ITSP Lunch Identity Theft Awareness and Prevention Scott L. Ksander

ITSP Lunch Identity Theft Awareness and Prevention Scott L. Ksander
ITSP Lunch
Identity Theft
Awareness and Prevention
Scott L. Ksander
[email protected]
1
2
Identity Theft
 Definitions
• Legal definitions – often include “fraud”
• Common definitinons
» Account level
» Identity level
 9.3 Million new victims in 2004 (4.3% of US population)
 61% of Identity Theft reports to the FTC indicate the report
was also NOT given to local law enforcement
 Losses in 2005 were $60 Billion (estimated)
 Average incident costs
• $4,800 to businesses involved
• $500 to consumer involved
• 200-600 hours of consumer time
3
Identity Theft
 Who??
• Traditional scam artists
• Large organized criminal elements
 Why??
• Low risk, high reward crime
• It is all about money
» Directly to use your accounts or identity
» To resell your accounts or identity on by black market
• Average “take” from Identity Theft is almost 10 times
greater than from armed robbery
4
5
6
7
8
Identity Theft Quiz
(test your “Identity Quotient)
 I receive several offers of pre-approved credit every week (5)
 Add 5 points if you do not shred them
 I carry my Social Security card in my wallet (10)
 My Indiana driver’s license has my SSN on it (10)
 I do not have a PO Box or locked, secured mailbox (5)
 I use an unlocked, open box at work or at home to drop off
my outgoing mail (10)
 I carry my military ID in my wallet at all times (10)
 I provide my SSN whenever asked, without asking questions
as to how that information will be safeguarded (10)
9
Identity Theft Quiz
(test your “Identity Quotient)
 Add 5 points if you provide you SSN orally without checking
to see who might be listening
 I am required to use my SSN at work as an employee ID or at
school as a student ID number (5)
 My SSN is printed on various documents frequently seen in
the workplace (timecards, etc.) (10)
 I have my SSN and/or driver’s license number printed on my
personal checks (10)
 I am listed in a “Who’s Who” guide (5)
 I carry my insurance card in my wallet and either my SSN or
that of my spouse is on that card (10)
10
Identity Theft Quiz
(test your “Identity Quotient)
 I have not ordered a copy of my credit report for at least 2
years (20)
 I do not believe that people would root around in my trash
looking for credit or financial information or looking for
documents containing my SSN (10)
11
How did you score??
 100+ - You are at a high risk
 50 - 100 – Your odds of being victimized are about average
but higher if you have good credit
 0 - 50 – You are in good shape. Don’t let your guard down!
Privacy Rights Clearinghouse, www.privacyrights.org
12
How it Happens
(April 2002 – April 2003)
 Existing Credit Card Only – 5.2 Million
 New Accounts and Other Fraud – 3.2 Million
 Other Existing Accounts – 1.5 Million
 Information gathering
•
•
•
•
•
•
Stolen records, mail, property
Bribing employees
Hacking
Trash
Abuses authority (landlord, employer, …)
JUST ASK and many people will tell you!!!
13
Computer Identity Theft
Computer- based crimes accounted for 11.6% of Identity Theft
in 2004 vs. 70% from paper-based sources
Computer-based crimes are the most rapidly growing segment
of Identity Theft activity
14
Some Definitions
The most common confusion when the topic of a computer
virus arises is that people will often refer to a Worm or
Trojan Horse as a Virus. While the words Trojan, worm,
and virus are used interchangeably, they are not the same.
Viruses, worms, and Trojan Horses are all malicious
programs that can cause damage to your system, but
there are differences between the three, and knowing
those differences can help you to better protect your
computer from their often damaging effects.
15
Virus
 A computer virus attaches itself to a program or file so it
can spread from one computer to another, leaving
infections as it travels. Much like human viruses, computer
viruses can range in severity; some viruses cause only
mildly annoying effects while others can damage your
hardware, software, or files. Almost all viruses are attached
to an executable file, which means the virus may exist on
your computer but it cannot infect your computer unless
you run or open the malicious program. It is important to
note that a virus cannot be spread without a human action,
(such as running an infected program) to keep it
going. People continue the spread of a computer virus,
mostly unknowingly, by sharing infecting files or sending emails with viruses as attachments in the e-mail.
16
Worm
A worm is similar to a virus by its design, and is considered to be a subclass of a virus. Worms spread from computer to computer, but unlike a
virus, it has the ability to travel without any help from a person. A worm
takes advantage of file or information transport features on your
system, which allows it to travel unaided. The biggest danger with a
worm is its ability to replicate itself on your system, so rather than your
computer sending out a single worm, it could send out hundreds or
thousands of copies of itself, creating a huge devastating effect. One
example would be for a worm to send a copy of itself to everyone listed
in your e-mail address book. Then, the worm replicates and sends itself
out to everyone listed in each of the receiver's address book, and the
manifest continues on down the line. Due to the copying nature of a
worm and its ability to travel across networks the end result in most
cases is that the worm consumes too much system memory (or
network bandwidth), causing Web servers, network servers, and
individual computers to stop responding.
17
Trojan Horse
A Trojan Horse is full of as much trickery as the mythological Trojan
Horse it was named after. The Trojan Horse, at first glance will appear
to be useful software but will actually do damage once installed or run
on your computer. Those on the receiving end of a Trojan Horse are
usually tricked into opening them because they appear to be receiving
legitimate software or files from a legitimate source. When a Trojan is
activated on your computer, the results can vary. Some Trojans are
designed to be more annoying than malicious (like changing your
desktop, adding silly active desktop icons) or they can cause serious
damage by deleting files and destroying information on your system.
