• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Stealing Your Identity FAST FACTS
 

Stealing Your Identity FAST FACTS

on

  • 845 views

 

Statistics

Views

Total Views
845
Views on SlideShare
845
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Kids today … it is fun.. It is challenging and it is our job to educate and inform everyone.
  • Pharmacy story But than customer will say well.. I don’t have any information anyone would want and my employees are great… So here is a great question.. What time of day is 70% of the pornography viewed or downloaded?
  • In fact only 20% of the businesses that we talk to have firewalls in place now Only 5% of the passwords that we check are secure (meaning it would take more than 2 hours to crack it) And pretty much only 2% of the companies we talk to have any form of intrusion detection systems
  • More Security Doesn’t Always Make You More Secure Better Planning and Management Does
  • So hackers really don’t always want your data.. They want your systems and If they get them.. You are liable ..

Stealing Your Identity FAST FACTS Stealing Your Identity FAST FACTS Presentation Transcript

  • Stealing Your Identity FAST FACTS What you don’t know can cost you your “life”
  • Interaction is Good
    • Please ask questions as we go, others may benefit from your query
    • No such thing as a stupid question – This is a very difficult subject
    • Let’s try to stay on topic, but side discussions are welcome
  • Overview
    • Introduction
    • Current situation – How bad is it really ??
    • How does ID theft happen
    • Why should you protect your information
    • How does ID theft affect you
    • How to protect your information
    • What to do if you are a victim of ID theft
  • Introduction
    • Why trust me ??
    • More than 25 years experience in security
    • Industry Certified
      • CISSP
      • CISM
      • ISSAP
      • ISSMP
      • CEH
      • IAM
      • IEM
  • Why Alternate Identity
    • Anonymous
    • Financial Gain
    • Revenge
  • Your Identity
    • Social Security Number
    • Passport
    • Birth Certificate
    • Drivers License
    • Diploma
    • Credit Cards
    • Bank Accounts
  • Methods
    • Obtaining New Identity
    • Inheriting Identity
    • Stealing Identity
  • Obtaining Social Security Numbers
    • New SSN
      • Through Identity Theft
      • Juvenile Application Method
      • International Citizens
      • Witness Protection Program
  • International Citizens
    • Genuine Passports
      • Dominica and St.Kitts/Nevis
      • Venezuela
    • Camouflage Passports
      • British Honduras
      • Zanzibar
      • New Granada
      • Rhodesia
    • Lottery
  • New SSN Through Identity Theft
    • Police Reports
    • Credit Reports
    • FTC Reports
    • Name Changes
  • Other Identifications
    • Drivers License
    • Professional ID
  • Other Identifications
    • Birth Certificate
  • Other Identifications
    • Credit Cards
  • Other Identifications
    • Degrees and Certificates
      • Life Experience Degree
      • Rocheville University
  • The Address
    • PO Boxes public or private
    • Rural Routes
    • International Addresses
    • Property
      • Private
      • Industrial
      • Vacant
      • Office buildings
      • Broom closets
    • Other
  • Stealing an Identity
    • Postal System
    • Shoulder Surfing
    • Garbage
    • Hacking
    • Social Engineering
    • Inheritance
  • Stealing an identity
    • Finding the SSN
      • Mail System
      • Purchasing
        • Terminally ill
      • Public Records
        • DMV
        • Tax records
      • Internet
        • www.bestpeoplesearch.com
        • www.docusearch.com
        • www.gum-shoes.com
        • www.secret-info.sslrx.com
        • www.zabasearch.com
        • www.familytreesearcher.com
    • Part II
  • How Bad is it……
    • ID Theft – FBI/FTC #1 Crime – Very real threat
    • Federal and state agencies are passing the buck
    • Scans and mass mailers will find you
    • Scanning and hacking systems are freely available on the internet
  • How Bad is it…..
    • General weak information security practices everywhere
    • The Internet is NOT the most common vector – Physical theft is a much greater risk
    • Hackers, criminals and even terrorists are actively looking for you
    • Watch out for scams
  •  
  • Hacking on the Internet
    • Google search results:
      • Hacker: 12,500,000 hits
      • Hacking Windows 2000: 271,000 hits
      • Hacker tools: 757,000 hits
      • Hacking tools: 697,000 hits
      • Hacking Microsoft: 545,000 hits
      • Hacking Linux: 12,290,000 hits
      • Hacking Mac: 266,000 hits
      • Hacker Exploits: 103,000 hits
