GREATER CLEVELAND PC
USERS’ GROUP

IDENTITY THEFT
January 11, 2014
By Ira Wilsker
Some slides are from an ORIGINAL Present...
JANUARY 10, 2014: Personal info stolen
from 70M customers, company says
The nation's second largest discounter said
Friday that hackers stole personal
information — including names, phone
number...
DEBIT AND CREDIT
CARD INFORMATION
STOLEN FROM TARGET
FOR SALE ONLINE
THE ADDRESS IN THE “COUNTRY” COLUMN IS THE LOCATION
OF THE TARGET STORE WHERE THAT CARD WAS USED
FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM
TARGET FETCH PREMIUM PRICES – ALSO NOTICE
“MATURITY” OF CARDS vs. PRICE
THESE A...
FOREIGN CREDIT AND DEBIT CARDS STOLEN
FROM TARGET FETCH PREMIUM PRICES – ALSO
NOTICE THAT “QUALITY” CARDS WITH HIGHER
CRED...
MANY OF THESE CREDIT CARD SELLING SITES ARE LOCATED IN
RUSSIA OR EASTERN EUROPE – ONES ABOVE ARE RUN BY A
RUSSIAN WITH THE...
THERE HAS BEEN
NO PUBLIC DISCLOSURE
ABOUT THE METHOD USED TO
OBTAIN THE TARGET CREDIT
CARD INFORMATION, BUT
MANY SECURITY ...
BULLETIN: Dated January 14, 2014 – KREBS ON SECURITY
2011 EXAMPLE THAT LED TO MASSIVE
“SPEAR PHISHING” ATTACKS
APRIL 4, 2011 – Millions Exposed to
Potential IDENTITY THEFT!
Dallas – The customer lists of about 2500 corporate clients ...
1-800-FLOWERS
AbeBook
AIR MILES Rewards
Ameriprise
Ann Taylor
Barclays Bank of Delaware
Barclay's L.L. Bean Visa
Beachbody...
The millions of customers of these
companies may become the targets of
PHISHING or SPEAR PHISHING.
PHISHING uses spoofed o...
SPEAR PHISHING is a similar form of
IDENTITY THEFT but the emails are
targeted to specific users. Since the
cyber crook ha...
AUTHENTIC
WARNING ABOUT
EPSILON BREACH
7:42PM APRIL 4
THIS IS THE GENUINE WARNING
ALL OF THESE LINKS LOOK REAL, BUT
REALLY CONNECT TO A CROOK IN RUSSIA!
A MORE TRADITIONAL PHISHING EMAIL
NOTE THAT THE CROOK IS ASKING
FOR THE DEBIT CARD NUMBER,
SECURITY CODE AND PIN NUMBER!
THIS WOULD NO LONGER BE YOUR
DEBIT ...
NOTE THE SPELLING IN THE
URL…
“orangesavLngs.com
Domain Name: ORANGESAVLNGS.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES
WORLDWIDE
Whois Server: whois.melbournei...
NOTE CORRECT URL ABOVE
Identity theft is not just an
unauthorized charge on a credit
card anymore.
Identity theft, according to the
Federal Trade...
Types of Identifiers
• Personal:
–
–
–
–
–

Name and Date of Birth
Social Security Number
Address and phone numbers
Driver...
Official US Gov’t ID THEFT WEBSITE

http://www.ftc.gov/idtheft (redirects)

ftc.gov/idtheft (redirects)
1-877-ID THEFT
FREE
PUBLICATIONS
FROM THE
FEDERAL
TRADE
COMMISSION
FTC.GOV/idtheft
2013 IDENTITY THEFT REPORT
from JAVELIN RESEARCH (2/13)
Identity fraud incidents and amount
stolen increased—The number of...
1 in 4 data breach notification recipients
became a victim of identity fraud—This
year, almost 1 in 4 consumers that recei...
DECEMBER 12, 2013

http://www.bjs.gov

16.6 MILLION PEOPLE EXPERIENCED IDENTITY THEFT IN 2012
Financial losses totaled $24...
In 2012, the misuse or attempted misuse of an
existing account was the most common type of
identity theft — experienced by...
SOURCE: http://www.bjs.gov/content/pub/pdf/vit12.pdf
SOURCE: FTC

SOURCE: BJS
Arizona, California, Florida, Texas, and Nevada are the top 5 states for Identity Theft

