the cyberside of identity theft gaae conference georgia perimeter college february 1, 2008
Post on 16-Dec-2015
213 Views
Preview:
TRANSCRIPT
What Is Identity Theft?
n : the co-option of another person's personal information (e.g., name, social security number, credit card number, passport) without that person's knowledge and the fraudulent use of such knowledge
-- dictionary.com
Federal Identity Theft and Assumption Deterrence Act18 U.S.C. § 1028(a)(7)
Federal law passed in 1998
Prohibits “knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.”
Georgia Statute §16-9-121. Identity Fraud Law
“A person commits the offense of identity fraud when without the authorization or permission of a person with the intent unlawfully to appropriate resources of or cause physical harm to that person, or of any other person, to his or her own use or to the use of a third party he or she: (1) Obtains or records identifying information of a person which would assist in accessing the resources of the other person; or(2) Accesses or attempts to access the resources of the other person through the use of identifying information.”
Identifying Information (Partial List)
Names (current or former)
Social Security numbers
Driver’s license numbers
Bank account/credit card numbers
Birth dates
Tax identification numbers
Medical identifications
Statistics
Source: Federal Trade Commission Identity Theft Data Clearinghouse reportOver 674,300 consumer identity theft &
fraud complaints received in 200636% classified as identity theft, 64% as other
fraud.Reported losses of over $1.1 billion (up from
$547 million two years earlier).
ID Theft in Atlanta -- 2006
Atlanta-Sandy Springs-Marietta, GA Metropolitan Statistical Area
Theft Type Complaints Percentage
Credit Card Fraud 1,398 24.5 % Bank Fraud 1,142 20.0 % Phone or Utilities Fraud 913 16.0 % Government Documents
or Benefits Fraud 767 13.4 % Employment-Related Fraud 467 8.2 % Loan Fraud 292 5.1 % Other Identity Theft 1,404 24.6 % Attempted Identity Theft 339 5.9 % Total: 5,710
Statistics (cont.)
Losses to banks and final institutionsEstimated $48 billion in 2003
Average loss per business victim$10,200
Average loss to individual victims$1,180175 or more hours resolving problems over
two or more years
Who Commits Identity Theft?
Professional thieves
Strangers
Employees of businesses
Family members and relatives
Friends/acquaintances
How Does Identity Theft Occur?
Non-technological methods still used“Dumpster diving”Dishonest employeesMail theft/interceptionMasquerading and “Social hacking”“Shoulder surfers”Telemarketing scams
How Does Identity Theft Occur? (cont.)
Technologically-based theft is growing exponentiallyWireless invasion/interceptionMalicious software“Phishing” and “Pharming” schemes
Wireless Invasion/ Interception
Unsecured wi-fi networksPublic, “open private” or poorly secured
Unsecured computersMissing password protection
“Clear data” transmissionsFailure to use encryption techniquesFailure to use secure sites
Malicious Software
Keyloggers and screenloggersmonitor data as user inputs it, send data to
remote servers for exploitation
Email/IM redirectors intercept legitimate communications, relay
copies to unintended destinations
Session hijackers and web trojansmimic legitimate websites but aren't
Malicious Software (cont.)
System reconfiguration attacksmodify network settings on user's computer
“Pharming” -- redirection to a fake website
Data Characteristics
Used in conjunction with malicious softwareCertain programs store data in known locationsMany types of data follow specific patterns
“Phishing”Attn My Dear Mr Mike Aurelius,
I apologize if the contents hereunder are contrary to your moral ethics, but please treat it with absolute secrecy and personal courtesy. I am Johnson Kumalo an Auditor in a commercial Bank, in the process of auditing ourbank accounts this quarter, I and one of my colleagues recently discovered that there is a dormant account valued at the sum £10,000,000.00 (Ten Million British Pound Sterling) and after due verification of this account wediscovered that the account owner is late and that is why the account has been dormant and as such a £10,000,000.00 has been lying in the bank unclaimed.
