Protecting Your Identity:
*Detect
*Deter
*Defend
Diane M. Duhe
December 2011
What is Identity Theft?
 Identity theft is often committed to facilitate other crimes such as credit card fraud, document...
Some data
 In 2010, about 8.1million Americans were reportedly victims of identity fraud
 The average identity fraud vic...
In April 2007, the Identity Theft Task Force authored a strategic plan for
combating identity theft by making recommendati...
Red Flags Rule
 The Identity Theft Red Flags Rule, issued in 2007, requires creditors and financial
institutions to imple...
How identity thieves GET your personal information:
Identity thieves can use a variety of high/low tech means to gain acce...
How identity thieves GET your personal information:
 Spoofing: Forging an emails “sent” field, to make it appear as if it...
How identity thieves GET your personal information:
Through other forms of old-fashioned fraud and theft...
Stealing:
mai...
SKIMMING
 As cash machine fraud soars by 85%, the
banking industry and police have warned
consumers about fraudsters' use...
 The images below show how easily the devices fit to cash machines and
how difficult they are to spot if you don't know w...
 Step one
The skimming device is fitted into the ATM's
card slot. The device will scan and store
personal card details wh...
 Step two
Next, a strip of metal containing a hidden pinhole
camera is affixed to the top of the ATM. It will
record the ...
 Step three
The rigged ATM is now ready to roll. All that's
needed is an unsuspecting customer.
 Step four
While a customer has swiped their card and is keying in
their PIN number, the criminal is around the corner wi...
DETECT
 While you can't entirely control whether you will become
a victim of identity theft, you can minimize your risk.
...
DETECT
 How to identify “phishing” email
DETECT
Email Sender
The “Sender” field will contain realistic-looking
information, and may actually be a legitimate name
...
DETECT
Email Greeting
Many spoof emails will begin with a
general greeting such as:
"Welcome Member”, “Dear Customer”
DETECT
Sense of Urgency
The email claims that the organization is
updating its files or accounts,
Appears concerned abou...
DETECT
Account Status Threat
Conveys a feeling that your account is in
jeopardy if you do not respond immediately.
DETECT
Links in the Email Request Personal Information
Requires that you enter sensitive personal
information (User ID, p...
DETECT
 You can count on the fact that a Spoof
email will take you to a fake Web site.
 Take a look at the following exa...
DETECT
 Can you tell if these are legitimate or
phishing?
Want to do more?
 http://money.howstuffworks.com/personal-finance/banking/identity-theft-quiz.htm
 http://www.sonicwall....
DETER
 The good news about Spoof emails is that
you are in control - you can protect your
personal financial information ...
DETER
Safeguard your information
 SHRED financial documents and paperwork
before you discard them.
 PROTECT your social ...
DETER
Safeguard your information
PASSWORDS-
Don’t use obvious passwords like names, your birth-date
or the last 4 of your...
DETER
 Some phishing emails contain software that can
harm your computer or track your activities on
the Internet without...
DETER
Safeguard your information
Reliable free versions of firewall, anti-virus and anti-
spyware software:
http://free.gr...
DETER
 A firewall helps make you invisible on the
Internet and blocks all communications from
unauthorized sources. It’s ...
Tips for Using Public Wi-Fi Networks
 Wi-Fi hotspots in coffee shops, libraries, airports, hotels, etc. are convenient, b...
 Don’t stay permanently signed in to accounts. When you’ve finished using an
account, log out.
 If you think you’re logg...
More tips
Don’t use the same password on different websites. It could give someone who gains access
to one of your accoun...
HOW IDENTITY THEFT HAPPENS THROUGH SOCIAL
NETWORKING SITES
 In order to use and fully benefit from social networking site...
Examples:
A man receives a message from one of his friends which has a link to a funny video, so
he clicks on it. The lin...
DEFEND
 How to avoid becoming a victim
DEFEND
 If you get an email or pop-up message that asks for
personal or financial information, do not reply. And don’t
cl...
DEFEND
 If you think you entered your personal financial
information into a spoof site, contact your bank and
credit card...
DEFEND
Email is not a secure method of transmitting personal information.
Don’t email personal or financial information....
