Matt Luallen Explains What, How and Responding to Identity Theft

1,894 views
1,785 views

Published on

Matt Luallen explains key identity theft concerns and how to respond if you believe your identity is stolen.

Published in: Economy & Finance, Technology
1 Comment
0 Likes
Statistics
Notes
  • To get even more examples of the other types of objects embedded with hidden cameras, look at http://www.spy-equipment-buying-guide.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
1,894
On SlideShare
0
From Embeds
0
Number of Embeds
34
Actions
Shares
0
Downloads
30
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Matt Luallen Explains What, How and Responding to Identity Theft

  1. 1. What, How, and Responding to Identity Theft Matthew E. Luallen [email_address]
  2. 2. Agenda <ul><li>What is Your Identity </li></ul><ul><li>How Do Identity Thieves Operate </li></ul><ul><li>Real Identities Stolen </li></ul><ul><li>What You Should Do </li></ul><ul><li>Two Simple Principles </li></ul>
  3. 3. What is your identity? <ul><li>Personal Services Account Numbers </li></ul><ul><ul><li>Utilities </li></ul></ul><ul><ul><ul><li>Power </li></ul></ul></ul><ul><ul><ul><li>Cellular / Landline </li></ul></ul></ul><ul><ul><ul><li>Gas </li></ul></ul></ul><ul><ul><li>Credit Cards </li></ul></ul><ul><ul><li>Mortgage </li></ul></ul><ul><ul><li>Automobile Loans </li></ul></ul><ul><ul><li>Financial Services Accounts </li></ul></ul><ul><li>Drivers License, Social Security Number </li></ul><ul><li>Your picture, reputation and Internet content! </li></ul>
  4. 4. How identity thieves GET your personal information <ul><li>Steal </li></ul><ul><ul><li>wallets and purses containing your identification and credit and bank cards. </li></ul></ul><ul><ul><li>your car, with insurance paperwork </li></ul></ul><ul><ul><li>your mail, including your bank and credit card statements, pre-approved credit offers, new checks, and tax information. </li></ul></ul><ul><ul><li>your hotel bill from under your door, you check out – they check in. </li></ul></ul><ul><li>Complete a “change of address form” to divert your mail to another location. </li></ul><ul><li>Dumpster Diving </li></ul><ul><li>Obtain credit reports fraudulently </li></ul><ul><li>They find personal information in your home and on the Internet. </li></ul><ul><li>Bribing co-workers and other internal employees </li></ul><ul><li>Phishing / Email Scams; Computer Hacks </li></ul>
  5. 5. Phishing / Pharming (new name, old game) - CERT Advisory <ul><li>http://www.cert.org/advisories/CA-1991-04.html </li></ul><ul><li>I. Description </li></ul><ul><li>The Computer Emergency Response Team/Coordination Center (CERT/CC) has received several incident reports concerning users receiving requests to take an action that results in the capturing of their password. The request could come in the form of an e-mail message, a broadcast, or a telephone call. The latest ploy instructs the user to run a &quot;test&quot; program, previously installed by the intruder, which will prompt the user for his or her password. When the user executes the program, the user's name and password are e-mailed to a remote site. We are including an example message at the end of this advisory. These messages can appear to be from a site administrator or root. In reality, they may have been sent by an individual at a remote site, who is trying to gain access or additional access to the local machine via the user's account. </li></ul><ul><li>While this advisory may seem very trivial to some experienced users, the fact remains that MANY users have fallen for these tricks (refer to CERT Advisory CA-91.03). </li></ul><ul><li>Issued in April of 1991! </li></ul>
  6. 6. Another Example - ATM Fascia <ul><li>Cyber conartists mimic ATM fascias inserting wireless transmitters </li></ul><ul><li>Example Protective Solution </li></ul><ul><ul><li>NCR Intelligent Fraud Detection </li></ul></ul><ul><ul><li>Senses devices added to the fascia including platic, metal and wood </li></ul></ul><ul><ul><li>http://www.ncr.com/ </li></ul></ul>
