ID Theft


Published on

Brief Overview on Identity Theft and how to prevent.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Good afternoon ladies and gentlemen. I am Special Agent Hatcher with the New Orleans FBI NIPCIP squad. Hand outs should be available.
  • ID Theft

    1. 1. Cyber Identity Theft Presentation [email_address]
    2. 2. THE GLOBAL INTERNET POPULATION 1.1 Billion World Wide 16 % of Pop. (2006) 2 Percent 53 Percent Oceania/Australia 2 Percent 10 Percent Middle East 2 Percent 3 Percent Africa 7 Percent 15 Percent Latin America/Caribbean 22 Percent 69 Percent North America 29 Percent 36 Percent Europe 36 Percent 10 Percent Asia Percentage of WWW Usage Percentage of Internet Penetration Of Population Region
    3. 3. COMPUTER CRIME TRENDS UNITED STATES <ul><li>The Internet is increasingly being utilized by international criminals, especially those in Eastern Europe and Nigeria, to commit traditional white collar crimes such as advance fee, check, and credit card fraud. </li></ul><ul><li>The Internet is increasingly being utilized by U.S. criminals to commit traditional crimes such as fraud, drug sales, and pedophilia. </li></ul><ul><li>The Internet is increasingly being utilized by international terrorist as a communication and coordination network. </li></ul><ul><li>New combinations of Worms and Trojans (Bot Networks) are being utilized to attack and control thousands of DSL/Cable modem computers for use in spamming, DDOS, electronic monitoring, spoofing, and other computer crimes. </li></ul><ul><li>Personal websites of teens are being exploited by sexual predators to lure teens away from home. </li></ul>
    4. 4. Potential Threats Info Warrior Terrorist Industrial Espionage Revenge, Extortion, Financial Gain, Institutional Change Reduce U.S.. Decision Space, Strategic Advantage, Chaos, Target Damage Monetary Gain Thrill, Challenge, Prestige Thrill, Challenge National Intelligence Institutional Hacker Recreational Hacker Information for Political, Military, Economic Advantage Visibility, Publicity, Chaos, Political Change Competitive Advantage Organized Crime National Security Threats Shared Threats Local Threats President’s Commission on Critical Infrastructure Protection
    5. 5. CRIMINAL COMPUTER INTRUSIONINVESTIGATIONS Computer based financial transactions will present an increasingly tempting target for criminals Theft of Proprietary Data: Customer List, Email, Research, Marketing Plans, Personnel Data .
    6. 6. BOT NETS APPLICATIONS- Spamming <ul><li>Botnets are used for Spamming: </li></ul><ul><li>to collect Email addresses. </li></ul><ul><li>to send Spam through zombies. </li></ul><ul><li>Bots can monitor Zombie computers: </li></ul><ul><li>via key stroke logging, </li></ul><ul><li>file capture, </li></ul><ul><li>text string searches. </li></ul><ul><li>Bots can be used to: </li></ul><ul><li>Store illegal software on Zombie victim computers </li></ul><ul><li>Serve as illegal software servers. </li></ul><ul><li>Harvest CD Keys. </li></ul>
    7. 7. Bot Nets Evolution <ul><li>Multiple Command and Control channels so if one goes down the other will take over. </li></ul><ul><li>More Trojan horses (i.e. bots) which use fast-changing-IP-addresses hosts/domains. Changing IP addresses or even name servers very often. These are now called &quot;Fast-Flux&quot; domains </li></ul><ul><li>Recursive DNS flood DDOS attacks. </li></ul>
    8. 8. Denial of Service / DDoS Internet Relay Chat Target “ Master” “ Target ”
    9. 11. Identity Theft - Exposure <ul><ul><ul><li>Responsible for first $50 for losses within two days of reporting. </li></ul></ul></ul><ul><ul><ul><li>Responsible for first $500 for losses after two days and before sixty days of reporting. </li></ul></ul></ul><ul><ul><ul><li>Unlimited responsibility for losses after sixty days of reporting. </li></ul></ul></ul><ul><ul><ul><li>Business accounts may have unlimited exposure. April 2004 a small business bank account was compromised by home computer intrusion trojan and $90,348 was wired to bank in Latvia. Bank holding customer at fault. </li></ul></ul></ul><ul><li>Sources: BusinessWeek, March 28, 2005 </li></ul>
    10. 12. Points of Compromise of Someone’s Identifying Information <ul><li>Employment in positions with access to such information </li></ul><ul><li>Recruiting other individuals who have access to personal information in the course of their employment </li></ul><ul><li>- Bank, personnel office, rental office, hospital employees. </li></ul><ul><li>Obtaining information through false representations </li></ul><ul><li>- Pretext calling, fraudulent change of address with the post office or a bank </li></ul><ul><li>- False IRS form scams (W-8888 or W-9095 Application Form for Certificate Status/Ownership for Withholding Tax.) </li></ul><ul><li>Theft of purses, burglary of a car or house </li></ul><ul><li>Outsiders Stealing documents from businesses that contain personal information from business offices or through “dumpster diving” </li></ul><ul><li>Electronic Means – hacking into servers containing customers’ or employees’ personal information </li></ul>
    11. 14. Laptop computer Skimming