OHIO IS RANKED 29th IN
IDENTITY T...
PHISHING
Note the warning in the subject
line of the email below
LINK ABOVE LOOKS AUTHENTIC
NOTE INTERNET ADDRESS IN THE ADDRESS BAR IT IS
LOCATED IN KOREA
WHOSE CREDIT CARD IS IT NOW? WHAT HAPPENS NEXT?
FORWARD TO: spoof@paypal.com
EBAY PHISHING TO STEAL PASSWORDS

LINK ABOVE LOOKS AUTHENTIC
NOTE INTERNET ADDRESS IN THE ADDRESS BAR – IT IS IN INDIA

Forward to: spoof@ebay.com
PHISHING

COMPARE THE LINKS; DOES IT
LOOK SUSPICIOUS?
Now who can access the victims’ information?
This site was registered in Missouri, but hosted in TAIWAN!
Others were hoste...
LINK ABOVE LOOKS AUTHENTIC

There are only 5 questions that you must answer before you receive your $250 reward.
Once you ...
NOW THE
CYBER CROOK
HAS ALL OF
YOUR
INFORMATION
INCLUDING
CREDIT CARD,
DL, AND
MOTHER’S
MAIDEN NAME.
WHAT CAN HE
DO WITH T...
INCOME TAX PHISHING IS
MOST COMMON AROUND
TAX TIME.
NOTE THAT THIS RUSSIAN
CROOK WOULD HAVE
CREDIT CARD AND PIN
NUMBER

ht...
Credit Report Example

http://www.annualcreditreport.com
Prevention – Personal Awareness
• Do not give out personal identifier information
over the phone or Internet.
• Stay infor...
Ira Wilsker
iwilsker@sbcglobal.net
Ira Wilsker's January 2014 Identity Theft Presentation
Ira Wilsker's January 2014 Identity Theft Presentation
Ira Wilsker's January 2014 Identity Theft Presentation
Ira Wilsker's January 2014 Identity Theft Presentation
Upcoming SlideShare
Loading in …5
×

Ira Wilsker's January 2014 Identity Theft Presentation

1,657 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,657
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ira Wilsker's January 2014 Identity Theft Presentation