The idea of presenting a foreigner to act as his next of kin came into our mind, as you know the said deceased is a foreigner as well. Hence, that is how and why we have contacted you to present you as his next of kin, so thatthe £10,000,000.00 will be paid to you and we can both disburse the fund according to the percentage we will agree upon. In view of this, I am seeking for your co-operation and understanding to stand as the next of kin toour deceased customer, to enable us claim the fund from my bank. Hence, if this proposal is OK by you and you do not wish to take undue advantage of my trust, then I hope to bestow on you. Please kindly get back to meimmediately only through my personal contact email; johnsonkumalo@executivemail.co.za
On getting your response, we shall agree on the percentage ratio on which we shall disburse the £10,000,000.00 between us, as we intend to invest part of our own share in a real estate or any lucrative business in yourcountry, and we would appreciate if you can put us in the right part where we can invest our own share in your country. I will not contact any person or company until I hear from you, so as to enable me decides on what to donext.Be rest assured that this business is 100% risk free.We wait for your prompt response.
Best Regards,Johnson Kumalo.
Private Email: johnsonkumalo@executivemail.co.za
NB: PLEASE NOTE THAT IT DOES NOT MATTER IF YOU ARE NOT RELATED TO MY LATE CLIENT.THE FUNDS WILL STILL BE PAID TO YOU, SINCE I AM PRESENTING YOU AS HIS NEXT OF KIN.
________________________________
Χρησιμοποιείτε Yahoo!Βαρεθήκατε τα ενοχλητικά μηνύ ματα (spam); Το Yahoo! Mail διαθέτει την καλύτερη δυνατή προστασία κατά των ενοχλητικών μηνυμάτων http://login.yahoo.com/config/mail?.intl=gr
How Can I Prevent It?
Total prevention is impossible!
Minimize risks as much as possible
Use common sense!!!
Protect Your Information
Do not give out information unless you must!
Ask why a piece of information is neededYou can refuse to give information, but you
may not receive the service in returnDo not use your Social Security number as
an identification numberNeeded by IRS, SSA
Protect Your Information (cont.)
Make sure you know who is requesting the informationAre they legitimate?
Do not give out personal information unless you initiate the call/email/web site visit
Protect Your Information (cont.)
Be especially cautious with the “big three”:Social Security numberPassport numberBank/credit account numbers
Protect Your Technology
Control access to computers and networksPasswordsMinimize visibility
Minimize storage of sensitive data on insecure systems If you must, encrypt it!
Protect Your Data
Never send important data to unsecure sitesLook for https: as the start of the web
address
When using public computersAlways close programs you've usedAlways log out properlyAlways clear cache and other private data
Further Reading
GetNetWisehttp://getnetwise.org/
Protecting Your Identity in the Virtual Worldhttp://www.bbbonline.org/idtheft/virtual.asp
The Crimeware Landscapehttp://antiphishing.org/reports/APWG_Crime
wareReport.pdf
Resources -- Federal Agencies
Federal Trade Commission http://www.consumer.gov/idtheft/
Department of Justice http://www.usdoj.gov/criminal/fraud/idtheft.html
Social Security Administration http://www.ssa.gov/pubs/idtheft.htm
U.S. Postal Inspection Service http://www.usps.com/postalinspectors/welcome2.htm
Resources -- Nonprofit Organizations
Better Business Bureauhttp://www.bbbonline.org/IDTheft/
Identity Theft Resource Centerhttp://www.idtheftcenter.org/index.shtml
Privacy Rights Clearinghousehttp://www.privacyrights.org/identity.htm
Opt-Out Resources
http://www.dmaconsumers.org/offemaillist.html
Email marketing
http://www.the-dma.org/ consumers/offmailinglist.htm
Direct mail marketing
http://www.donotcall.gov/Telemarketing offers
Write each credit bureau individually
Credit Bureau marketing lists
1-888-5-OPTOUTPre-screened credit offers
top related