Accounts Payable departments have received a number of these scam emails. High quality reprographics means that the logos, layouts and styles used in these emails can appear genuine.

2. Fraudsters often contact people by phone pretending to be calling from their Bank. Knowing what questions your bank will never ask could help you to know whether a call is genuine. Which of the following will your bank never ask you?

www.toonpool.com

Please select 2 correct answers

To confirm the details of the last transaction you made with the card, to check that it was you who used it

To confirm a couple of random, but specific, digits of your security code.

To hand your bank card to the courier they’ve sent as they need it as a matter of urgency.

To hand over all your account details as a pigeon flew into your account and is now trapped and they need to get it out.

Correct! Wrong!

Banks sometimes contact you to check where you last used your card if they think a transaction may not be genuine. The bank may also legitimately ask you for a couple of specific digits but will never ask for your entire security code.

Within the HSC, fraudsters have been known to contact people by phone pretending to be from another internal team and seeking personal information about staff. Callers have also purported to be from BT Technical Support requesting individuals to perform tasks on, or divulge information about, their PC/Laptop or other devices.

3. You are a Payroll Officer in a large organisation. It is the day the payroll BACS transfer is due to be sent for payment. You receive an email from your Chief Executive, asking you to urgently amend his banking details to his new account. What do you do?

https://healthcaretimes.co.uk

Do the amendment quickly to ensure it takes effect straight away this month before the BACS payment is sent.

Process the request in the usual manner – Although this might miss this month’s payment, the Chief Executive shouldn’t be given any special treatment.

Contact the Chief Executive to confirm the email is genuine and the details are correct.

Ignore the email. If it’s genuine, he’ll ask again.

Correct! Wrong!

This is an example of a spoof payment request. Fraudsters can send emails that appear to be from someone else. These emails are usually very direct and are often made to look like they are being sent from a Blackberry or iPhone. If you receive an unexpected email of this nature, check with the person who is supposed to have sent it before taking any other action.

The HSC has received such emails purporting to be from senior members of staff, including Chief Executives.

4. Martin is terrible at remembering passwords. He is always locking himself out of work systems. What would be a safe password choice for Martin to remember easily and quickly?

Roverthedog – Martin has a photo of his beloved pet on his desk so he won’t easily forget this.

Starwars1 – Martin is a huge Star Wars fan so this should be easy to remember.

Clarebear – This is Martin’s nickname for his wife. None of his colleagues know he has a nickname for her so this should be pretty safe.

Mythfrcbwthy – This is “May the force be with you’. without the vowels. A well-known Star Wars quote.

Correct! Wrong!

The first three options above could be known to other people or displayed on social media and would be fairly obvious choices. The last option, however, would need to know Martin, know the phrase and the way in which it has been altered.

CFS has investigated a number of cases that included the misuse of other staff’s login details and passwords. System and Password security are of extremely high importance in the fight against fraud; removing some of the opportunities for fraud and protecting the user against suspicion of acting fraudulently.

5. You are a HSC member of staff. If you have concerns/suspicions relating to potential fraud by another member of staff you should:

Do nothing – It doesn’t concern you.

Think it’s a good idea and do the same thing yourself.

Attempt to obtain evidence yourself to prove your concern.

Report your concerns through the appropriate channels for your organisation.

Correct! Wrong!

If you suspect fraud, DOING NOTHING IS NOT AN OPTION. Attempting to obtain evidence yourself could call into question the validity of the evidence and may damage potential prosecution of the case. You should report your concerns through the appropriate channels, your Line Manager, your Head of Service, your organisation’s Fraud Liaison Officer, the HSC Fraud Hotline (the number is 0800 096 33 96), or the HSC Counter Fraud Service – the CFS Website can help.