      • Computer Vulnerabilities 403,000 hits
  • SPAM Dominates Internet Traffic
    • In April of 2004, SPAM
    • topped 82% of all U.S. email.
    • Spam is estimated to cost U.S. corporations in excess of $10 billion in lost productivity.
  • Reputation Money Diversion of Resources Legal and Regulatory
  • The VIRUS Threat
    • 95% of all businesses are
    • affected by viruses each year.
    • By number, there are well over 100,000 known computer viruses.
    • Variations of 180 of the most potent viruses pose the greatest threat.
    • Viruses are no longer “recreational” but
    • a growing tool of organized criminals
    • who use “zombie” computers.
  • The ZOMBIE Threat
    • Hackers don’t use their own computer systems.
    • HACKERS USE YOUR COMPUTERS.
    • More and more hackers are gaining access to large entities by entering through a small business or home computer system.
  • Shortened Response Time
    • Writers of malicious code are developing viruses as soon as weaknesses become apparent.
    • January 2003 -- The Slammer virus appears
    • several months after Microsoft releases a patch
    • for a vulnerability.
    • August 2005 - "IRCBOT.WORM" and "RBOT.CBQ” surface, exploiting flaws announced
    • by Microsoft less than five days prior.
  • Why Hack any Business ?
    • Because we have made it easy and
    • it is the most inconspicuous way to hack.
    • Inadequate or no firewalls to overcome
    • Easy or no passwords
    • No Intrusion Detection systems
    • The vast majority of businesses and home users
    • are completely unprotected and ignorant.
  • Phishing
  • Phishing
  • Phishing
  • Phishing
  • Phishing
  • The 7 Top Errors in Addressing Risks 7. Fail to realize the value of their information and organizational reputations. 6. Pretend the problem will go away if they simply ignore it. 5. Use technology as a fix and not a solution 4. Fail to fully design, develop and implement an IT Plan. 3. Address Security and Disaster Recovery as an afterthought, “something we can add later”. 2. Believe that “it” will never happen to them ! 1. Treat IT and Security as an expense not an investment
  • 100% Security vs. Reality
    • No “Silver Bullet”
    • Requires constant vigilance
    • Nothing is truly secure
    • Tradeoff of functionality/convenience
    • More security = Higher cost
  • How Does ID Theft Happen
    • Criminals get information through businesses
      • Stealing employee records
      • Bribing to access these records
      • Hacking into organizations computers
  • How Does ID Theft Happen
    • Types of information that can be stolen
      • Names
      • Addresses
      • Date of birth
      • Social security numbers
      • Phone numbers
      • ID cards (passport, driver license, bank card, more…)
      • Passwords (mothers maiden name, pin codes, more…)
      • Credit Cards
  • How Does ID Theft Happen
    • Steal wallets and purses
      • containing id, credit cards, bank cards, checks
    • Steal personal information from your home
    • Steal mail from your mailbox
      • Pre approved credit offers, new checks, bank statements, tax info, social security info…more…..
    Theft
  • How Does ID Theft Happen
    • Criminals rummage through trash to obtain:
      • Credit card applications
      • Bills
      • Bank statements
      • Sticky Notes
      • Other valuable documents
    Dumpster Diving
  • How Does ID Theft Happen
    • Criminals pose as:
      • Government Officials
      • Legitimate business people
        • Cable Company
        • Online Provider
        • Phone Company
    Social Engineering
  • How Does ID Theft Happen
    • Who
      • Prior criminals branching out
      • First time criminals
      • Neighbors
      • Co-Workers
      • Friends and Family
    • Why
      • Financial gain
      • Revenge
      • Challenge
    Who and Why
  • How does ID theft affect you
    • Impacts associated with ID theft…….
      • Loss of funds
      • Negative impact to credit rating
      • Loss of time
      • Denied jobs
      • Denied loans
      • Tickets and warrants
      • Check writing privileges
  • How to protect your information
    • Protection software
    • Protection hardware
    • Passwords
    • E-mail security
    • Web browser security
    • Internet purchasing security
    • Encryption
    • Secure deletion (guard your trash)
    • Snail mail security
    • Credit card and check security
    • Telephone security
  • Electronic Information Security
    • Protection hardware
    • Protection Software
    • Patch, Patch, Patch
    • Use strong passwords
    • Encrypt where feasible
    • Beware of free credit reports
