Cybersecurity & Online Identity Theft · Providing Tax, Auditing, Accounting & Controllership,...
Transcript of Cybersecurity & Online Identity Theft · Providing Tax, Auditing, Accounting & Controllership,...
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Click to edit Master title style
Cybersecurity & Online Identity Theft
Presented By: Curtis McCallister Manager of Technology Solutions James Moore & Co.
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
What you’ll learn today
• What is Identity theft
• What are some of the common attacks
• How to protect against Identity Theft
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
What is Identity Theft?
Could You Financially Survive If Your Business And Personal Identity Were Stolen?
Identity theft occurs because someone wants to use your identity for personal gain, they want to commit fraud.
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Did you know?
• Identity theft continues to be a top concern for consumers
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Overall Statistics
11 million Americans
• 1 in 30 people will be a victim of identity theft this year
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Overall Statistics
• Identity theft continues to be a top concern for consumers
• Personal Identity theft can affect your business or organization
• You may be giving away your identity
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
BUT WHY!?
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Types of Fraud Committed
• Financial fraud – using your identity for financial gain, credit cards, in-store financing
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Andrea Harris-Frazier
• Margot Somerville lost her wallet on a trolley.
• Two years later she was arrested.
• Andrea Harris-Frazier had defrauded several banks—using Somerville’s identity—out of tens of thousands of dollars.
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Abraham Abdallah • Busboy in New York City
• “Forbes 400”
• Steven Spielberg, George Lucas and others
• Posing as his victims, getting social security
numbers, credit card numbers, etc from
financial institutions
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Types of Fraud Committed
• Medical fraud – using your identity to get medical services or prescription drugs
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Dr. Gerald Barnes • Gerald Barnbaum lost his pharmacist license
after committing Medicaid fraud.
• He stole the identity of Dr. Gerald Barnes and practiced medicine under his name.
• “Dr. Barnes” even worked as a staff physician for a center that gave exams to FBI agents
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Types of Fraud Committed
• Criminal fraud - using your identity in the commission of a crime to hide their identity
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Brittany Ossenfort • Brittany Ossenfort got a new roommate,
Michelle
• Ossenfort asked by police to bail herself out of jail.
• “Michelle” posing as Ossenfort and was caught soliciting prostitution
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Types of Fraud Committed
• Real-estate fraud – using your identity to buy / or ‘sell’ real estate
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
• Legitimate real estate ad is copied and posted to classifieds
• Fake ad uses legitimate names, but false email address and contact information
• The thief claims to be renting the property and asks for payment
Property Scheme
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Overall Statistics
• The dollar amount of identity fraud over the last two years totals over $100 billion. (Source: Javelin Strategy and Research)
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Overall Statistics
• 11.6% of all identity theft (over 1 million cases) occurs online
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Overall Statistics
600 hours
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Overall Statistics
•1 in 700 chance of being caught
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Who would do such a thing?
• Petty criminals
• Organized crime
• Opportunistic criminals
• Friends/family
Personal Identity Theft
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Corporate Identity Theft
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
• Dumpster Diving
• Pretexting (existing employees)
• Hacking / Malware
• Mail theft
Corporate attacks?
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
• Bigger bank accounts
• Bigger credit limits (and easier to open an account)
• Larger purchases
• Invoicing / payment terms
Why corporations?
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Identifying Threats
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Internal Threats
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Internal Threats
• An identity thief isn’t necessarily a stranger
• Smaller businesses have fewer internal safeguards in place and therefore are more susceptible to this risk
• 50-70% of identity theft starts when an employee steals personal data from the company
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Reducing the Threat of Internal ID Theft
• Know your assets
• Clearly document and consistently enforce policies and controls
• Regularly train staff on threat awareness and security protocols
• Monitor and respond to suspicious or disruptive behavior – During the hiring process
– With current employees
• Anticipate and manage negativity in the workplace
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
External Threats
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Phishing
• Spam or pop-up messages
• Legitimate looking email from your bank, credit card company or other financial institution.
• Website link where it asks you to update your contact information.
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Phishing Example
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Spear Phishing
• Targeted spam or pop-up
• Specific personal or sensitive information
• Online criminals will research you or the organization
• Spear phishing may have started as a phishing attack or email scam
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Spear Phishing Example
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Email Scams
Email Scams are unsolicited email that promise to give you a bargain or a good deal if you could just do something very popular and effective
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Types of Email Scams
• Nigerian E-Mail scam
• Government official
• Business man
• Surviving spouse
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Nigerian Scam
•Overseas
•Need help getting owed money
• Small transaction fee
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Nigerian Scam
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Government official
• Claims to be from US Government (IRS, FBI,..)
• Requires your response
• Small Processing fee
• Verify personal information
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Government Email Scams
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Survey Scam
• Asks you to participate in a survey
• Social Issues like the middle east
• Global issues like global warming
• Social issue, politics
• Provides a weblink, asks for personal information, installs spyware on your computer
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Survey Scam Example
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Spyware
• Monitor or control your computer
• Installed with permission, unwittingly
• Barrage of pop-ups
• Takes you to sites you don’t want
• Random error messages and sluggish performance
• There may be no symptoms at all
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Identifying threats
How do you tell when an email or website is phishy?
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Identifying threats
1. Legitimate businesses do not ask for personal information in an email, your bank or a job offer, it doesn’t happen
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Identifying threats
2. Emails have poor English, spelling and grammatical errors
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Identifying threats
3. The email address doesn’t appear to match the company name
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Curtis McCallister [mailto:[email protected]]
Example of False Email
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Identifying threats
4. Links in the email do not go actually go where they claim to
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
https://la.www4.irs.gov/PORTAL-PROD/CRM/signon.html
Identifying threats
http://tlcbeitshoshanim.com/images/e-services/logon.htm
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Other Examples
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Cell phone text message phishing
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Four Things You MUST Do to Protect Your Identity and your company!
• Change your passwords often and do not use the same password on different sites
• Safeguard your personal information from everyone, including family and friends
• Keep your devices updated
• Ensure you have virus protection
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Myth #1 Regarding “Strong” Passwords:
A hacker only has three attempts before he is “locked out”
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Reality:
• Lockout rules are not universal or mandatory
• Hackers starts by trying commonly used passwords against the database, so the weak passwords are cracked first
• Assume a hacker has unlimited attempts to crack your password
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Myth #2 Regarding “Strong” Passwords:
Your password has to be difficult to remember
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Reality: The key is to balance length and complexity
• A password must be cracked all at once, not by individual character
• Length is good but doesn’t have to be excessive – 12 characters is good
• Incorporate lesser-used symbols or phrases
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Safeguard your personal information
• SSN
• Date of Birth
• Debit Card PIN
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Social Media
• Pets names
• High School or college
• Favorite places
• Relatives names
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Off Topic – General personal security
• Do you post selfies in front of your new 90” 4K TV?
• Do you share your vacation and trip schedule on social media?
– Date or movie night
– Trip to the mountains
Just Shout “I have nice stuff and will not be home!”
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Keep your devices updated
• Updates add features and close security holes, reducing vulnerabilities
– Desktop
– Laptop
– Tablet
– Mobile phone
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Virus protection
• Ensure those same devices have anti-virus software installed and keep it up to date.
“An ounce of prevention is worth a pound of cure”
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Summary
• Cybercrime and identity theft go hand in hand
• Always keep an elevated level of awareness
• Do not share your personal information with anyone
• Use Social Media, but be deliberate about the information you post
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Questions
Providing Tax, Auditing, Accounting & Controllership, Technology
Solutions, Consulting, Human Resource s & Moore, and Wealth Management Services Since 1964.
jmco.com | [email protected]
Contact
Curtis McCallister Manager of Technology Solutions James Moore & Co. 352.378.1331 www.jmco.com [email protected]