Upload
myron-ryan
View
220
Download
0
Embed Size (px)
Citation preview
Agenda
Statistics Who wants your info? What we freely(!) give
away How they get your info How to protect it Help! My identity was
stolen! Questions?
What is Identity Theft? Fraud attempted or committed using
your information without your authority
It's more than just stealing your credit card info: Thieves use stolen info to become you.
I.e. SSN, your account info, your medical info, your credit info or any combination
Woman in Miami, FL was arrested upon returning from vacation for allegedly jumping bail on a bank robbery case
One of the top complaints to the FTC for 13 years
“The fastest growing white-collar crime in America” - FBI
Who Wants Your Info?
Hackers Profile: mail, single, 16-19, loner, low
self-esteem Key friends are other hackers Challenge is obtaining information Ego, pride, $$$
Organized crime Big business Evade arrest
Countries / nation states China, North Korea, India, Russia,
Iran, Africa nations, South America, Mexico, ...
Disrupt business/economy, destroy infrastructure, make $$$
Identity Theft Statistics Since 2000 ID theft complaints have grown
by 81% Nearly 12 million have been affected
3 million of those were dead Children are a better target for identity theft than
you 2012 saw a 13% increase in fraud “The revenue from trafficking financial data
has surpassed that of drug trafficking” - Secret Service March 2007
The most destructive type of ID theft is having your name, birth date, and Social Security number used to open credit accounts, tap your health insurance, or file a tax return in your name to steal your refund, among other crimes. But less than 1 percent of households experienced that form of ID theft in 2010, according to the Department of Justice U.S. Census in 2010: 114,800,000 households
The Real Problem
YOU are guilty until YOU prove your innocence 12% of victims have warrants issued in their
name “If an identity theft changes the address
on your account and you didn't receive the bill, your dispute letter must still reach the creditor within 60 days of when the creditor would have mailed the bill.” (pg 19) Consumers are generally aware that credit
cards come with generous protections -- their liability for theft is limited to $50, and even that sum is now waived by most banks. But no such broad protections are afforded to debit cards and other electronic cash-based transactions, such as funds transfers between a checking account and PayPal.com.
What We Freely(!) Give Away
Social sites Geotagged pictures Detailed information
about ourselves Twitter
Announcing when we go on vacation
Blogs Email
Clicking on things we really shouldn't click on
Message Page 1 of 1 From: Internal Revenue Service [mailto:[email protected]] Sent: Wednesday, March 01, 2006 12:45 PM To: [email protected] Subject: IRS Notification - Please Read This . After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $63.80. Please submit the tax refund request and allow us 6-9 days in order to process it. A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for your tax refund, please click here Regards,Internal Revenue Service
© Copyright 2006, Internal Revenue Service U.S.A. All rights reserved.. 3/13/2006
Dear Customer::
For your security, access to Online Banking has been locked because the number of attempts to sign in exceeded the number allowed. To regain access to your internet banking, Please update and select the Reset Account link. below.
We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.
To access and activate your account, simply click the link below.
www.bankofamerica.com/onlinebanking/index.php?id=zxdj9b32wx
The entire activation should take only 5 minutes of your time. Please complete the activation by now.
Thank you for using Online Banking.Bank Of Ameria Alerts
If you no longer wish to receive these e-mails, please click on this link:www.bankofamerica.com/onlinebanking/index.php?id=deactivate
ATM examples
Camera records PIN as it's keyed in
Hidden PIN recording camera
The camera hidden in the pamphlet box includes its own battery and transmission antenna
How They Get Your Info(high tech)
Credit/Debit card theft Skimming – device attached to scanners Pretexting – social engineering Man-in-the-middle – intercept communications Phishing – social engineering Pharming – compromised web site which redirects user Vishing – voice phishing / robo calls Search Engine Phishing – too good to be true offers SMiShing – Spam text messages which look legit Mallware based Phishing – harmful download Phishing through Spam – spammer sends offers Spear Phishing – email phishing focused at business
How They Get Your Info(low tech)
Mail theft – stolen from your mail box 1 in 80 families have stolen mail
Dumpster diving – just what you think 40+% unsolicited mail is thrown away intact
Social engineering – pretending to be legit; con game
Shoulder surfing – at ATMs or counters Steal personal items – pick pockets, left
behind 50% of people carry their SSN around
How They Get Your Info(outside your control)
AOL employees fired for selling 250,000 customers information Ameriprise financial laptop stolen with 225,000 customers data
on it IRS laptop stolen from office with over 100,000 customers data
on it Boston Global & Worchester Telegram Gazette delivered
newspapers with 240,000 subscriber data Ernest & Young laptop with 243,000 customers data on it
stolen from employee's car Laptop missing from Twin Cities blood bank with 268,000
customers data on it 3.3 million student load data stolen from NM company Your car
How They Get Your Info(the con / social engineering)
Grandparent scam Help! send money (and don't tell mom & dad)
Income tax return Steal from home
At-home workers Have I got a deal for you! Rental/Real Estate scam Mystery / Secret shopper <insert here> relief fund Popup ads offering FREE AV software Forged gift cards Threaten / Guilt
Jury duity, lawsuit, arrest warrant, ...