    • Don’t give out valid information via e-mail, web or otherwise – fake it when you can.
  • The ring (fortress Model)
    • Think of walls around a fortress or castle
    • Never put an unprotected system on the internet – you are an accident waiting to happen.
    • Not protecting systems may become a crime – Due Care Act 1977
    Hardware Firewall Software (Personal) Firewall Anti-Virus Spyware/Adware Blocker Hardened System
  • Protection Software
    • Personal firewalls
    • Anti virus
    • Spyware/Adware blockers
    • Others
      • Content filters
      • Pop up blockers
      • Cookie crushers
      • History scrubbers
  • Protection Hardware
    • Hardware Firewalls
      • Routers/modems
      • VPN
      • Wireless
    • USB Tokens
    • 2 Way Authentication
    • Biometrics
  • Internet Purchasing Security
    • Get a “webmail” (or otherwise separate) account for all personal transactions
      • keeps primary e-mail cleaner and less noisy
      • More than one may be needed
    • Only use credit cards with fraud protection
    • Consider using “one-time” credit card numbers
    • Use strong passwords
  • E-mail Security
    • Use special/restricted account for financial activity
    • Don’t “unsubscribe” to spam
    • Watch for “phishing” and other online scams
      • Microsoft
      • Paypal, Ebay
      • Various banks
    • Trust no one – even friends/family
    • Learn attachment types
      • (*.exe, *.zip, *.com, *bat, *.scr…….)
    • Concerned – Just don’t open it !!!
  • Web Browser Security
    • You can easily be hacked through your web browser – Quickly becoming most common threat factor
    • Don’t click “OK/Yes” on any prompt without reading it very carefully
    • Don’t click on pop-ups, use “Alt+F4 or Alt+tab to pop unders
    • Clean out cookies regularly
    • Do not allow browser to store passwords
    • Ensure “padlock” is visible before entering any sensitive information
    • Consider an “alternate” browser such as Firefox
  • Encryption
    • Password safes
      • Store all passwords in a safe location accessed by a single password
      • Hold multiple safes in one location
    • File encryption
      • Encrypt specific files
      • Encrypt entire drives or partitions
    • E-mail encryption (PGP, Gnupg)
      • Encrypt content attached to e-mail
      • Encrypt entire e-mail
  • Secure Deletion
    • Donating to charity ?
    • Giving your old system to friends ?
    • Throwing away an old hard drive ?
      • Don’t forget to scrub your data
    • What is in your garbage ?
      • Purchase a shredder
  • “Snail Mail Security
    • Don’t leave mail in mailbox for long periods of time
    • Lock your mailbox if you can
    • Pay online or direct debit/deposit if you can
    • Shred all sensitive information with a cross-cut shredder – even free offers
    • Request non-SSN unique identifiers for all bills
    • Periodic change of address form, just to be safe
  • Check Security
    • Use initials on checks instead of first name
    • Only use the last 4 digits of your credit card number in the “For/Memo” space to pay checks to credit card company
    • Use work phone number and address on checks instead of home number (or use PO Box – even better!)
    • Never put your SSN on your checks
    • Shred any voided check
    Tip: photocopy all items in your wallet and keep on file…
  • Credit Card Security
    • Write down all toll free numbers
    • Don’t sign credit cards, use “PHOTO ID REQUIRED” instead
    • Handle credit card receipts carefully – like cash
    • Shred all pre-approved offers
    • Shred all unused credit card checks
    • Shred anything with account info/number
  • Telephone Security
    • Cord vs. Cordless phones…
    • Encrypted handset-to-base is the only secure cordless ( not cell/mobile) phone
    • Wireless/cordless traffic is easy to “scan”
    • Digit grabbers capture touchpad entries
    • Mobile/Cell phones…
    • Mobile/cell traffic is easy to intercept
    • Bluetooth issues for mobile/cell phones
      • Viruses, DoS, Cross-talk
      • War-nibbling, Snarfing
    • Phone scams
      • a.k.a. Social Engineering
      • “ Yes/No” recording
      • Fake charities
      • Phone phishing
  • Wireless Security
    • Use Encryption
    • Log events
    • Use Mac addressing
    • Upgrade to WPA
  • Home Network Security Checklist
    • Use a hardware firewall
    • Use a software firewall (w/IDS)
    • Patch, patch, patch - automatically…
    • Use anti-virus – and keep it updated (or auto-update)
    • Use a spyware/adware blocker
    • Harden operating system
      • Don’t use Admin account by default; assign specific users
      • Strong passwords; upper and lower case, numbers, special characters
