10. IDENTITY THEFT
Identity Theft adalah Suatu Upaya untuk
memperoleh dan menggunakan (memalsukan)
identitas seseorang secara tidak sah, biasanya
untuk mendapatkan keuntungan Finansial.
11. IDENTITY THEFT
• Alamat email
• Akun media sosial
Twitter
Google (g+)
Facebook
• Nomor
handphone
Identitas Maya Saat IniIdentitas Maya Saat Ini
12. IDENTITY THEFT
Tujuan Pencurian IdentitasTujuan Pencurian Identitas
• Untuk melakukan penipuan (finansial)
– Minta donasi
– Minta pulsa
• Untuk melakukan pencemaran nama baik
– Membuat pernyataan yang kontroversial
– Membuat masalah
• Untuk mencuri identitas orang lain lagi
13. IDENTITY THEFT
• Dengan Bermodalkan data dari internet
Nama
Foto
Data dari media sosial (tempat bekerja, sekolah,
organisasi)
• Membuka akun baru di media sosial lain dengan data
tersebut
Membujuk orang lain untuk menjadi teman (yang
kemudian dijadikan pembenaran bahwa kita adalah orang
yang bersangkutan)
• Cara lain adalah dengan membajak akun yang sudah ada
Reset password
Ambil alih akun
16. Bentuk Identity TheftBentuk Identity Theft
Email Theft
Perilaku pencurian identitas pribadi seperti
nama, nomor telepon dan alamat yang
dilakukan dengan mengakses atau meng
Hack Email seseorang.
17. Bentuk Identity TheftBentuk Identity Theft
Browsing File Temporary
Cache dan history yang tersimpan di dalam desktop
atau perangkat Teknologi lainnya ternyata bisa
dimanfaatkan oleh para hacker untuk menyebarkan
virus maupun mencuri informasi di waktu yang
tidak kita sadari.
18. Keylogging
Bentuk Identity TheftBentuk Identity Theft
Keylogging adalah salah satu bentuk identity theft
yang terbilang sangat detail dan berbahaya. Pelaku
keylogging dapat merekam setiap aktivitas yang
kita lakukan melalui desktop atau perangkat
teknologi lainnya mulai dari halaman internet yang
kita akses, percakapam melalui Video atau suara
bahkan keyboard yang kita tekan
19. Fake Job Offers
Bentuk Identity TheftBentuk Identity Theft
Model identity theft yang satu ini terbilang cukup unik.
Dengan berkedok penawaran lowongan pekerjaan atau
kesempatan untuk memperoleh hadiah, biasanya kita akan
diminta untuk mengisi suatu formulir tentang data-data
pribadi. Dan selanjutnta data tersebut bisa dengan mudah
digunakan oleh oknum yang tidak bertanggungjawab.
20. Social Media Fraud
Bentuk Identity TheftBentuk Identity Theft
Akses yang mudah ke profil media social kita
juga membuat kita jadi lebih rentan
mengalami tindak pencurian identitas. Akan
lebih baik bila kita melindungi akun media
sosial kita supaya tidak bisa diakses oleh
sembarang orang yang tidak kita kenal.
21. Identity Theft Statistics 2011
75%
11.1
Million
Adults Victims
of Identity
Theft
$54 billion
13%
4.8%
The Total Fraud
Amount
Percent of
Population
Victimized by
Identity Fraud
Victim Who
Knew
Crimes Were
Committed
Fraud Attacks on
Existing Credit
card Accounts
http://www.spendonlife.com
22. Consumer
Complaint
Scenari
o
“I lost my purse in 2006. But surprisingly I got notices of bounced checks in
2007. About a year later, I received information that someone using my
identity had bought a car. In 2008, I came to know that someone is using my
Social Security Number for a number of years. A person got arrested and
produced my SSN on his arrest sheet.
I can’t get credit because of this situation. I was denied a mortgage,
employment, credit cards and medical care for my children.”
http://www.networkworld.com
23. Module
Objectives
What is Identity Theft?
Personal Information that Can
be Stolen
How do Attackers Steal
Identity?
What do Attackers do with
Stolen Identity?
Examples of Identity Theft
How to Find if You are a
Victim of Identity Theft?
