Identity Theft A Presentation for the

1,270 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,270
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
26
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • According to the non-profit Identity Theft Resource Center, identity theft is sub-divided into four categories: Financial Identity Theft (using another's identity to obtain goods and services) Criminal Identity Theft (posing as another when apprehended for a crime) Identity Cloning (using another's information to assume his or her identity in daily life) Business/Commercial Identity Theft (using another's business name to obtain credit) Identity theft may be used to facilitate crimes including illegal immigration, terrorism, and espionage. Identity theft may also be a means of blackmail. There are also cases of identity cloning to attack payment systems, including medical insurance.
  • Thieves: Steal wallets and purses containing personal identification and credit/bank cards. Steal mail, including bank and credit card statements, pre-approved credit offers, new checks and tax information Complete a change of address form to divert mail to another location. Rummage through trash, or the trash of businesses, for personal data in a practice known as “dumpster diving” Find personal information in homes Use personal information individuals share on the Internet Send e-mail posing as legitimate companies or government agencies with which individuals do business. (phishing)
  • Thieves: Get information from the workplace in a practice known as “business record theft” by stealing files out of offices where a person is a customer, employee, patient or student, bribing an employee who has access to personal files, or “hacking” into electronic files. Eavesdrop on public transactions to obtain personal data (shoulder surfing) Drive by (pharming) Browse social network (MySpace, Facebook, Bebo etc) sites, online for personal details that have been posted by users Simply research about the victim in government registers, at the Internet, Google, etc.
  • The 2006 Identity Fraud Report offers 10 key data points on identity fraud: Identity fraud trends as Identified by the Better Business Bureau: The number of adult victims of identity fraud has declined marginally between 2003 and 2006, from 10.1 million people to 8.9 million people, in the United States The average fraud amount per case has increased from $5,249 to $6,383, over 2 years. As a result, the total one-year cost of identity fraud in the United States has remained relatively flat between 2003 and 2006, increasing from $53.2 billion to $56.6 billion The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses. This points out that businesses are victims of fraud as well Victims are spending more time to resolve identity fraud cases, which has increased from 33 hours in 2003 to 40 hours in 2006. Means of Access Most data compromise - 90 percent - takes place through traditional offline channels and not via the Internet, when the victim can identify the source of data compromise
  • Lost or stolen wallets, checkbooks or credit cards continue to be the primary source of personal information theft when the victim can identify the source of data compromise. (30 %). Almost half (47 %) of all identity theft is perpetrated by friends, neighbors, in-home employees, family members or relatives - someone known - when the victim can identify the perpetrator of data compromise. Nearly 70 % of consumers are shredding documents, so that trash as a source of data compromise is now less than 1 %. Note: 47% of victims could identify the source of the data compromise. 36% of victims could identify the person who misused their information. Demographic differences: The 65+ demographic age group has the smallest rate of identity fraud victims (2.3%). The 35-44 demographic age group has the highest average fraud amount ($9,435). (Note: victims' age was not found to be statistically related to Internet usage as compared to traditional types of fraud.)
  • The loss or theft of personal data such as credit-card and Social Security numbers soared in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information. And while companies, government agencies, schools and other institutions are spending more to protect ever- increasing volumes of data, the investment often is too little, too late. "More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than . . . seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity-theft victim. Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006. Another group, Attrition.org, estimates more than 162 million records compromised through Dec. 21 in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year. Mark Jewell The associated press December 31, 2007 BOSTON, OrlandoSentinel.com
  • The number of hours ID theft victims spent resolving the problem varies widely. Average is estimated at 40 hours, but over 5% reported that they spent 1,200 hours. 31% of all ID theft victims who spent more than 10 hours resolving the problems, 38% reported that the most difficult part was the dispute resolution process, and 34% reported that the practical consequences of the thief’s actions were the most difficult part of their experience. Another 26% said they were most affected by the emotional impact and stress. More than half of consumers (56%) who suffered new account fraud did not discover the fraud until after the first month, and for 24% of consumers, it took more than six months to discover new account fraud. A private study found that it took victims 134 days to discover new account fraud and 42 days to discover misuse of existing accounts. Nearly a third say they have been unable to repair their tainted identities — in some cases, a year after their personal information was stolen, according to a nationwide survey of 1,097 ID-theft victims released this week. Most victims on average spend 81 hours trying to resolve their cases. "For many, it takes time just to prove you didn't do it," says Kirk Herath, associate general counsel at Nationwide Mutual Insurance, which commissioned the June survey. About $4,000 in fraudulent charges are made under the name of the average victim, according to Nationwide. Though most consumers are reimbursed, 16% — many of them debit-card victims — end up shouldering some or all of the costs of fraudulent purchases.