And Now For The Scary Part
Your info has probably been stolen at least once
Your info is probably already out there
Some Ways To Protect Your Info
Install operating system updates / anti virus software (Good and Different) Password protect your stuff Use metal lined wallets for credits cards Expect to be a victim – take steps to reduce the impact
Be alert, monitor, inspect and question Keep important documents secure
i.e. SSN card, birth/marriage certificates, wills, etc... Fire resistant container / bank safety deposit box URLs must start with https NEVER http The internet NEVER forgets Review monthly statements
Immediately challenge them Buy a cross cut shredder and shred documents Protect medical information just like financial information
Other Ways To Protect Your Info Opt out of pre-approved credit offers
888.567.8688 / (888)5OPTOUT Obtain all three credit reports once a year
1.877.322.8228 / www.annualcreditreport.com If it's too good to be true – you're right Don't believe phone solicitors Add yourself to the National Do Not Call List:
www.donotcall.gov / 1.888.382.12222 Close unnecessary accounts Don't pre-print phone number on checks Have checks mailed to a P.O. box or pick them up at
the bank Before traveling long distances or out of the country
tell your credit card company
Yet More Ways To Protect Your Info
Guard your SSN No, they really don't need it
Don't carry credit cards you don't need Limit number of credit card accounts
Don't use mail boxes for sending mail Carry wallet in front pocket Purses go over both shoulders and zipped shut Be aware of people around you
It's not rude to ask them to step back NEVER give your personal information over the phone or email
Companies or governments will never ask for that Instead you contact them
Should I Trust Someone Else? LifeLock, Identity Guard,
TrustedId, PrivacyGuard, and lots more
All cost money for services that you can do free
“Do-it-yourself safeguards are just as effective as paid services” - Consumer Reports magazine: January 2013
Help! My Identity Was Stolen!
File a police report Get the file number
Place a Fraud Alert with all three credit reports Equifax – 1.800.525.6285 / www.equifax.com Experian – 1.888.397.3742 / www.experian.com TransUnion – 1.800.680.7289 / www.tuc.com
Request a freeze on all three credit reports Small charge (i.e. $5.00) May be time limited
Close all accounts that have been tampered with
Help! My Identity Was Stolen!
File complaint with FTC (and follow up) www.ftc.gov/idtheft 1.877.438.4338 (877.IDTHEFT) Identity Theft Clearinghouse, Federal Trade
Commission, Washington, DC 20580 Log everything
Keep notes of phone conversations Send mail certified Keep records of expenses and your time
Consider talking to a lawyer
Resources
Internet Crime Complaint Center – http://www.ic3.gov/default.aspx
FPI – http://www.fbi.gov Federal Trade Commission -
http://www.consumer.ftc.gov/features/feature-0014-identity-theft
Privacy Rights Clearinghouse: www.privacyrights.org
MSN Money ID Theft Prevention& Survival:
http://www.identitytheft.org/
More Numbers
Average # of hours spent repairing identity: 330 Number of victims who have trouble removing negative info: 70% Average out of pocket loss: $631
Most credit cards cap that at $50 Internet crime increase since 2011: 50% Percentage of online users affected by cybercrime in the U.S.: 75% ID fraud arrests: 300+ per year Victims who had warrants issued for their arrest: 62% Number of SSNs bought and sold every 6 weeks in the U.S.: 10 million Cost of a stolen info (2006):
Health insurance card or credit card w/ pin: $500-$600 Drivers license or SSN card: $100 Credit card with expiration data and security code: $25 PayPal account and password: $7
Drivers License Identity Theft
Your driving privileges could be suspended or revoked
You could be arrested for crimes you didn't commit
People can open bank accounts, apply for credit cards and cash checks using your license
David Joe Hernandez
In November 2004 David Joe Hernandez served four years in the Air Force. He came home and found... Arrest warrant in Arizona for driving on a
revoked license Responsible for 20 delinquent account for
cell phones, credit cards, utility bills and hospital bills
Linked to a string of felonies, including auto theft and drug charges
State regulators began garnishing 60% of his wages to pay child support to a woman in Chicago he'd never heard of
A week after Hernandez started working at Best Buy, his manager informed him he was being let go because a criminal record check came back showing a felony drug conviction.
SSN Identity Theft
Your SSN can be used to gain employment or report income
They get the income; you get the tax bill
They can file for social security benefits
Can apply for credit cards
Can obtain a drivers license
Medical Identity Theft
You could owe thousands of dollars for a procedure you've never had
You could become uninsurable
You could be denied employment for conditions you don't have
Korinke Story In 2003 the Korinke family was sued by
Homecoming Financial Network INC., a division of GMAC for $75,000 plus attorney fees
In 2001 an impostor got hold of a line of credit, switched the address, and the Korinkes never received the outstanding bills
Homecomings claimed the Korinkes had been negligent. “The Korinkes were slow to discover and report the identity theft ... as such, Korinke is liable for any and all sums attributed to his negligence”