ITSP Lunch Identity Theft Awareness and Prevention

Scott L. Ksander ksander@purdue.edu

Identity Theft
Definitions
Legal definitions often include fraud Common definitinons
Account level Identity level

9.3 Million new victims in 2004 (4.3% of US population)

61% of Identity Theft reports to the FTC indicate the report was also NOT given to local law enforcement
Losses in 2005 were $60 Billion (estimated)

Average incident costs

$4,800 to businesses involved $500 to consumer involved 200-600 hours of consumer time
3

Identity Theft Who??

Traditional scam artists Large organized criminal elements

Why??
Low risk, high reward crime It is all about money
Directly to use your accounts or identity To resell your accounts or identity on by black market

Average take from Identity Theft is almost 10 times greater than from armed robbery
4

Identity Theft Quiz (test your Identity Quotient)

I receive several offers of pre-approved credit every week (5) Add 5 points if you do not shred them I carry my Social Security card in my wallet (10) My Indiana drivers license has my SSN on it (10)

I do not have a PO Box or locked, secured mailbox (5)

I use an unlocked, open box at work or at home to drop off my outgoing mail (10)

I carry my military ID in my wallet at all times (10)

I provide my SSN whenever asked, without asking questions as to how that information will be safeguarded (10)
9

Identity Theft Quiz (test your Identity Quotient)

Add 5 points if you provide you SSN orally without checking to see who might be listening

I am required to use my SSN at work as an employee ID or at school as a student ID number (5)

My SSN is printed on various documents frequently seen in the workplace (timecards, etc.) (10) I have my SSN and/or drivers license number printed on my personal checks (10)

I am listed in a Whos Who guide (5)

I carry my insurance card in my wallet and either my SSN or that of my spouse is on that card (10)
10

Identity Theft Quiz (test your Identity Quotient)

I have not ordered a copy of my credit report for at least 2 years (20)

I do not believe that people would root around in my trash looking for credit or financial information or looking for documents containing my SSN (10)

11

How did you score??

100+ - You are at a high risk 50 - 100 Your odds of being victimized are about average but higher if you have good credit 0 - 50 You are in good shape. Dont let your guard down!

Privacy Rights Clearinghouse, www.privacyrights.org

12

How it Happens (April 2002 April 2003)

Existing Credit Card Only 5.2 Million New Accounts and Other Fraud 3.2 Million Other Existing Accounts 1.5 Million

Information gathering
Stolen records, mail, property Bribing employees Hacking Trash Abuses authority (landlord, employer, ) JUST ASK and many people will tell you!!!
13

Computer Identity Theft

Computer- based crimes accounted for 11.6% of Identity Theft in 2004 vs. 70% from paper-based sources

Computer-based crimes are the most rapidly growing segment of Identity Theft activity

14

Some Definitions

The most common confusion when the topic of a computer virus arises is that people will often refer to a Worm or Trojan Horse as a Virus. While the words Trojan, worm, and virus are used interchangeably, they are not the same. Viruses, worms, and Trojan Horses are all malicious programs that can cause damage to your system, but there are differences between the three, and knowing those differences can help you to better protect your computer from their often damaging effects.

15

Virus

A computer virus attaches itself to a program or file so it can spread from one computer to another, leaving infections as it travels. Much like human viruses, computer viruses can range in severity; some viruses cause only mildly annoying effects while others can damage your hardware, software, or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending emails with viruses as attachments in the e-mail.
16

Worm
A worm is similar to a virus by its design, and is considered to be a subclass of a virus. Worms spread from computer to computer, but unlike a virus, it has the ability to travel without any help from a person. A worm takes advantage of file or information transport features on your system, which allows it to travel unaided. The biggest danger with a worm is its ability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its ability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers, and individual computers to stop responding.