    12. 15. Identity Theft Major Breaches <ul><li> </li></ul>Source: Privacy Rights Clearinghouse 45.7 Million System Hacked TJ Max January 2007 Copyright © 2005-2007. Privacy Rights Clearinghouse 40 Million Systems Hacked CardSystems June 2005 243,000 Laptop Theft Ernst & Young UK June 2006 1.2 Million Backup tapes lost Bank of America Feb 2005 3.9 Million Backup tapes lost CitiFinancial June 2005 1.4 Million System Hacked DSW Retail April 2005 # of Credit Card Numbers Type of Breach NAME DATE
    13. 16. Phishing <ul><li>Definition – Password and/or identity harvesting through look a like fake Email. Generally directs customers to look a like websites to solicit identity and passwords. </li></ul><ul><li>Educate Users --- NEVER utilize Email connections to websites!!!!!! </li></ul>
    14. 17. Anti-Phishing Continuum Prevent Detect Respond <ul><li>Goal: Become a Hard Target </li></ul><ul><ul><li>Address all three stages </li></ul></ul><ul><ul><li>Feedback to improve prevention </li></ul></ul>
    15. 18. Phishing --- IRS Accounts
    16. 19. Phishing—
    17. 20. Phishing—Credit Unions
    18. 21. What can I do??????
    19. 22. How to minimize your risk! <ul><li>Before providing personal identifiers, know how it will be used and if it will be shared. </li></ul><ul><li>Know your billing cycles and contact creditors when bills fail to show up. </li></ul><ul><li>Place outgoing mail in collection boxes or the U.S. Post Office. </li></ul><ul><li>Only carry essential identification cards. </li></ul>
    20. 23. Minimizing your risks cont’d…. <ul><li>Do not give personal info over the phone, Internet or contest. </li></ul><ul><li>Do not discard documents that contain personal identifiers or account info. </li></ul><ul><li>Order copies of your credit report once a year. ( ) </li></ul>
    21. 24. Minimizing your risks cont’d…. <ul><li>The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks. </li></ul><ul><li>2. Do not sign the back of your credit cards. Instead, put &quot;PHOTO ID REQUIRED&quot;. </li></ul><ul><li>3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the &quot;For&quot; line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it. </li></ul><ul><li>4. Put your work phone number on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. You can add it if it is necessary. But if you have it printed, anyone can get it. </li></ul><ul><li>5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. </li></ul>
    22. 25. Warning Signs Credit inexplicably denied. Routine financial statements stop arriving in a timely manner. Creditors making phone calls on accounts you’ve never authorized. A new or renewed credit card is not received.
    23. 26. What to do if you’re Victimized! <ul><li>Step One: Contact the fraud department for the three major credit bureaus </li></ul><ul><ul><li>Experian (TRW) </li></ul></ul><ul><ul><ul><li>888-397-3742 </li></ul></ul></ul><ul><ul><li>TransUnion 800-680-7289 </li></ul></ul><ul><ul><li>Equifax </li></ul></ul><ul><ul><ul><li>800-525-6285 </li></ul></ul></ul><ul><li>Social Security Administration Fraud Hotline </li></ul><ul><ul><li>800-269-0271 </li></ul></ul><ul><li>Federal Trade Commission </li></ul><ul><ul><li>877-FTC-HELP </li></ul></ul><ul><ul><li>877-ID-THEFT </li></ul></ul><ul><ul><li> </li></ul></ul>
    24. 27. What to do if you’re victimized cont’d…. <ul><li>Step Two: Contact the account issuer in question </li></ul><ul><ul><li>Ask for the fraud/security department of the compromised or fraudulent account issuer. </li></ul></ul><ul><ul><li>Notify them by phone and in writing . (the 800s you copied) </li></ul></ul><ul><ul><li>Close all tampered or fraudulent accounts. ( I would close all possible compromised accounts) </li></ul></ul><ul><ul><li>Ask about secondary cards. </li></ul></ul><ul><li>Step Three: Contact your local police department </li></ul><ul><ul><li>Notify the police department in the community where the ID Theft occurred. </li></ul></ul><ul><ul><li>Obtain copies of all police reports made. </li></ul></ul>
    25. 28. What to do if you’re victimized cont’d…. Keep a detailed log of all contacts: - Location called. - Name of person(s) you spoke to: Title and call back number with ext. - Ask and write down what the procedures are for that entity.
    26. 29. How to minimize your risk! <ul><li>Before providing personal identifiers, know how it will be used and if it will be shared. </li></ul><ul><li>Know your billing cycles and contact creditors when bills fail to show up. </li></ul><ul><li>Place outgoing mail in collection boxes or the U.S. Post Office. </li></ul><ul><li>Only carry essential identification cards. </li></ul>
    27. 30. INTERNET FRAUD 2000 = 16,838 complaints 2001 = 49,957 complaints 2002 = 75,063 complaints 2003 = 66,534 complaints 2004 = 103,959 complaints 2005 = 231,493 complaints 2006 = 207,492 complaints 2007 = 206,884 complaints
    28. 31.
    30. 33. “ Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government.” Presidential Decision Directive-63 May 1998
    31. 35. Joint FBI/US-DHS Cyber Security Email request: [email_address]
    32. 36. Let’s take a Break Questions?