DEFEND
 Review credit card and bank account statements as soon as you
receive them to check for unauthorized charges. If ...
DEFEND
 Forward phishing emails to:
spam@uce.gov
and to the company, bank, or organization
impersonated in the phishing e...
DEFEND
 If you believe you’ve been scammed, file
your complaint:
http://www.ftc.gov
and then visit the FTC’s Identity The...
DEFEND
 You can learn other ways to avoid email
scams and deal with deceptive spam
here:
ftc.gov/spam.
DEFEND
 Vigilance is the best line of defense -. Periodically
check your accounts, your credit report, periodically
chang...
DEFEND
 The FTC works for the consumer to prevent
fraudulent, deceptive and unfair business
practices in the marketplace ...
References
 Federal trade commission, Fighting back Against Identity Theft, http://www.ftc.gov
 PowerToLearn, Cablevisio...
Protecting Your Identity On-line
Protecting Your Identity On-line
Protecting Your Identity On-line
Protecting Your Identity On-line
Protecting Your Identity On-line
Protecting Your Identity On-line
Upcoming SlideShare
Loading in...5
×

Protecting Your Identity On-line

662

Published on

Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge. It can be used to commit fraud or other crimes. It can cost you time, and money. It can destroy your credit or ruin your reputation. Identity theft is often committed to facilitate other crimes such as credit card fraud, document fraud, or
employment fraud.

Identity theft has remained the dominant consumer fraud complaint to the Federal Trade Commission (FTC).

Published in: Economy & Finance, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
662
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Protecting Your Identity On-line

  1. 1. Protecting Your Identity: *Detect *Deter *Defend Diane M. Duhe December 2011
  2. 2. What is Identity Theft?  Identity theft is often committed to facilitate other crimes such as credit card fraud, document fraud, or employment fraud. Identity theft has remained the dominant consumer fraud complaint to the Federal Trade Commission (FTC). The number of overall identity theft complaints generally increased between when the FTC began recording identity theft complaints in 2000 and 2008 The number of complaints decreased in both 2009 and 2010. The numbers of aggravated identity theft cases (when someone “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person” in the commission of particular felony violations) filed and defendants convicted have continued to increase. Aggravated identity theft carries an enhanced two-year prison sentence for most specified crimes and an enhanced five-year sentence for specified terrorism violations. Congress passed the Identity Theft Enforcement and Restitution Act of 2008 which authorizes restitution to identity theft victims for their time spent recovering from the harm caused by the actual or intended identity theft. Identity theft is a serious crime. It occurs when your personal information is stolen and used without your knowledge. It can be used to commit fraud or other crimes. It can cost you time, and money. It can destroy your credit or ruin your reputation.
  3. 3. Some data  In 2010, about 8.1million Americans were reportedly victims of identity fraud  The average identity fraud victim incurred a mean of $631 in costs  Cost households a total of $13.3 billion in 2010 in direct financial losses  The mean resolution time: 25 hours per victim  The President’s Identity Theft Task Force (Task Force) was established in May 2006 by Executive Order 13402.  The task force was created to coordinate federal agencies in their efforts against identity theft, and it was charged with creating a strategic plan to combat identity theft.  It was composed of representatives from 17 federal agencies.
  4. 4. In April 2007, the Identity Theft Task Force authored a strategic plan for combating identity theft by making recommendations in four primary areas: • preventing identity theft by keeping consumer data out of criminals’ hands, • preventing identity theft by making it more difficult for criminals to misuse consumer data, • assisting victims in detecting and recovering from identity theft, and • deterring identity theft by increasing the prosecution and punishment of identity thieves.
