Identity Theft A Presentation for the

Identity Theft

A Presentation for theFlorida Association of Computer User Groups

Saturday March 8, 2008

Hewie Poplockhewie@hewie.net

What is Identity Theft?

According to the non-profit Identity Theft Resource Center, identity theft is sub-divided into four categories:

1. Financial Identity Theft

2. Criminal Identity Theft

3. Identity Cloning

4. Business/Commercial Identity Theft

Today

We are going to talk about

Financial Identity Theft

Ways Identity Theft Can Occur

Thieves:• Steal wallets and purses • Steal mail• Complete a change of address• Rummage through trash known as

“dumpster diving” • Find personal information in homes • Use personal information individuals share

on the Internet • Send e-mail posing as legitimate companies

or government agencies (phishing)

Ways Identity Theft Can Occur

• Business record theft

• Eavesdrop (shoulder surfing)

• Drive by (pharming)

• Browse social network

• Simple research

Trends

The 2006 Identity Fraud Report offers 10 key data points on identity fraud:

1. The number of adult victims of identity fraud has increased dramatically in 2007

2. The average fraud amount has increased

3. The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses

4. Victims are spending more time to resolve identity fraud cases

Means of Access

5. 90 percent of data compromise takes place through traditional offline channels

Trends (con’t)

6. Lost or stolen wallets, checkbooks or credit cards continue to be the primary source

7. Almost half (47 %) of all identity theft is perpetrated by someone known

8. Nearly 70 % of consumers are shredding document

Demographic differences:

9. The 65+ demographic age group has the smallest rate of identity fraud victims (2.3%).

10.The 35-44 demographic age group has the highest average fraud amount ($9,435).

ID theft is only going to get worse

• The loss or theft of personal data soared in 2007

• Institutions are spending more to protect data, the investment often is too little, too late.

• More data breaches - responding in a reactive way

• Fourfold increase in 2007 from 2006

• Attrition.org, estimates more than 162 million records compromised through 2007

Mark Jewell The associated press December 31, 2007 BOSTON, OrlandoSentinel.com

Time

• Hours resolving ID Theft - 40 to 1,200 hours.

• Most difficult part was the dispute resolution process, then the practical consequences and by the emotional impact and stress.

• More than half did not discover the fraud until after the first month

• Nearly a third unable to repair identities a year after stolen

• "For many, it takes time just to prove you didn't do it.”

Consequences

• Personal expenses vary from $0 to $1,200 or more• Collection agency harassment• Denial of new credit• Being unable to use existing credit cards• Being unable to obtain loans• Utility shut off• Criminal investigation• Arrest• Civil suit • Difficulties opening or accessing bank accounts

Prevention• Keep all sensitive wallets, documents, checkbooks

and credit cards securely locked away at home and at work.

• Keep passwords hidden (even in your own home) and change them frequently.

• Do not respond to suspicious e-mails• Don't discard a computer without completely

destroying the data on the hard drive.• Use secure passwords for your credit card, bank and

phone accounts. • Secure personal information in your home and work • Don’t give out personal information over the phone,

through the mail or over the internet

Prevention (con’t)

• Guard your mail and trash from theft• Before discarding, shred all private documents• opt-out of receiving free offers of credit • Only carry the id and credit/debit cards that you

actually need • Notify your credit card company if you are planning

to travel out of state. • Sign up for automatic payroll deposits• Review Credit Reports from each of the three major

credit bureaus once a year• Use Online versions of bills, statements and checks

Data TheftData theft touches 150,000 Massachusetts seniors

December 01, 2007 (IDG News Service) The state of Massachusetts is warning 150,000 members of its Prescription Advantage insurance program that their personal information may have been snatched by an identity thief.

Local authorities arrested a lone identity thief in August who had been using information taken from the program in an attempted identity theft scheme, said Alison Goodwin, a spokeswoman for the state's Executive Office of Health and Human Services.

Goodwin could not add many details on the nature of the breach, citing an ongoing criminal investigation, but she said Prescription Advantage is conducting an internal review of the incident to determine if additional security measures might be required.

Means of Access

2007 Security Hall of Shame• Framingham, Mass.- based retailer TJX. The breach it disclosed in January (several months after the

fact) was the biggest ever involving payment card data.