Trojans are also known to create a backdoor on your computer that
gives malicious users access to your system, possibly allowing
confidential or personal information to be compromised. Unlike viruses
and worms, Trojans do not reproduce by infecting other files nor do
they self-replicate
18
Spyware
Any software that covertly gathers user information through the user's
Internet connection without his or her knowledge, usually for
advertising purposes. Spyware applications are typically bundled as a
hidden component of freeware or shareware programs that can be
downloaded from the Internet; however, it should be noted that the
majority of shareware and freeware applications do not come with
spyware. Once installed, the spyware monitors user activity on the
Internet and transmits that information in the background to someone
else. Spyware can also gather information about e-mail addresses
and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly install the
product when they install something else. A common way to become
a victim of spyware is to download certain peer-to-peer file swapping
products that are available today
19
Passwords
 EU study of “office workers”
• 16% used their name as password
• 11% used favorite football team
• 12% used the word “password”
 Never use a word that could be in any dictionary, names of
places, or any proper nouns
 Never use any of the above spelled backwards
 Never use any of the above simply followed by a digit
 Include upper and lower case, numbers, special characters
22
Phising
(fish´ing)
The act of sending an e-mail to a user falsely claiming to be
an established legitimate enterprise in an attempt to
scam the user into surrendering private information that
will be used for identity theft. The e-mail directs the user
to visit a Web site where they are asked to update
personal information, such as passwords and credit card,
social security, and bank account numbers, that the
legitimate organization already has. The Web site,
however, is bogus and set up only to steal the user’s
information.
23
24
25
26
27
28
29
30
31
32
33
34
35
Online Shopping
 More than 75% of Americans use the Internet
 2003 online shopping was $17.2 Billion in 4Q03
 2004 increase in online shoppers was >14%
 30% of all Americans now shop online
 Estimates are that by 2007, 50% will shop online
36
Online safety
 Learn about product AND seller
 Understand retailer’s refund policies
 Select a secure password
 Use secure checkout (look for https)
 Things too good almost always are
 Use a specific credit card for e-shopping. Monitor frequently
with on-line access (web, Quicken, etc.)
 Limit opportunities for bank account access. Consider
separate accounts at different banks.
37
If you remember nothing else …
 Promptly apply system and product patches
 Run anti-virus software configured to update daily, use onaccess/on-demand scanning, and perform a full scan at least
weekly
 Use a firewall (either software or hardware) and configure for
the most restrictive setting that still allows you to do required
work
 Select good, strong passwords and use them everywhere
 Think BEFORE you click!!
38
Where Victims Go for Help
 FTC – 3%
 Other Federal Agency – 5%
 State Dept of Motor Vehicle Admin – 7%
 State AG or State Consumer Agency – 8%
 Lawyer – 12%
 Credit Bureau – 22%
 Local Police – 26%
 Credit Grantor – 43%
 Did Not Contact Anyone – 38%
39
Things To Do If You Are A Victim
 Keep DETAILED notes
 Send letters via certified mail, return receipt requested
 Document phone calls (date, time, number, person, ….)
 Act quickly
40
Report to Major Credit Bureaus
 Ask for “Fraud Alert” on your file
 Trans Union – 800-680-7289
• P.O. Box 1000, Chester, PA 19016-1000
 Experian (formerly TRW) – 888-397-3742
• P.O. Box 9532, Allen, TX 75013
 Equifax – 800-525-6285
• P.O. Box 105069, Atlanta, GA 30348
41
File A Report
 If you are a victim, file a Police report with LOCAL Police or
Police where identity theft occurred, if known
• Get a copy and retain for your records
• Get information on the assigned investigation and keep phone
numbers available for verification
 Contact ALL Creditors
•
•
•
•
Contact billing inquires and security department
Change passwords
Close unused or unnecessary accounts
Monitor activity closely
42
Monitor Your Credit
 Call about free copies of your credit report
• Equifax – 800-685-1111
• Experian – 888-397-3742
• Trans Union – 800-888-4213
 www.annualcreditreport.com/cra/index.jsp
 www.ftc.gov/bcp/conline/pubs/credit/freereports.htm
 Contest bills with unknown charges
• OK to call but ALWAYS file in writing using the EXACT procedure
specified by the credit card company
43
Get Copies
 If an account has been opened fraudulently in your name
•
•
•
•
Get a copy of the application
Get a copy of all transactions
Provide copies of all information to Police
Try to determine what information has been stolen
» SSN
» Mother’s maiden name
» Other personal information
 Sometimes victims are wrongfully accused
• Contact court where judgment was entered and report identity fraud
• Consider consulting an attorney with identity fraud experience
44
Other contacts
 Social Security Administration – 800-269-0271
 U.S. Postal Inspectors, if USPS involved – 800-275-8777
 State Department, if passport involved
 If checks missing or involved
• TeleCheck – 800-710-9898
• Certegy, Inc. – 800-437-5120
• International Check Services – 800-631-9656
 FTC Identity Theft Hotline – 877-IDTHEFT (438-4338)
45
Future trends
 Government regulation
• New “ Breach Disclosure” laws
 Two-factor identification
• Something you have and something you know
 Better single factor identification
• Biometrics
46
47
If you remember nothing else …
 Promptly apply system and product patches
 Run anti-virus software configured to update daily, use onaccess/on-demand scanning, and perform a full scan at least
weekly
 Use a firewall (either software or hardware) and configure for
the most restrictive setting that still allows you to do required
work
 Select good, strong passwords and use them everywhere
 Think BEFORE you click!!
48
Questions Before Elvis Leaves
The Building?
49
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement