This document discusses identity theft, how it occurs, and how businesses can protect themselves. It states that identity theft affects over 27 million Americans and involves criminals using personally identifying information like Social Security numbers without permission. It then outlines various ways criminals obtain customers' information, such as stealing business records, "skimming" credit card numbers, "phishing" scams, and exploiting weak wireless network security. The document stresses that businesses have a responsibility to protect customer data and assist with identity theft investigations.
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
This project concentrates on the area of internet fraud called “Identity Theft”. It focuses on the responsibility of the individual cardholder in preventing or reducing fraud. It is based upon a belief that educating and empowering consumers has the ability to decrease internet/e-Commerce fraud by way of reducing identity theft.
This was a presentation by Hewie Poplock on Tuesday, November 15th, 2016 in the Goodwill Manasota (FL) Ranch Lake Community Room, "How to Avoid Identity Theft".
A victim of identity theft himself, Hewie will provide examples of how ID theft can happen as well as suggestions and precautions on how to prevent you and your family from becoming victims of identity theft yourselves. Topics covered included:
• What is Identity Theft
• How ID Theft Happens
• How to Protect Yourself
• Phishing
• Data Breaches
• Facebook Spoofing
• Skimmers
• Security Freeze
• On Line Shopping Safety
• Credit Card Chips
• What to Do If You are a Victim
Hewie is a former teacher, college instructor, business owner and manager, IT Manager, and web designer. He is currently semi-retired, but is active in technology user groups and frequently speaks to and teaches groups who are mostly seniors. He holds a monthly Windows Special Interest Group for a group in Orlando and has several videos on YouTube. He is an active member of The Sarasota Technology User Group.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
This project concentrates on the area of internet fraud called “Identity Theft”. It focuses on the responsibility of the individual cardholder in preventing or reducing fraud. It is based upon a belief that educating and empowering consumers has the ability to decrease internet/e-Commerce fraud by way of reducing identity theft.
This was a presentation by Hewie Poplock on Tuesday, November 15th, 2016 in the Goodwill Manasota (FL) Ranch Lake Community Room, "How to Avoid Identity Theft".
A victim of identity theft himself, Hewie will provide examples of how ID theft can happen as well as suggestions and precautions on how to prevent you and your family from becoming victims of identity theft yourselves. Topics covered included:
• What is Identity Theft
• How ID Theft Happens
• How to Protect Yourself
• Phishing
• Data Breaches
• Facebook Spoofing
• Skimmers
• Security Freeze
• On Line Shopping Safety
• Credit Card Chips
• What to Do If You are a Victim
Hewie is a former teacher, college instructor, business owner and manager, IT Manager, and web designer. He is currently semi-retired, but is active in technology user groups and frequently speaks to and teaches groups who are mostly seniors. He holds a monthly Windows Special Interest Group for a group in Orlando and has several videos on YouTube. He is an active member of The Sarasota Technology User Group.
company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Online scams and frauds are one of the oldest tools in the box of cybercriminals. In this presentation, we help you understand:
a. The various types of online scams
b. Tips to stay safe from such scams
c. How Quick Heal can help prevent such scams
Identity theft occurs when an unauthorized person uses your name, date of birth, social security number or other forms of identity to obtain credit in your name without your consent. Some identity theft methods include phishing, vishing, pretexting, shoulder surfing, dumpster diving, atm skimming and more. Stay alert and informed and protect yourself and your identity.
Online scams and frauds are one of the oldest tools in the box of cybercriminals. In this presentation, we help you understand:
a. The various types of online scams
b. Tips to stay safe from such scams
c. How Quick Heal can help prevent such scams
Identity theft occurs when an unauthorized person uses your name, date of birth, social security number or other forms of identity to obtain credit in your name without your consent. Some identity theft methods include phishing, vishing, pretexting, shoulder surfing, dumpster diving, atm skimming and more. Stay alert and informed and protect yourself and your identity.