  7. 7. Others - Mini / Concealed Devices <ul><li>Be aware of your environment </li></ul><ul><li>Cameras are becoming integrated in to a number of devices *and cheap* </li></ul><ul><ul><li>http:// www.spygadgets.com / </li></ul></ul><ul><li>Cell Phones </li></ul><ul><ul><li>Badge snapshot and attempt to counterfeit? </li></ul></ul><ul><ul><li>Credit Card snapshot? </li></ul></ul><ul><li>Storage </li></ul><ul><ul><li>Flash devices (integrated storage) </li></ul></ul><ul><ul><li>http://www.peripheral.com/products/diskgo/default.htm </li></ul></ul><ul><li>Printers, Copiers, Fax Machines </li></ul><ul><li>Other Shared Computer Workstations and Terminals </li></ul>
  8. 8. How identity thieves USE your personal information <ul><li>Log in to your user accounts! (work or home) </li></ul><ul><li>They establish a new utility credit card or bank account in your name </li></ul><ul><li>Counterfeit checks or debit cards, and drain your bank account. </li></ul><ul><li>Give your name to the police during an arrest. If they’re released from police custody, but don’t show up for their court date, an arrest warrant is issued in your name. </li></ul>
  9. 9. And (privacyrights.org)
  10. 10. Example Identity Theft Response <ul><li>What could have prevented this from be problematic? </li></ul>
  11. 11. Example Identity Theft Response <ul><li>Should I feel comfortable with this situation? </li></ul>
  12. 12. Real Identities Stolen <ul><li>How were identities stolen? </li></ul><ul><ul><li>Stolen Laptop </li></ul></ul><ul><ul><li>Lost Backup Tapes </li></ul></ul><ul><ul><li>Hacking </li></ul></ul><ul><ul><li>Accidental Online Exposure </li></ul></ul><ul><ul><li>Email Exposure </li></ul></ul><ul><ul><li>Dishonest Insider </li></ul></ul><ul><ul><li>Passwords Compromised </li></ul></ul><ul><ul><li>File Boxes Left Unattended and Unshredded </li></ul></ul><ul><ul><li>Hard Drives Stolen </li></ul></ul><ul><ul><li>External Auditor Loses Internal CD </li></ul></ul>
  13. 13. Protecting Yourself
  14. 14. What are your valued assets <ul><li>Most physical and currency based good are recorded in electronic format with the physical representation discarded </li></ul><ul><li>Intellectual property resides in a number of common formats </li></ul><ul><ul><li>Digital </li></ul></ul><ul><ul><li>Verbal </li></ul></ul><ul><ul><li>Paper </li></ul></ul><ul><li>Types of Valued Goods </li></ul><ul><ul><li>Physical </li></ul></ul><ul><ul><li>Currency </li></ul></ul><ul><ul><li>Intellectual </li></ul></ul>
  15. 15. Information Protection <ul><li>Physical </li></ul><ul><ul><li>Paper, CD, DVD, CC Shredding </li></ul></ul><ul><ul><li>Storage Media – Incineration, Degaussing </li></ul></ul><ul><li>Electronic </li></ul><ul><ul><li>Data Encryption / Integrity Validation (Encrypting File Systems) </li></ul></ul><ul><ul><li>System Protective Controls (IPS, Spybot Detection) </li></ul></ul><ul><li>Verbal </li></ul><ul><ul><li>World War II : *Lose lips sink ships* <period> </li></ul></ul>
  16. 16. Protecting Yourself <ul><li>Simple Steps </li></ul><ul><ul><li>Identities are typically stolen for financial gain </li></ul></ul><ul><ul><ul><li>Protect and monitor your financial accounts </li></ul></ul></ul><ul><ul><ul><li>Cautiously enroll in a credit monitoring service </li></ul></ul></ul><ul><ul><li>Use separate web browsers for financial banking versus browsing </li></ul></ul><ul><ul><ul><li>Even better use separate computers or virtual machines if you are technically savvy </li></ul></ul></ul><ul><ul><li>Ensure protection / insurance options on any financial instrument </li></ul></ul><ul><ul><ul><li>Ex. IRAs / 401Ks </li></ul></ul></ul>
  17. 17. What Should You Do? <ul><li>Place a fraud alert on your credit reports and review your credit reports. </li></ul><ul><li>Close any accounts that have been tampered with or opened fraudulently. </li></ul><ul><li>File a report with your local police or the police in the community where the identity theft took place. </li></ul><ul><li>File a complaint with the FTC. </li></ul><ul><ul><li>www.consumer.gov/idtheft </li></ul></ul><ul><ul><li>877IDTHEFT </li></ul></ul>
  18. 18. Only Two Requirements <ul><li>Anyone can listen to your conversations </li></ul><ul><ul><li>It is not acceptable for any unauthorized person or system to affect the confidentiality, integrity or availability of communications and storage of valued assets. </li></ul></ul><ul><li>Anyone can steal assets from you </li></ul><ul><ul><li>Any asset loss must be protected so that there is NO loss of confidentiality, integrity or availability of the valued asset. </li></ul></ul>

×