• TJX itself claimed that over 45.6 million cards belonging to customers were compromised in an intrusion that went undetected for over 18 months

• The U.K's VA: HMRC misplaces records on 25 million kids In November, the United Kingdom's HMRC (Her Majesty's Revenue and Customs) department managed to achieve VA-level snafu status when it disclosed that it lost computer disks containing personal information on 25 million juvenile benefit claimants

• Personal information on over 8.5 million individuals was compromised when a senior database administrator working for Certegy Check Services Inc., a subsidiary of Fidelity National, illegally downloaded the data and sold it to brokers.

• TD Ameritrade Holding Corp. Brokerage firm Ameritrade in September disclosed that someone had broken into one of its systems and stolen contact information such as names, addresses and phone numbers belonging to all of its more than 6.2 million retail and institutional customers.

• Monster.com Names, e-mail addresses, mailing addresses, phone numbers and resume IDs belonging to an estimated 1.6 million job seekers were accessed from Monster.com's resume database in August.

• Supervalu gets phished Eden Prairie, Minn.-based grocery chain Supervalu in February was conned into sending $10 million to two fake bank accounts by phishers posing as employees working for two of the company's approved suppliers.

Computerworld

Breaches

Here is a 145 page list of Data breaches from January,2005 to February 2008

ChronDataBreaches

Botnet Arrests

Detraction

Do NOT leave your purse in your shopping cart

Video

Bank ATMs converted to steal bank customer IDs

• A team of organized criminals installs equipment on legitimate bank ATMs to steal both the ATM card number and the PIN.

Equipment being installed on front of existing bank card slot.

The equipment as it appears installed over the normal ATM bank slot.

The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.

The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.

The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.

The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.

The camera shown installed and ready to capture PINs by looking down on the keypad as you enter your PIN.

FBI Computer Advice

• Keep Your Firewall Turned On

• Install or Update Your Antivirus Software

• Install or Update Your Antispyware Technology

• Keep Your Operating System Up to Date

• Be Careful What You Download

• Turn Off Your Computer

Some Additional Advice

• Checking your "sent items" file or "outgoing" mailbox for messages you did not intend to send

• Taking action immediately if your computer is infected

• Learning more about securing your computer at

http://www.OnGuardOnline.gov

Florida Law

• 1. Seniors over 65 can freeze all three CRB for free, as well as those who have had identity theft

• 2. Seniors over 65 can permanently unfreeze the accounts for free

• 3. Seniors over 65 have to pay the $10 to temporarily unfreeze and pay $10 to re-freeze any or each CRB for any reason

• 4. The fee does not apply to victims of identity theft

Safe On-Line Shopping

• Shop Where You're Safe

• Look for the Padlock

• Don't Shop at Random Stores

• Do Not Use Debit Cards

• Use a Virtual Credit Card

Temporary Credit Cards 1

Temporary Credit Cards 2

Temporary Credit Cards 3

Temporary Credit Cards 4

Temporary Credit Cards 5

Temporary Credit Cards 6

If You are a Victim

• Place a fraud alert on your credit reports and review your credit reports

• Place a security freeze on your credit reports. • Close any accounts that have been tampered with

or opened fraudulently. • File a police report and ask for a copy for your

records • File a complaint with the Federal Trade

Commission and the Attorney General’s Office. • Write down the name of anyone you talk to, what

s/he told you, and the date of the conversation.

If You are a Victim (con’t)

• Follow-up in writing with all contacts you have made about the identity theft on the phone or in person. Use certified mail, return receipt requested, for all correspondence regarding identity theft.

• Keep all copies of all correspondence or forms relating to identity theft.

• Keep the originals of supporting documentation, like police reports and letters to and from creditors; send copies only.

• Keep old files, even if you believe the problem is resolved. If it happens again, you will be glad you did.

Most digital copiers manufactured in the past five years have disk drives to reproduce documents.

The same machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned.

If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.

Some Videos

mayor_robbed_at_gas_station.flvdebit_card_scam skimmer_at_work

Purse Theft Advisory

Children & ID Theft

Protect your children

• The latest tactic these crooks are using is to steal the identity of children, preferably infants!

• Order a credit report on each of your minor children

at least once each year.

The Bad Guys Do Get Caught

Users often to blame

Clarifying Four Key Misconceptions Surrounding Identity Fraud

• Misconception #1: "Consumers are helpless to protect themselves“

• Misconception #2: "Consumers bear the brunt of the financial losses from identity fraud“

• Misconception #3: "Internet use increases the risks of identity fraud“

• Misconception #4: " Seniors are most frequent targets of fraud operators”

A Final Word

Think!