  5. 5. Red Flags Rule  The Identity Theft Red Flags Rule, issued in 2007, requires creditors and financial institutions to implement identity theft prevention programs. It is implemented pursuant to the Fair and Accurate Credit Transactions (FACT) Act of 2003 (  The FACT Act amended the Fair Credit Reporting Act (FCRA)24 by directing the FTC, along with the federal banking agencies and the National Credit Union Administration, to develop Red Flags guidelines.  These guidelines require creditors and financial institutions with “covered accounts" to develop and institute written identity theft prevention programs.  According to the FTC, the identity theft prevention programs required must provide for: • identifying patterns, practices, or specific activities—known as “red flags”—that could indicate identity theft • incorporating those red flags into the identity theft prevention program • detecting those red flags • responding to the detection of red flags • updating the identity theft prevention program periodically to reflect changes  Possible “red flags” could include • alerts, notifications, or warnings from a consumer reporting agency
  6. 6. How identity thieves GET your personal information: Identity thieves can use a variety of high/low tech means to gain access to your personal information. Here are some of the ways these imposters can get your personal information and take over your identity— Business Record Theft: They get your information from businesses or institutions by stealing files out of offices where you're a customer, employee, patient or student; or bribing an employee who has access to your files; or even "hacking" into the organization's computer files. Shoulder Surfing: A "shoulder-surfing" identity thief, standing next to you in a checkout line, can memorize your name, address and phone number during the short time it takes you to write a check. An identity thief can stand near a public phone and watch you punch in your phone or credit card numbers (or even listen in when you give your credit-card number over the phone for a hotel room or rental-car.) Dumpster Diving: They rummage through your trash, or the trash of businesses, and landfills for personal data.  Under the guise of authority: They fraudulently obtain credit reports by abusing their employer's authorized access to credit reports, or by posing as landlords, employers or others who may have a legitimate need/right to the information.
  7. 7. How identity thieves GET your personal information:  Spoofing: Forging an emails “sent” field, to make it appear as if it came from somewhere or someone other than the actual source.  Phishing: An attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy source. Usually carried out by email. A form of “social engineering”.  Social Engineering: A collection of techniques used to manipulate people into divulging confidential information or allowing computer system access. In most cases the attacker never comes face-to-face with the victim.  Skimming- stealing credit card numbers by using a special storage device when processing your card.  Change of address form- Diverting your billing statements to another location by completing a “change of address” form through the USPO.  Malware/Trojan Horses: Can arrive as an email attachment or pop-up promising anything from a screen saver, a prize, an anti-virus upgrade, a system upgrade, cute icons or cursors. Takes advantage of the victims' curiosity or need. Victims succumb by opening the attachment or clicking the pop-up link.
  8. 8. How identity thieves GET your personal information: Through other forms of old-fashioned fraud and theft... Stealing: mail, bank/credit card statements, pre-approved credit card offers, new checks, tax information, personnel records, wallets and purses containing identification and credit and bank cards. Taking personal information from your home.
  9. 9. SKIMMING  As cash machine fraud soars by 85%, the banking industry and police have warned consumers about fraudsters' use of skimming devices which read card details, and hidden cameras, which record as the pin number is entered.
  10. 10.  The images below show how easily the devices fit to cash machines and how difficult they are to spot if you don't know what to look for.  Before This is what an ATM should look like.
  11. 11.  Step one The skimming device is fitted into the ATM's card slot. The device will scan and store personal card details when the card is swiped.
  12. 12.  Step two Next, a strip of metal containing a hidden pinhole camera is affixed to the top of the ATM. It will record the victims PIN number as it is entered on the key pad.
  13. 13.  Step three The rigged ATM is now ready to roll. All that's needed is an unsuspecting customer.
  14. 14.  Step four While a customer has swiped their card and is keying in their PIN number, the criminal is around the corner with his laptop, waiting for the wireless skimming device to transmit the card data. This data is used to create a cloned card which can be used immediately with the camera- recorded PIN.
  15. 15. DETECT  While you can't entirely control whether you will become a victim of identity theft, you can minimize your risk.  If an identity thief is opening credit accounts in your name, these accounts will show up on your credit report.  You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.
  16. 16. DETECT  How to identify “phishing” email
  17. 17. DETECT Email Sender The “Sender” field will contain realistic-looking information, and may actually be a legitimate name or entity. However, even if a legitimate name, it does not mean that the email was actually sent from that source. If it was not sent from that source, this means that the “Sender” address was faked or “spoofed”.