What to do if Identity is
Stolen?
Reporting Identity Theft
Prosecuting Identity Theft
Guidelines for Identity Theft
Protection
Guidelines for Protection
from Computer Based
Identity Theft
IP Address Hiding Tools
23
24. Identity Theft
What to Do if
Identity Is Stolen
How to Find if You Are a
Victim of Identity Theft
Reporting
Identity Theft
Protection from
Identity Theft
Module Flow
Social
Engineering
25. Crimin
al
charge
s
Legal
issue
s
of
th
rtgage,
credit
It leads to denial
employment,
heal care
facilities, mo
bank accounts
and cards, etc.
Financi
al
losses
Identity
Theft
Effects
Identity theft or ID fraud refers to a crime where an offender wrongfully obtains key
pieces of the intended victim's personal identifying information, such as date of
birth, Social Security number, driver's license number, etc., and makes gain by using
that personal data
What is Identity Theft?
26. Personal Information that Can be
Stolen
Name
s
Mother’s
maiden
name
Telephone
numbers
Passport
numbers
a
Credit card/Bank
ccount numbers
Social
security
numbers
Driving
license
numbers
Birth
certificates
Addres
s
Date of
birth
27. How do Attackers Steal
Identity?
Phishing
Fraudster pretend to be
a financial institution
and send spam/ pop‐
up messages to trick
the user to reveal
personal
information
Fraudsters may steal
wallets and purses, mails
including bank and credit
card statements, pre‐
approved credit offers, and
new checks or tax
information
Hacking
Attackers may hack
the computer
systems to steal
confidential
personal
information
p
Social Engineering
It is an act of manipulating
people trust to perform
certain actions or divulging
rivate information, without
using technical cracking
methods
28. All
Rights
Re
What do Attackers do with
Stolen Identity?
Credit Card
Fraud
Phone or Utilities
Fraud
Other Fraud
They may open a new
phone or wireless
account in the user’s
name, or run up
charges on his/her
existing account
They may use user’s
name to get utility
services such as
electricity, heating, or
cable TV
They may get a job using
legitimate user’s Social
Security number
They may give legitimate
user’s information to
police during an arrest
and if they do not turn
up for their court date, a
warrant for arrest is
issued on legitimate
user’s name
They may open new
credit card accounts in
the name of the user
and do not pay the
bills
29. What do Attackers do with
Stolen Identity?
Bank/Finance
Fraud
Government
Documents Fraud
They may create counterfeit checks
using victim’s name or account number
They may open a bank account in
victim’s name and issue the checks
They may clone an ATM or debit card
and make electronic withdrawals on
victim’s name
They may take a loan on victims’ name
They may get a driving license or
official ID card issued on legitimate
user’s name but with their photo
They may use victim’s name and
Social Security number to get
government benefits
They may file a fraudulent tax return
using legitimate user information
30. Same Name: TRENT CHARLES
ARSENAUL
Origina
l
Identity
Theft
Identity Theft Example
31. Identity Theft
What to Do if
Identity Is Stolen
How to Find if You Are a
Victim of Identity Theft
Social
Engineering
Reporting
Identity Theft
Protection from
Identity Theft
Module Flow
32. Social Engineering
Social Engineers
Attempt to Gather
Sensitive information
such as credit card
details, social security
number, etc.
Passwords Other
personal
information
Types of Social
Engineering
Human based social
engineering
Computer based
social engineering
Social
Engineering
Social engineering is
the art of convincing
people to reveal
confidential information
It is the trick used to
gain sensitive
information by
exploiting the basic
human nature
33. Social Engineering Example
Hi, we are from CONSESCO Software.
We are hiring new people for our
software development team. We got
your contact number from popular job
portals. Please provide details of your job
profile, current project information,
social security number, and your
residential address.
34. Criminal as Phone Banker
Hi, I am Mike calling from CITI Bank.
Due to increasing threat perception, we
are updating our systems with new security
features. Can you provide me your personal
details to verify that you are real Stella.
Thanks Mike, Here are my details. Do you
need anything else?
35. Authority Support Example
Hi, I am John Brown. I'm with the
external auditors Arthur Sanderson. We've
been told by corporate to do a
surprise inspection of your disaster
recovery procedures.
