Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 83

A financial institution receives frequent and varied email requests from customers for funds to be wired out of their accounts. Which verification activity would best help the institution avoid falling victim to phishing?

Answer options

• A. Reviewing the customer's wire activity to determine whether the request is typical.
• B. Calling the customer at the phone number on record to validate the request.
• C. Replying to the customer via email to validate the sender and request.
• D. Reviewing the customer record to verify whether the customer has authorized wire requests from that email address.

Correct answer: D

Explanation

The correct answer is D because verifying whether the customer has authorized wire requests from the specific email address directly addresses the risk of phishing by ensuring the legitimacy of the request. Options A, B, and C do not provide sufficient assurance against phishing, as they may still be based on compromised accounts or misleading communication.