17

Trojan Horse

A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate
18

Spyware

Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping products that are available today

19

Passwords
EU study of office workers
16% used their name as password 11% used favorite football team 12% used the word password

Never use a word that could be in any dictionary, names of places, or any proper nouns Never use any of the above spelled backwards Never use any of the above simply followed by a digit Include upper and lower case, numbers, special characters

22

Phising

(fishing)

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users information.

23

24

25

26

27

28

29

30

31

32

33

34

35

Online Shopping
More than 75% of Americans use the Internet 2003 online shopping was $17.2 Billion in 4Q03 2004 increase in online shoppers was >14% 30% of all Americans now shop online

Estimates are that by 2007, 50% will shop online

36

Online safety
Learn about product AND seller Understand retailers refund policies Select a secure password Use secure checkout (look for https)

Things too good almost always are

Use a specific credit card for e-shopping. Monitor frequently with on-line access (web, Quicken, etc.)

Limit opportunities for bank account access. Consider separate accounts at different banks.

37

If you remember nothing else

Promptly apply system and product patches Run anti-virus software configured to update daily, use onaccess/on-demand scanning, and perform a full scan at least weekly Use a firewall (either software or hardware) and configure for the most restrictive setting that still allows you to do required work Select good, strong passwords and use them everywhere

Think BEFORE you click!!

38

Where Victims Go for Help

FTC 3% Other Federal Agency 5% State Dept of Motor Vehicle Admin 7% State AG or State Consumer Agency 8%

Lawyer 12%
Credit Bureau 22% Local Police 26%

Credit Grantor 43%

Did Not Contact Anyone 38%
39

Things To Do If You Are A Victim

Keep DETAILED notes Send letters via certified mail, return receipt requested Document phone calls (date, time, number, person, .) Act quickly

40

Report to Major Credit Bureaus

Ask for Fraud Alert on your file Trans Union 800-680-7289
P.O. Box 1000, Chester, PA 19016-1000

Experian (formerly TRW) 888-397-3742

P.O. Box 9532, Allen, TX 75013

Equifax 800-525-6285
P.O. Box 105069, Atlanta, GA 30348

41

File A Report
If you are a victim, file a Police report with LOCAL Police or Police where identity theft occurred, if known
Get a copy and retain for your records Get information on the assigned investigation and keep phone numbers available for verification

Contact ALL Creditors

Contact billing inquires and security department Change passwords Close unused or unnecessary accounts Monitor activity closely

42

Monitor Your Credit

Call about free copies of your credit report
Equifax 800-685-1111 Experian 888-397-3742 Trans Union 800-888-4213

www.annualcreditreport.com/cra/index.jsp www.ftc.gov/bcp/conline/pubs/credit/freereports.htm Contest bills with unknown charges

OK to call but ALWAYS file in writing using the EXACT procedure specified by the credit card company

43

Get Copies
If an account has been opened fraudulently in your name
Get a copy of the application Get a copy of all transactions Provide copies of all information to Police Try to determine what information has been stolen
SSN Mothers maiden name Other personal information

Sometimes victims are wrongfully accused

Contact court where judgment was entered and report identity fraud Consider consulting an attorney with identity fraud experience

44

Other contacts
Social Security Administration 800-269-0271 U.S. Postal Inspectors, if USPS involved 800-275-8777 State Department, if passport involved If checks missing or involved
TeleCheck 800-710-9898 Certegy, Inc. 800-437-5120 International Check Services 800-631-9656

FTC Identity Theft Hotline 877-IDTHEFT (438-4338)

45

Future trends
Government regulation
New Breach Disclosure laws

Two-factor identification
Something you have and something you know

Better single factor identification

Biometrics

46

47

If you remember nothing else

Promptly apply system and product patches Run anti-virus software configured to update daily, use onaccess/on-demand scanning, and perform a full scan at least weekly Use a firewall (either software or hardware) and configure for the most restrictive setting that still allows you to do required work Select good, strong passwords and use them everywhere

Think BEFORE you click!!

48

Questions Before Elvis Leaves The Building?

49