  • Victims of new accounts and other frauds experienced one or more of these problems 68% of the time
  • Computers that are taken over this way often become part of a robot network, known as a “botnet” for short. A botnet, also known as a “zombie army,” usually is made up of tens or hundreds of thousands of home computers sending emails by the millions. Computer security experts estimate that most spam is sent by home computers that are controlled remotely, and that millions of these home computers are part of botnets. Spammers can install hidden software on your computer in several ways. First, they scan the Internet to find computers that are unprotected, and then install software through those “open doors.” Spammers may send you an email with attachments, links or images which, if you click on or open them, install hidden software. Sometimes just visiting a website or downloading files may cause a “drive-by download,” which installs malicious software that could turn your computer into a “bot.” The consequences can be more than just annoying: your Internet Service Provider (ISP) may shut down your account.
  • Drive-by pharming can occur because home router equipment is often left configured with default log-in and password information and never changed. “The attacks know what the defaults are,” Ramzan says. The simplest defense is to make sure home routers of any type have the default password settings changed.
  • The FBI suggests some key steps to protecting your computer from intrusion: Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection. Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users' knowledge. Most types of antivirus software can be set up to update automatically. Install or Update Your Antispyware Technology: Spyware is just what it sounds like— software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It's like buying groceries—shop where you trust. Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection. Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don't know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code. Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being "always on" renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker's connection—be it spyware or a botnet that employs your computer's resources to reach out to other unwitting users.
  • Checking your "sent items" file or "outgoing" mailbox for messages you did not intend to send. If you do find unknown messages in your out box, it’s a sign that your computer may be infected with spyware, and may be part of a botnet. This isn’t foolproof: many spammers have learned to hide their unauthorized access. Taking action immediately if your computer is infected. If your computer has been hacked or infected by a virus, disconnect from the Internet right away. Then scan your entire computer with fully updated anti-virus and anti-spyware software. Report unauthorized accesses to your ISP and to the FBI at www.ic3.gov. If you suspect that any of your passwords have been compromised, call that company immediately to change your password. Learning more about securing your computer at www.OnGuardOnline.gov. This site offers practical tips from the federal government and technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.
  • Safe Shopping Tips Shop Where You're Safe: Wi-Fi is great, but when you're shopping online it pays to use a secure connection. Look for the Padlock: Not sure you're logged onto a safe URL? Secure websites start with "https" rather than "http". In addition, your Web browser will always display a key or closed padlock icon Don't Shop at Random Stores: If the website you're dealing with still makes you raise an eyebrow, look them up on the Better Business Bureau's website Do Not Use Debit Cards: The Privacy Rights Clearinghouse recommends that consumers never use (or even carry) debit cards (also known as check cards) because of their risks and their limited consumer protections. Use a Virtual Credit Card: Virtual credit card numbers are linked to your credit card, but unlike your credit card, virtual numbers are only good for one transaction or limited to a predetermined dollar amount. They're available from most banks like Citi, Bank of America, and Discover, providing an extra layer of protection when shopping online
  • Misconception #1: "Consumers are helpless to protect themselves" In 63% of fraud cases, the point of compromise was either theft by close associates of the consumer (friends, family, neighbors, etc.), lost or stolen wallets, cards and checkbooks, breached home computers or stolen mail or trash. Consumers detect almost half (47%) of identity fraud cases. Self-detection is faster (averages 67 days vs. 101 days), results in smaller average fraud amounts ($4,431 vs. $8,466) and smaller consumer costs ($347 vs. $538). A key way to detect fraudulent accounts is through credit monitoring / reports. Eleven % of fraud cases were caught via this means. Misconception #2: "Consumers bear the brunt of the financial losses from identity fraud" Average out-of-pocket cost for identity fraud victims is $422 (7% of the average fraud amount of $6,383) down from $675 last year and $555 in 2003. Misconception #3: "Internet use increases the risks of identity fraud“ Data compromise through the Internet is statistically unchanged from last year (11% to 9% today). Internet use can lead to lower damages from identity fraud. Electronic account monitoring is the fastest way to detect fraud and leads to lower losses - (22 days and $3,806). Misconception #4: " Seniors are most frequent targets of fraud operators" Generation X (ages 25-34) has the highest rate of identity fraud at 5.4 percent. The average fraud amount for this demographic is $6,270 as compared to the average fraud amount for the 65+ segment which is $2,665.