Fraud awareness for companies and their employees covering legal aspects of securing confidential information, social engineering techiniques and what to look for in suspect emails.
Dr. Barbara O'Neill and Carol Kando-Pineda, of the Federal Trade Commission, will present this 90-minute webinar on behalf of the Military Families Learning Network. This 90-minute webinar will include two sections: a general overview of identity theft and discussion about military-specific scams. Topics covered during the first section, presented by Dr. O’Neill, include a definition of identity theft, signs of identity theft, an identity theft risk assessment quiz, types of identity theft, how identity theft occurs, ways to reduce identity theft risk, phishing scams, proactive and reactive identity theft actions, and identity theft resources. Ms. Kando-Pineda plans to discuss getting help for identity theft victims, including the steps they need to take immediately, walking through the new features for consumers on Identitytheft.gov and how they help victims develop a recovery plan, get a heads-up on the latest “imposter” scams, and an update on the Military Consumer campaign and new resources on the way for the military community.
Protecting your privacy, identity and financial information online is critically important in today’s Internet economy. Last year, 13.1 million Americans were victims of identity theft. I have no plans on joining this group, which is what inspired us to create our latest Zing blog guide – Identity 101.
Technical development is what most people think of when they think of attackers. This aspect of hacking requires computer-savvy actors performing development activities that include research to find zero-day vulnerabilities, development of exploits for these vulnerabilities, and tools to automate the different pieces of a hack (bot-nets, data exfiltration, etc.).
The Business of Hacking - Business innovation meets the business of hackingat MicroFocus Italy ❖✔
Introduction
Attackers are sophisticated. They are organized. We hear these statements a lot but what
do they mean to us? What does it mean to our businesses? When we dig deeper into the
“business of hacking,” we see that the attackers have become almost corporate in their behavior.
Their business looks a lot like ours. Cyber criminals look to maximize their profits and minimize
risk. They have to compete on quality, customer service, price, reputation, and innovation. The
suppliers specialize in their market offerings. They have software development lifecycles and
are rapidly moving to Software as a Service (SaaS) offerings. Our businesses overlap in so many
ways that we should start to look at these attackers as competitors.
This paper will explore the business of hacking: the different ways people make money by
hacking, the motivations, the organization. It will break down the businesses’ profitability and
risk levels, and provide an overall SWOT analysis. From this, opportunities for disruption will be
discussed and a competitive approach for disrupting the business of hacking will be laid out.
The information in this paper draws on data and observations from HPE Security teams, open
source intelligence, and other industry reports as noted.
Whether building in enterprise security or applying security intelligence and advanced analytics,
we can use our understanding of the business of hacking and the threats to our specific
businesses to ensure that we are investing in the most effective security strategy.
Identity theft is prevalent and getting more and more so in our fast-paced, Internet-connected world. What exactly is identity theft? What laws are used to prosecute identity theft? What should you do if you are a victim of identity theft? How can you protect yourself from it? All these questions and more are framed and answered in this presentation about identity theft.
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
The Identity Theft Checklist – Guidance for the general public.nz- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
1. Identity Theft: What it is, How itIdentity Theft: What it is, How it
Occurs, And How to Protect YourOccurs, And How to Protect Your
BusinessBusiness
A Presentation by Matt Smith. President of Litchfield
County Computer, L.L.C.
2. What is Identity TheftWhat is Identity Theft
Identity theft is when someone uses your personallyIdentity theft is when someone uses your personally
identifying information, like your name, Social Securityidentifying information, like your name, Social Security
number, or credit card number, without yournumber, or credit card number, without your
permission, to commit fraud or other crimes.permission, to commit fraud or other crimes.
27.3 million Americans have been victims of identity27.3 million Americans have been victims of identity
theft within the last 5 years.theft within the last 5 years.
