Pass CFE- Fraud-Schemes-and-Financial-Crimes Exam Guide

Detailed Explanation:

Rationale for Correct Answer: Being prompted to install unfamiliar software is a red flag for malware or unauthorized access, often indicating that attackers are attempting to establish persistence in the system. This is a classic indicator of a compromised network.

Analysis of Incorrect Options:

A – Standard security measure, not a red flag.

C – Data from supplier countries is normal if consistent with business operations.

D – Access denial to files outside a user’s role is a normal access control, not an intrusion sign.

Key Concept: Cyberfraud detection – identifying intrusion indicators.

Why the correct answer is Human Intelligence

The ACFE Fraud Examiners Manual , in the section on fraud examination tools and intelligence gathering , discusses methods of obtaining information from individuals. One of the recognized methods is Human Intelligence (HUMINT) .

The Manual explains that human intelligence gathering involves:

Collecting information directly from people—often through conversation, elicitation, or interviews—sometimes while using a pretext to encourage the target to disclose information.

In this scenario:

Georgina poses as a customer (a pretext),

Contacts an employee of ERO Corp., and

Elicits sensitive information directly from that individual.

This aligns perfectly with the definition of human intelligence gathering —information obtained directly from human sources , often under false pretenses.

Why the other options are incorrect

B. Scavenging – Incorrect

The Manual describes scavenging as:

Obtaining information by searching for discarded documents or materials, such as in trash or recycling bins.

Georgina is not going through discarded materials; she is speaking directly with an employee.

C. Baiting – Incorrect

Baiting typically refers to:

Enticing someone with something of value to trick them into taking an action, often involving malware-infected media or fraudulent offers.

Georgina is not offering anything or luring the employee with incentives.

D. Open-source intelligence – Incorrect

Open-source intelligence (OSINT) refers to gathering information from:

Publicly available sources such as websites, publications, databases, or social media.

Georgina is not using public sources; she is actively eliciting confidential information from a person under false pretenses.

ACFE Manual References

The concepts used in this answer derive from the Fraud Examiners Manual (2020 International Edition), including:

Human intelligence and data collection techniques

Scavenging as an investigative method

Baiting schemes

Open-source intelligence descriptions

Detailed Explanation:

Rationale for Correct Answer: Physical inventory counts involve actually counting items on hand and comparing them to book records. These counts can reveal theft, errors, or shrinkage when discrepancies are identified.

Analysis of Incorrect Options:

A. Perpetual inventory counts – The system tracks expected balances but cannot independently confirm theft.

C. Concealment inventory counts – Not a recognized term.

D. None of the above – Incorrect, since physical counts do aid detection.

Key Concept: Physical inventory counts as a fraud detection tool.

Detailed Explanation:

Rationale for Correct Answer: Corporate spies do use social engineering, but their primary methods include surveillance, infiltration (e.g., posing as employees), and technical monitoring. The statement in option C is false because searching desks/workstations is a tactic, but it is not the primary method.

Analysis of Incorrect Options:

A – True; fake badges are a common infiltration tactic.

B – True; low-level jobs provide physical access.

D – True; technical surveillance is a recognized method.

Key Concept: Methods of corporate espionage.