  • Identity Theft A Presentation for the

    1. 1. Identity Theft A Presentation for the Florida Association of Computer User Groups Saturday March 8, 2008 Hewie Poplock [email_address]
    2. 2. What is Identity Theft? <ul><li>According to the non-profit Identity Theft Resource Center, identity theft is sub-divided into four categories: </li></ul><ul><li>Financial Identity Theft </li></ul><ul><li>Criminal Identity Theft </li></ul><ul><li>Identity Cloning </li></ul><ul><li>Business/Commercial Identity Theft </li></ul>
    3. 3. Today <ul><li>We are going to talk about Financial Identity Theft </li></ul>
    4. 4. Ways Identity Theft Can Occur <ul><li>Thieves: </li></ul><ul><li>Steal wallets and purses </li></ul><ul><li>Steal mail </li></ul><ul><li>Complete a change of address </li></ul><ul><li>Rummage through trash known as “dumpster diving” </li></ul><ul><li>Find personal information in homes </li></ul><ul><li>Use personal information individuals share on the Internet </li></ul><ul><li>Send e-mail posing as legitimate companies or government agencies (phishing) </li></ul>
    5. 5. Ways Identity Theft Can Occur <ul><li>Business record theft </li></ul><ul><li>Eavesdrop (shoulder surfing) </li></ul><ul><li>Drive by (pharming) </li></ul><ul><li>Browse social network </li></ul><ul><li>Simple research </li></ul>
    6. 6. Trends <ul><li>The 2006 Identity Fraud Report offers 10 key data points on identity fraud: </li></ul><ul><li>The number of adult victims of identity fraud has increased dramatically in 2007 </li></ul><ul><li>The average fraud amount has increased </li></ul><ul><li>The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses </li></ul><ul><li>Victims are spending more time to resolve identity fraud cases </li></ul><ul><li>Means of Access </li></ul><ul><li>90 percent of data compromise takes place through traditional offline channels </li></ul>
    7. 7. Trends (con’t) <ul><li>Lost or stolen wallets, checkbooks or credit cards continue to be the primary source </li></ul><ul><li>Almost half (47 %) of all identity theft is perpetrated by someone known </li></ul><ul><li>Nearly 70 % of consumers are shredding document </li></ul><ul><li>Demographic differences: </li></ul><ul><li>The 65+ demographic age group has the smallest rate of identity fraud victims (2.3%). </li></ul><ul><li>The 35-44 demographic age group has the highest average fraud amount ($9,435). </li></ul>
    8. 8. ID theft is only going to get worse <ul><li>The loss or theft of personal data soared in 2007 </li></ul><ul><li>Institutions are spending more to protect data, the investment often is too little, too late. </li></ul><ul><li>More data breaches - responding in a reactive way </li></ul><ul><li>Fourfold increase in 2007 from 2006 </li></ul><ul><li>Attrition.org, estimates more than 162 million records compromised through 2007 </li></ul><ul><li>Mark Jewell The associated press December 31, 2007 BOSTON, OrlandoSentinel.com </li></ul>
    9. 9. Time <ul><li>Hours resolving ID Theft - 40 to 1,200 hours. </li></ul><ul><li>Most difficult part was the dispute resolution process, then the practical consequences and by the emotional impact and stress. </li></ul><ul><li>More than half did not discover the fraud until after the first month </li></ul><ul><li>Nearly a third unable to repair identities a year after stolen </li></ul><ul><li>&quot;For many, it takes time just to prove you didn't do it.” </li></ul>
    10. 10. Consequences <ul><li>Personal expenses vary from $0 to $1,200 or more </li></ul><ul><li>Collection agency harassment </li></ul><ul><li>Denial of new credit </li></ul><ul><li>Being unable to use existing credit cards </li></ul><ul><li>Being unable to obtain loans </li></ul><ul><li>Utility shut off </li></ul><ul><li>Criminal investigation </li></ul><ul><li>Arrest </li></ul><ul><li>Civil suit </li></ul><ul><li>Difficulties opening or accessing bank accounts </li></ul>
