risk factory how to steal an identity
DESCRIPTION
The Top 10 methods used by fraudsters to steal identity information and what to do about it.TRANSCRIPT
How to Steal an IdentityHow to Steal an Identity
My Name Is… My Name Is…
Richard HollisRichard Hollis
David Burton David Burton
Sean BennettSean Bennett
……Call me IshmaelCall me Ishmael
??
The DefinitionThe Definition
“Identity theft is the pilfering of a individual’s personal identification
information, such as name, date of birth, passport number, drivers licence, credit
card number, mother’s maiden name etc. in order to commit fraud”
First Recorded TheftFirst Recorded Theft
Genesis iii: 13Genesis iii: 13
…and the woman said, “The serpent beguiled
me, and I did eat”.
Identity theft is the world’s fasted
growing crime
According to …According to …
Why?Why?
1. Hard to identify
2. Hard to stop
Why?Why?
3. “That’s where the money is”.
That’s Where the Money is…That’s Where the Money is…
2012Name, Address DOB = £.25
Credit card # = £.25
Expiry date = £ .25
Security Code = £.25
Total = £1.00
2006Name, Address DOB = £1.00
Credit card # = £1.00
Expiry date = £ 1.00
Security Code = £2.00
Total = £5.00
2001Name, Address DOB = £2.00
Credit card # = £2.00
Expiry date = £ 3.00
Security Code = £3.00
Total = £10.00
Chat Up Line # 63Chat Up Line # 63
In March 2008 there were 76.8 million National Insurance numbers in the UK*.
*U.K. Information Commissioner's Office
UK Population = 61 million
The Price We PayThe Price We Pay
• Identity fraud accounts for a criminal cash flow of £12m per day.
• The mean fraud amount per victim is currently estimated at £5,783.
• The mean resolution time is over 100 hours per victim.
• Over 75% of victims are unable to clear up associated credit problems after 6 months.
Fraud BreakdownFraud Breakdown
Who Are You ?Who Are You ?
Three Elements Three Elements
1. Attributed
2. Biometric
3. Biographic
Attributed IdentityAttributed Identity
• Your name
• Date of birth
• Place of birth
• Mother’s name
• Father’s name
• Family members
• Your raceCharacteristics ascribed to Characteristics ascribed to
you at birthyou at birth
Biometric IdentityBiometric Identity
• Your height
• Your weight
• Color of your eyes
• Color of your hair
• Color of your skin
• Birthmarks
• Your DNA
• Your fingerprints
• Your footprints
• Your retinal pattern
• Your smell…
Your distinguishing physical Your distinguishing physical characteristicscharacteristics
Biographic IdentityBiographic Identity
• Birth certificate• School records• Work permit• Drivers license • Places of employment• Places of residences• Marriage certificate (s)• Divorce certificate (s)• Credit history• Death record
Your life story informationYour life story information
2 Types 2 Types
Attributed
Biometric
Biographic
Temporary Bullet proof
Attributed
Biographic
Top Ten Tips Top Ten Tips How to Steal an IdentityHow to Steal an Identity
Tip Number 1 Tip Number 1
• Take one that’s not being used
– Friend (or frenemy)– Neighbour– Dead relative– Pensioner or invalid– Child– Co-worker– Person sitting next to you?
Birth & Marriage NoticesBirth & Marriage Notices
Genealogy SearchesGenealogy Searches
List PensionersList Pensioners
Death NoticesDeath Notices
Get a Life…Get a Life…
People Search EnginesPeople Search Engines
Google ‘emGoogle ‘em
Tip Number 2 Tip Number 2
• Go through their mail– Credit card applications– Credit card statements– Bank statements– Loyalty card promotions– Membership applications– Telephone calling cards – Tax information – Pay stubs - receipts
Tip Number 3 Tip Number 3
• Go through their trash– Credit card applications– Credit card statements– Bank statement– Loyalty card promotions– Membership applications– Telephone calling cards – Tax information – Pay stubs - receipts– Credit card carbons
Tip Number 4 Tip Number 4
• Ask for it!
– “Pretexting” phone call– Letters to former employers– Military records– FOIA requests– DPA requests– Public records
Credit Reports Credit Reports
Credit Reports Credit Reports
Tip Number 5 Tip Number 5
Buy the information
– Marketing companies– Mailing lists– Targeted media– Email databases– Membership lists– Private detectives– Cyber sleuths
Mailing ListsMailing Lists
Marketing Companies Marketing Companies
Private InvestigatorsPrivate Investigators
Tip Number 6 Tip Number 6
Buy an ID
Buy Two…Buy Two…
Buy Three…Buy Three…
That’s Where the Money is…That’s Where the Money is…
• Passport: £350
• Driver’s license: £75
• Birth Certificate: £50
• Bank statements: £50
• University Degree £45
• Utility statements: £50
• Insurance certificates: £25
Tip Number 7 Tip Number 7
• Cookies• Applets• Trojans• Phishing• Pharming• Harvesting• Botting!• Data Base Theft
Hack one!Hack one!
ArmiesArmies Up Their Sleevies Up Their Sleevies
Starter Kit…Starter Kit…
Sam Spade very effective freeware tool that crawls websites searching and grabbing email addresses and address histories etc..
Data Base HackingData Base Hacking
• AKA: “The Mother Load”
• One stop shopping for your all your identity data needs…
• Think…Amazon, eBay, Visa, MasterCard…
• Think Google
Data ShadowData Shadow
Chat Up Line #18 Chat Up Line #18
In one week, the average person living in Britain has 3,254 pieces of personal information stored about him or her in databases.*
*Evening Standard Survey August 2008
Chat Up Line #27 Chat Up Line #27
The average UK citizen is in over 750 databases.**UK Information Commissioner's' Report: “What Price Privacy?” 2009
FactFact
You and I are bought and sold every day
Data =Data =
Why Bother Hacking?Why Bother Hacking?
Why Bother?Why Bother?
Why Bother? Why Bother?
Why Bother?Why Bother?
Tip Number 8 Tip Number 8
• Make one
Make OneMake One
Make OneMake One
Tip Number 9 Tip Number 9
• Old schoolOld school
– Steal a walletSteal a wallet
– Steal a purseSteal a purse
– Kidnap someoneKidnap someone!!
Tip Number 10 Tip Number 10
• Don’t get caughtDon’t get caught
Don’t Get CaughtDon’t Get Caught
• Once you have it: Take control of it Change mailing address Open new accounts using a new
(false) address Request higher credit limits Never drain the account Charge repeated small amounts
to cards Move on…
Face of an Identity ThiefFace of an Identity Thief
Ricky Leonard Swaner, 50, arrested by FBI in Feb 2006 on multiple-count Federal indictment fraud, identity theft and obtaining possession of over 2 million dollars of controlled substances by fraud.
Reduce Your Risk Reduce Your Risk
•WAKE UP !
• Practice ID discipline• Protect information
– Personnel– Client - database– Credit card– Company
Protect YourselfProtect Yourself
• BE PRO-ACTIVE!
• Look after your identity
• Don’t give it away
• Don’t throw it away
• Don’t sell it
• Don’t let it be taken from you
• Look after it as if it belonged to you
Questions ? Questions ?
26 Dover Street 26 Dover Street LondonLondon
United KingdomUnited Kingdom+44 (0)20 3170 8955+44 (0)20 3170 8955
+44 (0)20 3008 6011 (fax)+44 (0)20 3008 6011 (fax)