Agenda Identity Theft & Film What is identity theft? Types of the Identity Theft Statistics & Identity Theft How does identity theft work? Techniques Warning signs How to steal an identity? Countermeasures Protect yourself Regional legal responses
What is Identity Theft? Identity theft is a form of stealing someones identity in which someone pretends to be someone else by assuming that persons identity, typically in order to accessresources or obtain credit and other benefits in that persons name
What is Identity Theft?• The term identity theft was coined in 1964• Determining the link between data breaches and identity theft is challenging• Probability of becoming a victim to identity theft as a result of a data breach is ... around only 2%
What is Identity Theft?Identity theft occurs when someone usesyour name, your Social Security number, or some other personal, financial, or medical information without your permission to commit fraud or other crimes.
Types of the Identity TheftCriminal identity theft (posing as another person when apprehended for a crime)Financial identity theft (using anothers identity to obtain credit, goods and services)Identity cloning (using anothers information to assume his or her identity in daily life)Medical identity theft (using anothers identity to obtain medical care or drugs)Child identity theft. (children are valued because they do not have any information associated with them)
Statistics & Identity TheftConsider the following: One million people in Canada will suffer from some formof identity theft totalling over $6 billion50% of the cases reported will be as a result ofunauthorized credit card charges.20% of the victims will know their thievesThe average time between the date of the theft and whenit is noticed by the victim will be 14 months.
How Does Identity Theft Work? • Identity theft works in a range of ways • from crude methods to well organised scams Human-Based Computer-Based Wealth personal information Cards Mail public records Information saved in our computers Information posted on social networking sites
Techniques• Rummaging through rubbish for personal information (dumpster diving)• Retrieving personal data from redundant IT equipment• Using public records about individual citizens (electoral rolls) Stealing bank or credit cards, identification cards, passports, authentication tokens ( pickpocketing, housebreaking or mail theft)• Common-knowledge questioning (what was your first car model?)
Techniques• Skimming information from bank or credit cards (Clone Card)• Using contactless credit card readers to acquire data wirelessly from RFID-enabled passports• Observing users typing ( shoulder Surfing)• Stealing personal information from computers ( Malware, Trojan horse, Keystroke, Other Spyware)• Hacking computer networks, systems and databases (SQl Injection)
Techniques• Exploiting breaches (Social Address, IC Number)• Advertising bogus job ( Resume, CV)• Exploiting insider access and abusing the rights of privileged IT users to access• Impersonating trusted organizations in emails, SMS text messages, phone calls (Phishing)• Brute-force attacking weak passwords and using inspired guesswork• Obtaining castings of fingers for falsifying fingerprint identification.• Browsing social networking websites for personal details• Using false pretences to trick individuals (Pretexting)• Guessing Social Security numbers by using information found
TOOLS• Gunter Ollmann said, “Interested in credit card theft? There’s an app for that.”• The new program for infecting users’ computers is called Zeus (inexperienced hacker can operate it) SpyEye/ZeuS Toolkit v1.3.05
Warning signs• You get an email, SMS or a phone call out of the blue asking you to ‘validate’ or ‘confirm’ banking details.• You notice that amounts of money go missing from your bank account without any explanations.• The caller pushes you to provide personal information and discourages you from checking if it’s a genuine request.• You are unable to obtain credit or a loan because of an inexplicably bad credit rating.
Protect YourselfSuch organizations offer recommendations on how individuals can prevent theirinformation falling into the wrong hands•If your personal information is lost, stolen, orotherwise compromised, you can minimize thepotential damage from identity theft.•Put a Fraud Alert on Your Credit Reports•Review Your Credit Reports•Create an Identity Theft Report•
Protect Yourself•NEVER send money or give personal details to people you don’t knowand trust.•If you receive a call from your bank or any other organisation, don’tprovide your personal details—instead ask for their name and a contactnumber. Check with the organisation in question before callingback. NEVER rely on a number provided in an email or click on theprovided link—instead find the contact number through an internetsearch or check the back of your ATM card.•If you receive a request from a friend or family member stranded whileon holiday asking you to transfer money to them, contact them by phoneor alternative contact to verify the request is genuine before sending anymoney or providing personal details.•
Protect Yourself• Regularly check your credit card and/or bank statements to ensure that suspicious transactions are detected.• Log directly onto websites you are interested in rather than clicking on links provided in an email.• Always get independent advice if you are unsure whether an offer or request is genuine.
Protect Yourself• To reduce or minimize the risk of becoming a victim of identity theft or fraud, there are some basic steps you can take. For starters, just remember the word SCAMStingy about giving out your personal informationCheck your financial information regularlyAsk periodically for a copy of your credit reportMaintain careful records of your banking and financial accounts.
Regional legal responses• Australia (135.1 General dishonesty)• Canada (Under section 402.2 of the Criminal Code of Canada )• France (In France, a person convicted of identity theft can be sentenced up to five years in prison and fined up to €75,000)• Hong Kong (Under HK Laws. Chap 210 Theft Ordinance, sec. 16A Fraud )• India (Under the Information Technology Act 2000 Chapter IX Sec 66C)