Between 2008 and 2009 identity theft increased 11%Between 2008 and 2009 identity theft increased 11%
affecting 11 million Americans (1 in 20)affecting 11 million Americans (1 in 20)
If you have received a notice in the mail indicating thatIf you have received a notice in the mail indicating that
your data has been breached your chances of ID Theftyour data has been breached your chances of ID Theft
go up to 1 in 4go up to 1 in 4
3. The Two Types of Identity TheftThe Two Types of Identity Theft
There are two types of identity theft that canThere are two types of identity theft that can
impact your business:impact your business:
Personal identity theft of your customersPersonal identity theft of your customers
The theft of your business identityThe theft of your business identity
Both types of identity theft can hurt yourBoth types of identity theft can hurt your
business. I will talk mostly about personalbusiness. I will talk mostly about personal
identity theft.identity theft.
4. How Criminals get your Customer’sHow Criminals get your Customer’s
InformationInformation
Business records get stolenBusiness records get stolen
Shoulder SurfingShoulder Surfing
Dumpster DivingDumpster Diving
Pretending to be someone of authority from yourPretending to be someone of authority from your
companycompany
Internet based attacks (known as online identity theft)Internet based attacks (known as online identity theft)
SkimmingSkimming
PhishingPhishing
WLAN SecurityWLAN Security
PhotocopiersPhotocopiers
5. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: Internet based attacksInformation: Internet based attacks
Credit card and other personal information isCredit card and other personal information is
stored in a database by an online merchant.stored in a database by an online merchant.
These databases require Internet access in orderThese databases require Internet access in order
to operate.to operate.
The database is broken into, allowing for largeThe database is broken into, allowing for large
amounts of personal information to be stolen.amounts of personal information to be stolen.
6. The TJX Security BreachThe TJX Security Breach
TJX is the parent company of Marshalls,TJX is the parent company of Marshalls,
TJMAXX, and several other retail stores.TJMAXX, and several other retail stores.
Sometime in the summer of 2005, two attackersSometime in the summer of 2005, two attackers
broke into the wireless network of the Marshallsbroke into the wireless network of the Marshalls
in St. Paul, MN and Miami, FL.in St. Paul, MN and Miami, FL.
Once they were inside the store’s network, theyOnce they were inside the store’s network, they
were able to break into TJX headquarters.were able to break into TJX headquarters.
A confirmed 45.7 million credit and debit cardA confirmed 45.7 million credit and debit card
numbers were stolen. This is the second largestnumbers were stolen. This is the second largest
data breach in U.S. history.data breach in U.S. history.
7. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: SkimmingInformation: Skimming
Skimming is the act of running a credit cardSkimming is the act of running a credit card
though a device that is designed to capture andthough a device that is designed to capture and
store the information on many credit cards forstore the information on many credit cards for
easy access later by a computer.easy access later by a computer.
You can also skim a card by writing down theYou can also skim a card by writing down the
card information on a piece of paper when thecard information on a piece of paper when the
card is out of sight.card is out of sight.
Corrupt employees will sometimes hide aCorrupt employees will sometimes hide a
skimmer under a counter.skimmer under a counter.
8. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: SkimmingInformation: Skimming
Picture of a skimmerPicture of a skimmer
9. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: PhishingInformation: Phishing
Phishing is when someone tries to get yourPhishing is when someone tries to get your
information by putting a fake banking (or otherinformation by putting a fake banking (or other
site) on the Internet. Once the site is online thesite) on the Internet. Once the site is online the
phisher will send out spam emails looking forphisher will send out spam emails looking for
victims.victims.
These spam emails will look and sound official.These spam emails will look and sound official.
However they are merely traps to get yourHowever they are merely traps to get your
customers to reveal their personal information.customers to reveal their personal information.
10. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: PhishingInformation: Phishing
The would-be phisher will steal your website’sThe would-be phisher will steal your website’s
code and then use it to set up a clone websitecode and then use it to set up a clone website
that will capture your customer’s data and sendthat will capture your customer’s data and send
it to the phisher.it to the phisher.
11. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: WLAN SecurityInformation: WLAN Security
Another major problem for businesses isAnother major problem for businesses is
wireless network security.wireless network security.
All too often a business will just install a wirelessAll too often a business will just install a wireless
network because it’s convenient, withoutnetwork because it’s convenient, without
realizing the security risks.realizing the security risks.
Wireless networking technology does supportWireless networking technology does support
encryption. However, this encryption can beencryption. However, this encryption can be
broken with the use of the proper tools.broken with the use of the proper tools.
12. How Criminals get your Customer’sHow Criminals get your Customer’s
Information: WLAN SecurityInformation: WLAN Security
If your business is on a main road or other highIf your business is on a main road or other high
traffic location or has a large parking lot wirelesstraffic location or has a large parking lot wireless
networking should be avoided altogethernetworking should be avoided altogether
because it can allow an attacker enough time tobecause it can allow an attacker enough time to
probe your network and break into it withoutprobe your network and break into it without
being seen.being seen.
Once an attacker actually gets into your networkOnce an attacker actually gets into your network
he can sit outside undetected and steal data withhe can sit outside undetected and steal data with
impunity.impunity.
13. How Criminals get your Information:How Criminals get your Information:
PhotocopiersPhotocopiers
Photocopiers made in the last 6 years have thePhotocopiers made in the last 6 years have the
same hard drives that computers do.same hard drives that computers do.
These hard drives are used to store everyThese hard drives are used to store every
document the copier has ever copied. This datadocument the copier has ever copied. This data
has very little chance of being overwritten.has very little chance of being overwritten.
14. How Criminals get your Information:How Criminals get your Information:
PhotocopiersPhotocopiers
These hard drives can be stolen from the copier,These hard drives can be stolen from the copier,
revealing personal information.revealing personal information.
They also become a problem after the copier isThey also become a problem after the copier is
disposed of.disposed of.
Sharp and Xerox make security kits. However,Sharp and Xerox make security kits. However,
the security kit must be applied to the copier.the security kit must be applied to the copier.
15. Business ResponsibilitiesBusiness Responsibilities
Businesses are required under the Fair CreditBusinesses are required under the Fair Credit
Reporting Act to turn over any records that mayReporting Act to turn over any records that may
assist an ID theft investigation.assist an ID theft investigation.
Victims can ask a LEO for assistance.Victims can ask a LEO for assistance.
All requests are made in writing.All requests are made in writing.
Once a request is received the business has 30Once a request is received the business has 30
days to turn over the requested materials.days to turn over the requested materials.
16. Business ResponsibilitiesBusiness Responsibilities
The business has the right to refuse to provideThe business has the right to refuse to provide
the records if:the records if:
You can’t verify the identity of the victim.You can’t verify the identity of the victim.
The request is based on a misrepresentation.The request is based on a misrepresentation.
The request involves a customer’s web surfingThe request involves a customer’s web surfing
habits.habits.
Another State or Federal law prohibits the request.Another State or Federal law prohibits the request.
17. The Red Flags RuleThe Red Flags Rule
This is an FTC rule that businesses that grantThis is an FTC rule that businesses that grant
large loans or allow people to defer paymentlarge loans or allow people to defer payment
must comply with.must comply with.
The rule states that businesses must identify redThe rule states that businesses must identify red
flags that could signal customer ID theft. Theseflags that could signal customer ID theft. These
red flags are specific to the type of business.red flags are specific to the type of business.
A written program for addressing red flags isA written program for addressing red flags is
required.required.
18. The Red Flags RuleThe Red Flags Rule
The best way to know if your business has toThe best way to know if your business has to
comply with the red flags rule is to read thecomply with the red flags rule is to read the
document that is provided by the FTC. Thisdocument that is provided by the FTC. This
document can be found by typing “ftc red flagdocument can be found by typing “ftc red flag
rules” without the quotes.rules” without the quotes.