  18. 18. DETECT Email Greeting Many spoof emails will begin with a general greeting such as: "Welcome Member”, “Dear Customer”
  19. 19. DETECT Sense of Urgency The email claims that the organization is updating its files or accounts, Appears concerned about your account, your safety and/or security
  20. 20. DETECT Account Status Threat Conveys a feeling that your account is in jeopardy if you do not respond immediately.
  21. 21. DETECT Links in the Email Request Personal Information Requires that you enter sensitive personal information (User ID, password or bank account number) by clicking on a link or completing a form within the email. These links can be forged- they may not “link” to where they say they are linking.
  22. 22. DETECT  You can count on the fact that a Spoof email will take you to a fake Web site.  Take a look at the following example. Often, the link in the email will not match the URL of the site it takes you to.
  23. 23. DETECT  Can you tell if these are legitimate or phishing?
  24. 24. Want to do more?  http://money.howstuffworks.com/personal-finance/banking/identity-theft-quiz.htm  http://www.sonicwall.com/phishing/  http://powertolearn.com/internet_smarts/interactive_case_studies/index.shtml
  25. 25. DETER  The good news about Spoof emails is that you are in control - you can protect your personal financial information by ignoring the spoof altogether. You should never provide contact, sign-in or other sensitive personal information in an email, to anyone.
  26. 26. DETER Safeguard your information  SHRED financial documents and paperwork before you discard them.  PROTECT your social security number. Don’t carry your social security card in your wallet or write it on a check.  DON’T GIVE personal information on the phone, through email or on the internet unless you KNOW who you are dealing with.
  27. 27. DETER Safeguard your information PASSWORDS- Don’t use obvious passwords like names, your birth-date or the last 4 of your social. Never share your passwords. Keep personal information in a secure place, especially if you have roommates, employ outside help, are having work done in your home or frequently have visitors whom you do not know personally- including your teen’s friends and acquaintances.
  28. 28. DETER  Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. (Spyware)  Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for suspicious files. Look for anti-virus software that updates itself automatically.
  29. 29. DETER Safeguard your information Reliable free versions of firewall, anti-virus and anti- spyware software: http://free.grisoft.com/ -AVG Antivirus (includes free anti-spyware) http://www.safer-networking.org – Free Anti- Spyware http://www.zonealarm.com – Free firewall
  30. 30. DETER  A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection.  Operating systems (like Windows) or browsers (like Internet Explorer or Netscape, or Mozilla) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.
  31. 31. Tips for Using Public Wi-Fi Networks  Wi-Fi hotspots in coffee shops, libraries, airports, hotels, etc. are convenient, but they’re often not secure. When using a hotspot, it’s best to only send information to websites that are fully encrypted.  Never assume that a Wi-Fi Hotspot is Secure. Most Wi-Fi hotspots are not secure.  If you use an unsecured network to log in to an unencrypted site – or a site that uses encryption only on the sign-in page – other users on the network can see what you see and what you send. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.  Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so that it’s not accessible to others.  *To determine if a website is encrypted, look for https at the beginning of the web address (the “s” is for secure). Some websites use encryption only on the sign-in page, but if any part of your session isn’t encrypted, your entire session could be vulnerable. Look for https on every page you visit, not just when you sign in .
  32. 32.  Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.  If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out.  You can be confident a hotspot is secure only if it asks you to provide a password. WEP and WPA are the most common types of Wi-Fi security. WPA2 is the strongest.  An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.  If you send email, share digital photos and videos, use social networks, or bank online, you’re sending personal information over the internet. The information you share is stored on a server – (a powerful computer that collects and delivers content.) Many websites will use encryption to protect your information as it travels from your computer to their server.  Look for https at the beginning of the web address on every page you visit, not just when you sign in.