    11. 11. Prevention <ul><li>Keep all sensitive wallets, documents, checkbooks and credit cards securely locked away at home and at work. </li></ul><ul><li>Keep passwords hidden (even in your own home) and change them frequently. </li></ul><ul><li>Do not respond to suspicious e-mails </li></ul><ul><li>Don't discard a computer without completely destroying the data on the hard drive. </li></ul><ul><li>Use secure passwords for your credit card, bank and phone accounts. </li></ul><ul><li>Secure personal information in your home and work </li></ul><ul><li>Don’t give out personal information over the phone, through the mail or over the internet </li></ul>
    12. 12. Prevention (con’t) <ul><li>Guard your mail and trash from theft </li></ul><ul><li>Before discarding, shred all private documents </li></ul><ul><li>opt-out of receiving free offers of credit </li></ul><ul><li>Only carry the id and credit/debit cards that you actually need </li></ul><ul><li>Notify your credit card company if you are planning to travel out of state. </li></ul><ul><li>Sign up for automatic payroll deposits </li></ul><ul><li>Review Credit Reports from each of the three major credit bureaus once a year </li></ul><ul><li>Use Online versions of bills, statements and checks </li></ul>
    13. 13. Data Theft <ul><li>Data theft touches 150,000 Massachusetts seniors </li></ul><ul><li>December 01, 2007 (IDG News Service) The state of Massachusetts is warning 150,000 members of its Prescription Advantage insurance program that their personal information may have been snatched by an identity thief. </li></ul><ul><li>Local authorities arrested a lone identity thief in August who had been using information taken from the program in an attempted identity theft scheme, said Alison Goodwin, a spokeswoman for the state's Executive Office of Health and Human Services. </li></ul><ul><li>Goodwin could not add many details on the nature of the breach, citing an ongoing criminal investigation, but she said Prescription Advantage is conducting an internal review of the incident to determine if additional security measures might be required. </li></ul>
    14. 14. Means of Access
    15. 16. 2007 Security Hall of Shame <ul><li>Framingham, Mass.- based retailer TJX. The breach it disclosed in January (several months after the fact) was the biggest ever involving payment card data. </li></ul><ul><li>TJX itself claimed that over 45.6 million cards belonging to customers were compromised in an intrusion that went undetected for over 18 months </li></ul><ul><li>The U.K's VA: HMRC misplaces records on 25 million kids In November, the United Kingdom's HMRC (Her Majesty's Revenue and Customs) department managed to achieve VA-level snafu status when it disclosed that it lost computer disks containing personal information on 25 million juvenile benefit claimants </li></ul><ul><li>Personal information on over 8.5 million individuals was compromised when a senior database administrator working for Certegy Check Services Inc., a subsidiary of Fidelity National, illegally downloaded the data and sold it to brokers. </li></ul><ul><li>TD Ameritrade Holding Corp. Brokerage firm Ameritrade in September disclosed that someone had broken into one of its systems and stolen contact information such as names, addresses and phone numbers belonging to all of its more than 6.2 million retail and institutional customers. </li></ul><ul><li>Monster.com Names, e-mail addresses, mailing addresses, phone numbers and resume IDs belonging to an estimated 1.6 million job seekers were accessed from Monster.com's resume database in August. </li></ul><ul><li>Supervalu gets phished Eden Prairie, Minn.-based grocery chain Supervalu in February was conned into sending $10 million to two fake bank accounts by phishers posing as employees working for two of the company's approved suppliers. </li></ul><ul><li>Computerworld </li></ul>
    16. 17. Breaches <ul><li>Here is a 145 page list of Data breaches from January,2005 to February 2008 </li></ul>
    17. 18. Botnet Arrests
    18. 19. Detraction <ul><li>Do NOT leave your purse in your shopping cart </li></ul><ul><li>Video </li></ul>
    19. 20. Bank ATMs converted to steal bank customer IDs <ul><li>A team of organized criminals installs equipment on legitimate bank ATMs to steal both the ATM card number and the PIN. </li></ul>
    20. 21. Equipment being installed on front of existing bank card slot.
    21. 22. The equipment as it appears installed over the normal ATM bank slot.