  1. 1. GREATER CLEVELAND PC USERS’ GROUP IDENTITY THEFT January 11, 2014 By Ira Wilsker Some slides are from an ORIGINAL Presentation by Sgt. Eric Gilbert and Sgt. Hiland Priddy, Texas Department of Public Safety (DPS) for mandatory Texas Law Enforcement Officer In Service Training
  2. 2. JANUARY 10, 2014: Personal info stolen from 70M customers, company says
  3. 3. The nation's second largest discounter said Friday that hackers stole personal information — including names, phone numbers as well as email and mailing addresses — from as many as 70 million customers as part of a data breach it discovered in December. Target said in December that customers' names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been
  4. 4. DEBIT AND CREDIT CARD INFORMATION STOLEN FROM TARGET FOR SALE ONLINE
  5. 5. THE ADDRESS IN THE “COUNTRY” COLUMN IS THE LOCATION OF THE TARGET STORE WHERE THAT CARD WAS USED
  6. 6. FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM TARGET FETCH PREMIUM PRICES – ALSO NOTICE “MATURITY” OF CARDS vs. PRICE THESE ARE DEBIT CARDS
  7. 7. FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM TARGET FETCH PREMIUM PRICES – ALSO NOTICE THAT “QUALITY” CARDS WITH HIGHER CREDIT LIMITS FETCH HIGHER PRICES
  8. 8. MANY OF THESE CREDIT CARD SELLING SITES ARE LOCATED IN RUSSIA OR EASTERN EUROPE – ONES ABOVE ARE RUN BY A RUSSIAN WITH THE HANDLE “HELKERN”
  9. 9. THERE HAS BEEN NO PUBLIC DISCLOSURE ABOUT THE METHOD USED TO OBTAIN THE TARGET CREDIT CARD INFORMATION, BUT MANY SECURITY EXPERTS ARE FAIRLY CERTAIN THAT IT WAS LIKELY “SPEAR PHISHING” DIRECTED TO A TARGET EMPLOYEE WHO HAD ACCESS
  10. 10. BULLETIN: Dated January 14, 2014 – KREBS ON SECURITY
  11. 11. 2011 EXAMPLE THAT LED TO MASSIVE “SPEAR PHISHING” ATTACKS
  12. 12. APRIL 4, 2011 – Millions Exposed to Potential IDENTITY THEFT! Dallas – The customer lists of about 2500 corporate clients of Dallas based EPSILON, a marketing company, were stolen by a hacker over the weekend. These mailing lists are used to send about 40 billion emails annually to the millions of clients and customers of these 2500 companies. EPSILON has reported that the data stolen consisted of customer names and email addresses, but not personal financial data. A comprehensive list of companies known to have had their client email list stolen includes (as of April 6, 2011):
  13. 13. 1-800-FLOWERS AbeBook AIR MILES Rewards Ameriprise Ann Taylor Barclays Bank of Delaware Barclay's L.L. Bean Visa Beachbody bebe Benefit Cosmetics Best Buy Best Buy Reward Zone BJ's Visa Borders Brookstone Capital One Catherine's Charter Communications Citi City Market College Board Dell Dillons Disney Destinations Eddie Bauer Friends Eileen Fisher Ethan Allen Eurosport Soccer Express Food 4 Less Fred Meyer Fry's Electronics Hilton Honors Home Shoppers Network Jay C JPMorgan Chase King Soopers Kroger Lacoste Marks & Spence Marriott Rewards McKinsey Quarterly MoneyGram New York & Company QFC Ralphs Red Roof Inn Ritz-Carlton Rewards Robert Half International Scottrade Smith Brands Target TD Ameritrade TIAA-CREF TiVo TripAdvisor.com US Bank Verizon Victoria's Secret Viking River Cruises Visa Walgreens World Financial Network NOTE: Companies in RED have a presence in this area
  14. 14. The millions of customers of these companies may become the targets of PHISHING or SPEAR PHISHING. PHISHING uses spoofed or counterfeit duplicates of authentic websites for the explicit purpose of IDENTITY THEFT. The victim is tricked into entering valuable personal information on the website. Information solicited is typically credit or debit card numbers, PIN numbers, security codes, expiration dates, user names, account numbers, and passwords.
  15. 15. SPEAR PHISHING is a similar form of IDENTITY THEFT but the emails are targeted to specific users. Since the cyber crook has the customer information from these companies, they will likely be selling that information or using it to send out millions of SPAM emails that look authentic, appearing to be from real companies where the target victim really has an account. This tends to improve the success rate, with more victims disclosing their personal information.
  16. 16. AUTHENTIC WARNING ABOUT EPSILON BREACH 7:42PM APRIL 4
  17. 17. THIS IS THE GENUINE WARNING
  18. 18. ALL OF THESE LINKS LOOK REAL, BUT REALLY CONNECT TO A CROOK IN RUSSIA!
  19. 19. A MORE TRADITIONAL PHISHING EMAIL
  20. 20. NOTE THAT THE CROOK IS ASKING FOR THE DEBIT CARD NUMBER, SECURITY CODE AND PIN NUMBER! THIS WOULD NO LONGER BE YOUR DEBIT CARD, AND YOUR ACCOUNT WILL BE QUICKLY EMPTIED
  21. 21. NOTE THE SPELLING IN THE URL… “orangesavLngs.com
  22. 22. Domain Name: ORANGESAVLNGS.COM Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Creation Date: 13-jun-2008 Expiration Date: 13-jun-2009 Domain Name.......... orangesavlngs.com orangesavLngs.com Organisation Name.... John Davis Organisation Address. 49960 Esperanza Organisation Address. Organisation Address. carson Organisation Address. 95350 Organisation Address. CA Organisation Address. UNITED STATES Admin Email.......... johndaviiis88@yahoo.com Admin Phone.......... +1.5554843948 NOTE THE PHONEY Admin Fax............ “555” AREA CODE THERE IS NO 555
  23. 23. NOTE CORRECT URL ABOVE