Your department has 10 minutes to
show me how you would recover from a
website crash.
36. Technical Support Example
A man calls a company’s help desk and
says he has forgotten his password.
He adds that if he misses the deadline
on a big advertising project, his boss
might fire him.
The help desk worker feels sorry for
him and quickly resets the password,
unwittingly giving the attacker clear
entrance into the corporate
network
37. Human-Based Social Engineering
Eavesdropping Shoulder surfing Dumpster diving
Eavesdropping is
unauthorized listening
of conversations or
reading of messages
It is interception of
any form of
communication such
as audio, video, or
written
Shoulder surfing is the
procedure where the
attackers look over the
user’s shoulder to gain
critical information such
as passwords, personal
identification number,
account numbers, credit
card information, etc.
Attacker may also watch
the user from a distance
using binoculars in order
to get the pieces of
information
Dumpster diving
includes searching for
sensitive information
at the target
company’s trash bins,
printer trash bins, user
desk for sticky notes,
etc.
It involves collection of
phone bills, contact
information, financial
information,
operations related
information, etc.
38. Spam
Email
Instant
Chat
Messenger
Chain
Letters
Hoax
Letters
Pop‐up
Windows
Windows that suddenly pop
up while surfing the
Internet and ask for users’
information to login or
sign‐in
Hoax letters are emails that
issue warnings to the user on
new viruses, Trojans, or
worms that may harm the
user’s system
Chain letters are emails that
offer free gifts such as money
and software on the condition
that the user has to forward
the mail to the said number of
persons
Gathering personal
information by chatting with
a selected online user to get
information such as birth
dates and maiden names
Irrelevant, unwanted, and
unsolicited email to collect
the financial information,
social security numbers,
and network information
Computer-Based Social Engineering
39. Computer-Based Social Engineering:
Phishing
An illegitimate email falsely claiming to be from a legitimate site attempts to acquire the
user’s personal or account information
Phishing emails or pop‐ups redirect users to fake webpages of mimicking trustworthy
sites that ask them to submit their personal information
Fake Bank
Webpage
40. Phony Security Alerts
Phony Security Alerts are the
emails or pop‐up windows that
seem to be from a reputed
hardware or software
manufacturers like Microsoft, Dell,
etc.,
It warns/alerts the user that the
system is infected and thus will
provide with an attachment or a
link in order to patch the system
Scammers suggest the user to
download and install those patches
The trap is that the file contains
malicious programs that may infect
the user system
41. Computer-Based Social Engineering through
Social Networking Websites
Computer‐based social engineering is carried out through social networking websites such as Orkut,
Facebook, MySpace, LinkedIn, Twitter, etc.
Attackers use these social networking websites to exploit users’ personal information
42. Identity Theft
What to Do if
Identity Is Stolen
How to Find if You Are a
Victim of Identity Theft
Reporting
Identity Theft
Protection from
Identity Theft
Module Flow
Social
Engineering
43. How to Find if You are a Victim
of Identity Theft?
Bill collection agencies contact you for overdue debts you never
incurred
You receive bills, invoices, or receipts addressed to you for goods
or services you haven’t asked for
You no longer receive your credit card or bank statements
You notice that some of your mail seems to be missing
Your request for mortgage or any other loan is rejected citing your
bad credit history despite you having a good credit record
44. All
Rights
Re
How to Find if You are a Victim
of Identity Theft?
You get something
in the mail about
an apartment you
never rented, a
house you never
bought, or a job
you never held
You lose
important
documents such
as your passport
or driving
license
You identify
irregularities
in your credit
card and
bank
statements
You are denied
for social
benefits citing
that you are
already claiming
You receive
credit card
statement
with new
account
45. Identity Theft
What to Do if
Identity Is Stolen
How to Find if You Are a
Victim of Identity Theft
Reporting
Identity Theft
Protection from
Identity Theft
Module Flow
Social
Engineering
46. What to do if Identity is Stolen?
Contact the credit reporting
agencies http://www.experian.com
http://wwwc.equifax.com
http://www.transunion.com
Immediately inform credit
bureaus and establish fraud
alerts
Request for a credit
report
Review the credit reports and
alert the credit agencies
Freeze the credit reports with
credit reporting agencies
Contact all of your creditors and
notify them of the fraudulent
activity
Change all the passwords of
online accounts
Close the accounts that you know
or believe have been tampered
with or opened fraudulently
47. All
Rights
Re
What to Do if Identity Is Stolen?