      • Disable unnecessary services
    • Test your system periodically
      • Microsoft Baseline Security Analyzer
      • GRC – Shields Up!
    • Configure wireless to be “secure”
      • Strong WEP key
      • MAC address restrictions
      • “ Wardriving” happens…
  • What To Do If You’re A Victim
    • Contact all creditors – immediately!
      • Change account information/number
      • Remove SSN as identifier
      • Establish a password, if possible
    • Contact Credit Bureaus and get a Fraud Alert put on your account
      • Experian, Equifax, Trans Union
    • Contact Federal agencies
      • Social Security Administration, Federal Bureau of Investigation, Federal Trade Commission, Secret Service, etc…
    • Contact Police , FBI
    • Contact your Legislators
    • Monitor all accounts very closely (daily)
  • What To Do If You’re A Victim
    • Create a checklist and log --
      • Document all agencies and companies contacted
      • Document exactly what they are going to do to remedy your issue and when they expect to have it done (verify)
      • Get name of contact person you speak with every time you call – it may change
      • Record every phone number you call and if you get transferred, write down the new number
      • Record time, number and duration of calls
      • Take extensive notes or record conversation
      • Be persistent! Ask to speak with a supervisor. Don’t take “no” for an answer unless you absolutely have to
  • Fraud Reporting Resources
    • Experian (formerly TRW)
      • http://www.experian.com – 888.397.3742
    • Equifax
      • http://www.equifax.com – 800.525.6285
    • Trans Union
      • http://www.transunion.com – 800.680.7289
    • Social Security Administration
      • http://www.consumer.gov/idtheft/ – 800.269.0271
    • Federal Trade Commission
      • https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03 – 1.877.IDTHEFT (438.4338)
    • Federal Bureau of Investigation
      • http://www.fbi.gov
    • Secret Service
      • http://www.ustreas.gov/usss
  • Microsoft Security Resources
    • Microsoft Update Center
      • http://v4.windowsupdate.microsoft.com/en/default.asp
    • Microsoft Security Center
      • http://www.microsoft.com/security/
    • Microsoft Office Updates
      • http://office.microsoft.com/productupdates
    • Microsoft Security Bulletin Service
      • http://www.microsoft.com/technet/security/bulletin/notify.asp
    • Microsoft Security Tools and Checklists
      • http://www.microsoft.com/technet/security/tools/tools.asp
    • Microsoft Baseline Security Analyzer
      • www.microsoft.com/technet/security/ tools/tools/MBSAHome.ASP
    • Microsoft HFNetCheck
      • http://www.microsoft.com/technet/security/tools/tools/hfnetchk.asp
  • Other Security Resources
    • US CERT – US Computer Emergency Response Team
      • http://www.us-cert.gov/
    • The I3P – Security in the News
      • http://www.thei3p.org/news/today.html
    • DHS Daily Report - Department of Homeland Security daily report
      • http://www.nipc.gov/dailyreports/dailyindex.htm
    • SANS Internet Storm Center - Internet “weather report”
      • http://www.incidents.org
    • Packet Storm – Security Information site
      • http://www.packetstormsecurity.net
    • Security Tracker - Comprehensive list of all known vulnerabilities
      • http://www.securitytracker.com
    • World Virus Map - Interactive map of all current viruses
      • http://www.trendmicro.com/map
    • Security Focus
      • http://www.securityfocus.com
  • Hackers password cracking tools decode
    • Over the network tools = 3-4000 words per min
    • On the local computer =
    • 1.4 MM passwords per 4 min
  • Security Alert Overload
    • The average Security Professional spends 2.5 hours a day tracking information.
    • 1997 – Internet Security Systems X-Force reported an average of 20 vulnerabilities a month.
    • 2004 – Symantec documented more than 1,237 new vulnerabilities between Jan. 1 and June 30, an average of 48 new vulnerabilities per week. 70% were considered easy to exploit, and
    • 96% were considered moderately
    • or highly severe.
  • CEBIC Technologies, Inc.
    • Protecting your networks and your data
    • Managed Virus Services
      • Symantec, McAfee, TrendMicro system-wide updating
      • Configuration
      • Live updates
      • Subscriptions
    • Managed Intrusion Detection
      • Intrusion detection and protection services (Patching)
      • File sharing: Permissions, Encryption, Passwords
      • Content Management: Anti-Spyware Management
      • Hardware firewalls
    • Computer Network Systems Health
    • Monitoring
  • CEBIC Technologies Inc.