  24. 24. Identity theft is not just an unauthorized charge on a credit card anymore. Identity theft, according to the Federal Trade Commission, “occurs when someone uses your personally identifying information, like your name, Social Security number or credit card number, without your permission, to commit fraud or other crimes.”
  25. 25. Types of Identifiers • Personal: – – – – – Name and Date of Birth Social Security Number Address and phone numbers Driver’s license and passport numbers Mother’s maiden name; pet name; etc. • Financial: – Credit card numbers (including security codes) – Bank account numbers – ATM Card and PIN numbers – Insurance policy numbers
  26. 26. Official US Gov’t ID THEFT WEBSITE http://www.ftc.gov/idtheft (redirects) ftc.gov/idtheft (redirects)
  27. 27. 1-877-ID THEFT
  28. 28. FREE PUBLICATIONS FROM THE FEDERAL TRADE COMMISSION FTC.GOV/idtheft
  29. 29. 2013 IDENTITY THEFT REPORT from JAVELIN RESEARCH (2/13) Identity fraud incidents and amount stolen increased—The number of identity fraud incidents increased by one million more consumers over the past year, and the dollar amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud every 3 seconds.
  30. 30. 1 in 4 data breach notification recipients became a victim of identity fraud—This year, almost 1 in 4 consumers that received a data breach letter became a victim of identity fraud, which is the highest rate since 2010. This underscores the need for consumers to take all notifications seriously. Not all breaches are created equal. The study found consumers who had their Social Security number compromised in a data breach were 5 times more likely to be a fraud victim than an average consumer. SOURCE: Javelin Research 2/13
  31. 31. DECEMBER 12, 2013 http://www.bjs.gov 16.6 MILLION PEOPLE EXPERIENCED IDENTITY THEFT IN 2012 Financial losses totaled $24.7 billion WASHINGTON – An estimated 16.6 million people, representing 7 percent of all persons age 16 or older in the United States, experienced at least one incident of identity theft in 2012, the Justice Department’s Bureau of Justice Statistics (BJS) announced today. Financial losses due to personal identity theft totaled $24.7 billion, over $10 billion more than the losses attributed to all other property crimes measured in the National Crime Victimization Survey. About 14 percent of victims suffered an out-of-pocket financial loss due to the most recent incident of identity theft. Of the victims who experienced an out-of-pocket loss, about half lost $99 or less.
  32. 32. In 2012, the misuse or attempted misuse of an existing account was the most common type of identity theft — experienced by 15.3 million people. An estimated 7.7 million people reported the fraudulent use of a credit card and 7.5 million reported the fraudulent use of a bank account such as a debit, checking or savings account. Another 1.1 million persons had their information misused to open a new account, and about 833,600 persons had their information misused for other fraudulent purposes. SOURCE: Victims of Identity Theft, 2012 (NCJ 243779)
  33. 33. SOURCE: http://www.bjs.gov/content/pub/pdf/vit12.pdf
  34. 34. SOURCE: FTC SOURCE: BJS
  35. 35. Arizona, California, Florida, Texas, and Nevada are the top 5 states for Identity Theft OHIO IS RANKED 29th IN IDENTITY THEFT Why are THESE states in RED? The answer is “Politically Incorrect” SOURCE: FTC
  36. 36. PHISHING Note the warning in the subject line of the email below
  37. 37. LINK ABOVE LOOKS AUTHENTIC
  38. 38. NOTE INTERNET ADDRESS IN THE ADDRESS BAR IT IS LOCATED IN KOREA
  39. 39. WHOSE CREDIT CARD IS IT NOW? WHAT HAPPENS NEXT?
  40. 40. FORWARD TO: spoof@paypal.com
  41. 41. EBAY PHISHING TO STEAL PASSWORDS LINK ABOVE LOOKS AUTHENTIC
  42. 42. NOTE INTERNET ADDRESS IN THE ADDRESS BAR – IT IS IN INDIA Forward to: spoof@ebay.com
  43. 43. PHISHING COMPARE THE LINKS; DOES IT LOOK SUSPICIOUS?
  44. 44. Now who can access the victims’ information? This site was registered in Missouri, but hosted in TAIWAN! Others were hosted in Germany, Mexico, India, Czechoslovakia, and the Netherlands
  45. 45. LINK ABOVE LOOKS AUTHENTIC There are only 5 questions that you must answer before you receive your $250 reward. Once you click to submit your answers you are taken to a page that requests your personal information along with your credit card number so that they can “credit your account” the $250 reward.
  46. 46. NOW THE CYBER CROOK HAS ALL OF YOUR INFORMATION INCLUDING CREDIT CARD, DL, AND MOTHER’S MAIDEN NAME. WHAT CAN HE DO WITH THIS INFORMATION?
  47. 47. INCOME TAX PHISHING IS MOST COMMON AROUND TAX TIME. NOTE THAT THIS RUSSIAN CROOK WOULD HAVE CREDIT CARD AND PIN NUMBER http://www.kotlovka.ru/picnews/help/www.irs.gov
  48. 48. Credit Report Example http://www.annualcreditreport.com
  49. 49. Prevention – Personal Awareness • Do not give out personal identifier information over the phone or Internet. • Stay informed about your personal financial records with frequent checks of credit history, bank records, i.e., extra or unknown transactions. • Limit personal information on necessary public distribution items (checks, business cards). • Purchase a home shredder. • Consider Identity Theft Insurance (controversial). • PRACTICE “SAFE HEX”
  50. 50. Ira Wilsker iwilsker@sbcglobal.net

×