This document discusses identity theft and fraud, outlining five types and both physical and virtual methods used by criminals. It notes that identity theft was the number one consumer complaint to the FTC in 2004, costing individuals $5 billion and businesses $47 billion annually. The document also outlines a four phase process criminals use to steal identities and then commit additional crimes.
ICT role in 21st century education and it's challenges.
1CYBER CRIMEChapter 5Objectives· Understand the differen.docx
1. 1
CYBER CRIME
Chapter 5
Objectives
· Understand the difference between identity theft and identity
fraud
· Explore the five types of identity theft/fraud
· Discuss the virtual and Internet methods in which computer
criminals steal identities
· Develop a knowledge of the crimes committed due to identity
theft
Details
I. Identity Theft: Illegal use or transfer of an individual’s
personal identification
information.
Identity Fraud: Illegal activities based on the fraudulent use of
identifying information of a real or fictitious person.
· Creation of fictitious identity by using a “breeder”
document(fictitious or stolen identifiers)
· Used by criminals to create additional lines of credit and
separate bank accounts
· Used by terrorists to conceal their own identity, hide from
authorities or gain access to sensitive information
Types of Identity Theft/Fraud
· Assumption of Identity: individual assumes the identity of
their victim, including all aspects of the victim’s lives
· Rarest form of identity theft/fraud
2. · Theft for Employment or Border Entry: Fraudulent use of
stolen or fictitious personal information to obtain employment
or gain entry into US
· Alien Registration Cards
· Nonimmigrant Visas
· Passports and Citizenship Documents
· Border Crossing Cards
· Virtual Identity Theft/Fraud: Use of personal, professional, or
other dimensions of identity toward creating a fraudulent virtual
personality
· On-line dating
· Role playing
· Accessing deviant sites or locations containing questionable
content
· Extra Marital Affairs
· Use for harassment or stalking
· Criminals may use to deceive others to reveal personal
information or solicit a criminal act
· Credit Identity Theft/Fraud: Use of stolen personal and
financial information to facilitate the creation of fraudulent
accounts. It requires the affirmative act of securing additional
credit.
· Criminals use to create additional sources of revenue through
the establishment of multiple accounts
· FTC (2011) reported 60% of all identity theft victims stated
3. their personal information was used to open new accounts,
transfer funds, or commit tax/wage related fraud
II. Scope and Victimology
· Developing crime statistics for Identity Theft/Fraud has been
difficult
· Lack of reporting by the public
· Lack of reporting by police to federal agencies
· Jurisdictional discrepancies in crime measurement
· Selective enforcement based on community standards and
department resources
· First comprehensive study conducted by Government
Accounting Office (2002)
· Identity Theft was dramatically increasing
· Calls to the Identity Theft Clearinghouse increased over 500%
in two years
· Losses incurred by MasterCard and Visa increased by 43%
· No significant loss of consumer confidence as online shopping
increased
· Number-one consumer complaint to the Federal Trade
Commission (FTC)
· FTC Study (2004): 15 million Americans victimized in 2003.
· Total annual cost to individuals was $5 billion; businesses was
$47 billion
· Total cost to Law Enforcement was $15,000-20,000 per case
4. · Four overall trends emerged by 2011
· Identity fraud incidents continued to increase but financial
costs to consumers decreased due to improved prevention and
detection tools which shortened the time between violation and
discovery
· Social networking activity increased the likelihood of
victimization because a lot of personal information is
exchanged publicly
· Smartphone owners are more likely to be victimized as 62%
fail to safeguard their devices with passwords
· Data breaches were increasing and more damaging
· Most common items exposed were credit card, debit card and
Social Security numbers
· Victim Profile: white males, early 40’s who lived in
metropolitan areas
· Victim Impact: Long term repercussions
· Harassment form debt collectors
· Banking problems
· Loan rejection
· Utility cutoffs
· Arrest for perpetrator’s other crimes
III. Physical Methods of Identity Theft
· Mail Theft: Theft of breeder documents (driver’s licenses,
passports, financial statements, birth certificates, death records)
5. from physical mailboxes; done randomly or popcorning when
mailbox red flag signals outgoing mail
· Dumpster Diving: Retrieving confidential documents from
trash cans or dumpsters; software, passwords, company
directories, personnel records
· Historically, murder weapons, corpses, bookmaking
spreadsheets and narcotics have been retrieved from trash cans
· Theft of Computers: Physical theft of laptop and desktop
computers is among the most common techniques employed by
identity thieves
· Private homes or buildings; public transit, especially airports,
hotels, recreation centers and government offices
· November 2011; desktop computer stolen from the offices of
Sutter Medical Foundation contained medical records of 3.3
million patients
· Science Applications International Corp. and Tricare Corp.;
Backup tapes stolen from employee’s car; impacted 5.1 million
military personnel and their families
· See case studies on page 129
· Bag Operations: Surreptitious entry into a hotel room to steal,
photograph or photocopy documents; steal or copy magnetic
media; or download information from laptop computers
· Scheme is designed to obtain information while leaving the
physical items in place
· Conducted by host countries (intelligence services) against
visiting diplomats or officials from a foreign government
· Insiders: Many authorities suggest corporate and government
insiders pose the greatest risk to identity theft
6. · Careless employees
· Sloppy handling procedures
· Failure to properly destroy data on discarded equipment
IV. Virtual or Internet-Facilitated Methods
· Phishing: most common recognized method of online identity
theft/fraud;
Soliciting information by e-mail or culling of individual to fake
web sites
· Spoofing: sending e-mails or Web sites by using company
trademarks and logos; online shopping sites-financial
institutions; eBay or PayPal, U.S. Bank, Citibank
· Pharming: advanced form of phishing; redirects the connection
between an IP address and its intended site
· Redirectors: malicious programs which redirect users network
traffic to undesired sites
· Advance-fee Fraud or 419 fraud: Fraudster sends e-mail to
victim asking for assistance claiming “found money”; solicits
personal or financial information as part of the con
· Spyware
· Browser-based software designed to capture and transmit
personal information to third parties without the knowledge and
consent of the owner
· Surreptitiously installed on a user’s machine to intercept or
take control over the interaction between users and their
computers
· Victims precipitate their own problems by opening file
7. attachments, downloading free software, screensavers, songs,
adult Web sites which contain the spyware
V. Crimes Facilitated by Identity Theft/Fraud
Four Phase Process
· Stolen identifiers are procured
· Breeder document is created
· Breeder document used to create additional fraudulent
documents and solidify a false identity
· Fraudulent identity is employed in the commission of a
criminal act
· Student loan fraud, immigration fraud, social security fraud,
insurance fraud, credit card fraud, tax fraud, various Internet
scams