  33. 33. More tips Don’t use the same password on different websites. It could give someone who gains access to one of your accounts access to MANY of your accounts. Many web browsers alert users who land on fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up- to-date. Installing browser add-ons or plug-ins can help, too. For example, Force-TLS and HTTPS- Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They don’t protect you on all websites – look for https in the URL to know a site is secure: → Https://examplewebsitename.com ←
  34. 34. HOW IDENTITY THEFT HAPPENS THROUGH SOCIAL NETWORKING SITES  In order to use and fully benefit from social networking sites, some level of personal information must be divulged. This adds the risk of identity theft . Below are some of the ways that you might put yourself at risk;  Using low privacy or no privacy settings  Accepting invitations to connect from unfamiliar persons or contacts  Downloading free applications for use on your profile  Giving your password or other account details to people you know  Participating in quizzes (e.g. How well do you know me?) which may require you to divulge a lot of personal information  Clicking on links that lead you to other websites, even if the link was sent to you by a friend or posted on your friend’s profile  Falling for email scams (phishing) that ask you to update your social networking profiles  Using no or out-of-date security software to prevent malicious software from being loaded onto your computer and stealing personal information
  35. 35. Examples: A man receives a message from one of his friends which has a link to a funny video, so he clicks on it. The link does not bring up a video. The friend’s profile had been hacked, and now a form of malicious software is being downloaded onto the man’s computer as a result of his clicking the link. This malware is designed to provide a way for an identity thief to take personal information from the man’s system. It additionally sends a similar email to everybody he is connected with on his profile, asking them to “view the video”. Downloading free applications and software can be sources of this type of malicious software, too. Someone has hacked a woman’s social networking profile to harass her and sabotage her online reputation. They are posting embarrassing photos and rude comments on her profile. These photos and comments appear to be from her and are directed to her network of contacts. Although she has used the highest level of privacy settings, she has shared too much information online with others. Someone used her posted information to fraudulently access her profile. A Always remember, that even though your profile may be set to “private”, treat everything you post online as public.
  36. 36. DEFEND  How to avoid becoming a victim
  37. 37. DEFEND  If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either.  Legitimate companies don’t ask for this information via email.
  38. 38. DEFEND  If you think you entered your personal financial information into a spoof site, contact your bank and credit card company immediately.  If you are concerned about your account, contact the organization mentioned in the email using a telephone number that is genuine, or open a new Internet browser session and type in the company’s correct Web address.  Don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually take you to a different site.
  39. 39. DEFEND Email is not a secure method of transmitting personal information. Don’t email personal or financial information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure:  a “lock” icon on the browser’s status bar  the URL for the website begins with “https:”  Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  40. 40. DEFEND  Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.  Order a free credit report from: www.AnnualCreditReport.com  Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. Don’t click on pop-ups. These files can contain viruses or other software that can damage or infiltrate your computer’s security.  Use the URL checker, a free widget from trendMicro: http://www.idtheftcenter.org/live-scam-news.shtml
  41. 41. DEFEND  Forward phishing emails to: spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
  42. 42. DEFEND  If you believe you’ve been scammed, file your complaint: http://www.ftc.gov and then visit the FTC’s Identity Theft website: www.consumer.gov/idtheft.
  43. 43. DEFEND  You can learn other ways to avoid email scams and deal with deceptive spam here: ftc.gov/spam.
  44. 44. DEFEND  Vigilance is the best line of defense -. Periodically check your accounts, your credit report, periodically change your passwords, and keep them private.  Place a “Fraud alert” on your credit reports and review your reports periodically  Close accounts that have been tampered with or established fraudulently.  File a police report, report the theft to the Federal Trade Commission: ftc.gov/idtheft or 1-877-438-4338
  45. 45. DEFEND  The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them.  To file a complaint or to get free information on consumer issues, visit www.ftc.gov.  The FTC enters fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
  46. 46. References  Federal trade commission, Fighting back Against Identity Theft, http://www.ftc.gov  PowerToLearn, Cablevisions education Initiative, http://powertolearn.com/internet_smarts/interactive_case_studies/index.shtml  Identity Theft Resource Center (ITRC)Working to resolve Identity Theft, http://www.idtheftcenter.org  Kristin M. Finklea,Specialist in Domestic Security, Identity Theft: Trends and Issues, February 15, 2012, http://www.fas.org/sgp/crs/misc/R40599.pdf  ALINA TUGEND, New York Times, Preventing Identity Theft Without Paying Monthly Fees, February 10, 2012 , http://www.nytimes.com/2012/02/11/your-money/identity-theft/identity-theft- prevention-can-be-cheap-and-easy.html?_r=1&ref=identitytheft
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×