20. Business Identity TheftBusiness Identity Theft
Consumers are no longer the only ones that areConsumers are no longer the only ones that are
subject to identity theft.subject to identity theft.
Businesses are separate entities with their ownBusinesses are separate entities with their own
set of identifying information that is subject toset of identifying information that is subject to
theft.theft.
The huge credit lines of businesses can be anThe huge credit lines of businesses can be an
attractive target.attractive target.
21. Business Identity Theft - MethodsBusiness Identity Theft - Methods
Dumpster DivingDumpster Diving
PhishingPhishing
Mail TheftMail Theft
The “bust out”The “bust out”
22. Business Identity Theft – Bust OutBusiness Identity Theft – Bust Out
The “bust out” is a simple tactic where aThe “bust out” is a simple tactic where a
criminal will rent space in the same building thatcriminal will rent space in the same building that
your business is in then apply for credit cardsyour business is in then apply for credit cards
using your business name.using your business name.
Because the physical addresses match up, theBecause the physical addresses match up, the
credit requests are not flagged.credit requests are not flagged.
Once the criminal has the cards they are sold onOnce the criminal has the cards they are sold on
the street.the street.
23. Business Identity Theft – Bust OutBusiness Identity Theft – Bust Out
Another technique is to use the cards toAnother technique is to use the cards to
purchase expensive goods that may not bepurchase expensive goods that may not be
discovered for 6 months or more.discovered for 6 months or more.
24. Difficulties Getting Your IdentityDifficulties Getting Your Identity
BackBack
Because it’s so new small and mediumBecause it’s so new small and medium
businesses do not have the same legalbusinesses do not have the same legal
protections that consumers do.protections that consumers do.
There are legal gaps in the current law.There are legal gaps in the current law.
California has taken the lead in laws to protectCalifornia has taken the lead in laws to protect
and recover business identities.and recover business identities.
Credit card companies are also puttingCredit card companies are also putting
procedures into place.procedures into place.
25. Difficulties Getting Your IdentityDifficulties Getting Your Identity
BackBack
One other issue that holds progress back is thatOne other issue that holds progress back is that
companies do not want to publicly admit thatcompanies do not want to publicly admit that
their identity has been stolen.their identity has been stolen.
26. If Your Identity is StolenIf Your Identity is Stolen
1. Contact your local Police Department and1. Contact your local Police Department and
have them file a police report. Although theyhave them file a police report. Although they
will not be able to do much else other than file awill not be able to do much else other than file a
report you will NEED a police report for laterreport you will NEED a police report for later
steps to help prove that there has been a crime. steps to help prove that there has been a crime.
Make sure that you get a copy of the policeMake sure that you get a copy of the police
report.report.
2. Cancel all accounts where the suspicious2. Cancel all accounts where the suspicious
activity was seen. This includes credit and debitactivity was seen. This includes credit and debit
cards.cards.
27. If Your Identity is StolenIf Your Identity is Stolen
3. Contact the 3 credit bureaus. They are3. Contact the 3 credit bureaus. They are
http://www.equifax.comhttp://www.equifax.com,, http://http://www.experian.comwww.experian.com,,
andand http://http://www.transunion.comwww.transunion.com. They will place a. They will place a
fraud alert on your account(s). If you skip thisfraud alert on your account(s). If you skip this
step, you run the risk of the identity thief beingstep, you run the risk of the identity thief being
able to reopen the accounts you had closed inable to reopen the accounts you had closed in
step 2.step 2.
4. Contact the FTC at4. Contact the FTC at
http://www.consumer.gov/idthefthttp://www.consumer.gov/idtheft and file a report.and file a report.
28. If Your Identity is Stolen:If Your Identity is Stolen:
5. Contact your creditors and inform them of5. Contact your creditors and inform them of
the situation. Provide copies of your policethe situation. Provide copies of your police
report if requested.report if requested.