File a report with the
local police or the
police in the
community where
the identity theft took
place
File a complaint
with identity theft
and cybercrime
reporting agencies
such as the FTC
Take advice from
police and reporting
agencies about how
to protect yourself
from further
identity compromise
Ask the credit
card company
about new
account numbers
Tell the debt
collectors that you
are a victim of fraud
and are not
responsible for the
unpaid bill
Ask the bank to report
the fraud to a consumer
reporting agency such
as ChexSystems that
compiles reports on
checking accounts
48. Identity Theft
What to Do if
Identity Is Stolen
How to Find if You Are a
Victim of Identity Theft
Reporting
Identity Theft
Protection from
Identity Theft
Module Flow
Social
Engineering
49. Federal Trade
CommissionThe Federal Trade Commission, the nation's consumer protection
agency, collects complaints about companies, business practices, and
identity theft
http://www.ftc.gov
49
51. Internet Crime Complaint Center
http://www.ic3.gov
The Internet Crime Complaint
Center’s (IC3) mission is to serve as
a vehicle to receive, develop,
and refer criminal complaints
regarding the rapidly expanding
arena of cyber crime
The Internet Crime Complaint
Center (IC3) is a partnership
between the Federal Bureau of
Investigation (FBI), the National
White Collar Crime Center
(NW3C), and the Bureau of Justice
Assistance (BJA)
52. Prosecuting Identity Theft
Begin the process by
contacting the
bureaus, banks, or any
other organizations
who may be involved
File a formal complaint
with the organization
and with the police
department
Regularly update
yourself
regarding the
investigation
process to
ensure that the
case is being
dealt with
properly
Obtain a copy of
the police
complaint to
prove to the
organizations that
you have filed an
identity theft
complaint
File a complaint
with the Federal
Trade Commission
and complete
affidavits to prove
your innocence on
the claims of
identity theft and
fraudulent activity
Contact the
District Attorney's
office for further
prosecuting the
individuals who
may be involved in
the identity theft
53. Module Summary
Identity theft is the process of using someone else’s personal information
for the personal gain of the offender
Criminals look through trash for bills or other paper with personal
information on it
Criminals call the victim impersonating a government official or other
legitimate business people and request personal information
Keep the computer operating system and other applications up to date
Do not reply to unsolicited email that asks for personal information
Use strong passwords for all financial accounts
Review bank/credit card statements/credit reports regularly
54. Never give away social security information or private contact
information on the phone – unless YOU initiated the phone call
Keep your Social Security card, passport, license, and other valuable
personal information hidden and locked up
Ensure that your name is not present in the marketers’ hit lists
Shred papers with personal information instead of throwing them away
Confirm who you are dealing with, i.e., a legitimate representative or a
legitimate organization over the phone
Carry only necessary credit cards Cancel cards seldom used
Review credit reports regularly
Identity Theft Protection Checklist
55. Do not carry your Social Security card in your wallet
Do not reply to unsolicited email requests for personal information Do
not give personal information over the phone
Review bank/credit card statements regularly
Shred credit card offers and “convenience checks” that are not useful
Do not store any financial information on the system and use strong
passwords for all financial accounts
Check the telephone and cell phone bills for calls you did not make
Read before you click, stop pre‐approved credit offers, and read
website privacy policies
Identity Theft Protection Checklist
Good morning/afternoon/evening:
Thank you for joining us today.
I want to talk to you about how we can reduce our risk of a problem . I’m talking about identity theft. ID theft has that has affected millions of people. But there are things we can do to protect ourselves.
Indikator perkembangan APMK (Alat Pembayaran Menggunakan Kartu) dan UE (Uang Elektronik)
Sumber : Bank Indonesia BI
JUMLAH INSIDEN PELANGGARAN BERDASARKAN JENIS TAHUN 2016
Sumber dari Gamelto