    22. 23. The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure. The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure. The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure. The PIN reading camera being installed on the ATM is housed in an innocent looking leaflet enclosure.
    23. 24. The camera shown installed and ready to capture PINs by looking down on the keypad as you enter your PIN.
    24. 26. FBI Computer Advice <ul><li>Keep Your Firewall Turned On </li></ul><ul><li>Install or Update Your Antivirus Software </li></ul><ul><li>Install or Update Your Antispyware Technology </li></ul><ul><li>Keep Your Operating System Up to Date </li></ul><ul><li>Be Careful What You Download </li></ul><ul><li>Turn Off Your Computer </li></ul>
    25. 27. Some Additional Advice <ul><li>Checking your &quot;sent items&quot; file or &quot;outgoing&quot; mailbox for messages you did not intend to send </li></ul><ul><li>Taking action immediately if your computer is infected </li></ul><ul><li>Learning more about securing your computer at http://www.OnGuardOnline.gov </li></ul>
    26. 28. Florida Law <ul><li>1. Seniors over 65 can freeze all three CRB for free, as well as those who have had identity theft </li></ul><ul><li>2. Seniors over 65 can permanently unfreeze the accounts for free </li></ul><ul><li>3. Seniors over 65 have to pay the $10 to temporarily unfreeze and pay $10 to re-freeze any or each CRB for any reason </li></ul><ul><li>4. The fee does not apply to victims of identity theft </li></ul>
    27. 29. Safe On-Line Shopping <ul><li>Shop Where You're Safe </li></ul><ul><li>Look for the Padlock </li></ul><ul><li>Don't Shop at Random Stores </li></ul><ul><li>Do Not Use Debit Cards </li></ul><ul><li>Use a Virtual Credit Card </li></ul>
    28. 30. Temporary Credit Cards 1
    29. 31. Temporary Credit Cards 2
    30. 32. Temporary Credit Cards 3
    31. 33. Temporary Credit Cards 4
    32. 34. Temporary Credit Cards 5
    33. 35. Temporary Credit Cards 6
    34. 36. If You are a Victim <ul><li>Place a fraud alert on your credit reports and review your credit reports </li></ul><ul><li>Place a security freeze on your credit reports. </li></ul><ul><li>Close any accounts that have been tampered with or opened fraudulently. </li></ul><ul><li>File a police report and ask for a copy for your records </li></ul><ul><li>File a complaint with the Federal Trade Commission and the Attorney General’s Office. </li></ul><ul><li>Write down the name of anyone you talk to, what s/he told you, and the date of the conversation. </li></ul>
    35. 37. If You are a Victim (con’t) <ul><li>Follow-up in writing with all contacts you have made about the identity theft on the phone or in person. Use certified mail, return receipt requested, for all correspondence regarding identity theft. </li></ul><ul><li>Keep all copies of all correspondence or forms relating to identity theft. </li></ul><ul><li>Keep the originals of supporting documentation, like police reports and letters to and from creditors; send copies only. </li></ul><ul><li>Keep old files, even if you believe the problem is resolved. If it happens again, you will be glad you did. </li></ul>
    36. 38. <ul><li>Most digital copiers manufactured in the past five years have disk drives to reproduce documents. </li></ul><ul><li>The same machines that are commonly used to spit out copies of tax returns for millions of Americans can retain the data being scanned. </li></ul><ul><li>If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands. </li></ul>
    37. 40. Some Videos
    38. 41. Purse Theft Advisory
    39. 42. Children & ID Theft <ul><li>Protect your children </li></ul><ul><li>The latest tactic these crooks are using is to steal the identity of children, preferably infants! </li></ul><ul><li>Order a credit report on each of your minor children at least once each year. </li></ul>
    40. 43. The Bad Guys Do Get Caught
    41. 44. Users often to blame
    42. 45. Clarifying Four Key Misconceptions Surrounding Identity Fraud <ul><li>Misconception #1: &quot;Consumers are helpless to protect themselves“ </li></ul><ul><li>Misconception #2: &quot;Consumers bear the brunt of the financial losses from identity fraud“ </li></ul><ul><li>Misconception #3: &quot;Internet use increases the risks of identity fraud“ </li></ul><ul><li>Misconception #4: &quot; Seniors are most frequent targets of fraud operators” </li></ul>
    43. 46. A Final Word <ul><li>Think! </li></ul>

    ×