Identity Theft Deter, Detect, and Defend At Home & At Work
77
Identity Theft Deter, Detect, and Defend At Home & At Work
description
Identity Theft Deter, Detect, and Defend At Home & At Work. Introductions. Lisa Stensland Manager, CIT Project Management Office Former member of the Association for Financial Counseling and Planning Education Ray Price Cornell Police for 34 years - PowerPoint PPT Presentation
Transcript of Identity Theft Deter, Detect, and Defend At Home & At Work
PowerPoint Presentation
Identity Theft
Deter, Detect, and Defend
At Home & At Work1IntroductionsLisa StenslandManager, CIT Project Management OfficeFormer member of the Association for Financial Counseling and Planning EducationRay PriceCornell Police for 34 yearsLast 8 years in Crime Prevention, which includes loss prevention and identity theft2AgendaWhy be concerned?Deter how to prevent itDetect how to discover itDefend how to fix itIdentity theft prevention at workBut what about?3Click Me4What is Identity Theft?When someone uses your personal information without your permission to commit fraud or other crimeNameSocial Security numberDate of birthCredit card numberBank account numbers
Identity5Types of Identity TheftCredit card25%Phone/utilities16%Bank account16%Employment-related14%Fraudulent tax return6%Business/personal/student loan3%Source: Federal Trade Commission, Feb 20076Mention the well known types of Identity Theft. The next slide will cover some of the more obscure:Someone uses your credit card without authorization or opens a new credit card account in your nameSomeone opens a bank account in your nameSomeone gets a new cell phone in your name
Types of Identity TheftInternet/email2%Medical2%Auto loan2%Drivers license1%Real estate loan1%Govt benefits1%Other24%Source: Federal Trade Commission, Feb 20077How does Identity Theft occur?8Skimming - An electronic device used to capture this information is called a skimmer, and can be purchased online for under $50.00. Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the device or an attached computer.
Phishing - Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well. Good, old fashioned stealing
9Dumpster Diving
10Skimming
11
Skimming
SkimmingLost or Stolen Laptop
14Credit Card ShavingThieves try out 16 digit number combinations until one works!Start with a stolen or deactivated credit, debit, or bank gift cardGenerally, the thieves only have to worry about the figuring out the last four digits of a credit cardThe first 12 numbers typically identify the bank and are common across many cardholders15Credit Card ShavingUsing razor blades, thieves shave off the numbers they need from another cardApply them to the stolen card with superglueScratch the mag-strip so that numbers must be entered manually from the frontPhishing
http://kooptickets.nl/~claudia/mycfcu.com/..Netherlands17
Spearphishing18Spearphishing
19http://turist.hr/galerija/bjelovar/index/cornel/index.htmlCroatia/HrvatskaSpearphishinghttps://cuweblogin.cit.cornell.edu/cuwl-cgi/login2.cgi
PhishingEmails that appear to be from IRS requesting you confirm informationEmails that are thanking you for a recent purchase (of something you didnt buy)Phone phishing
When in doubt, ask or call back
Your bank will NEVER ask you for account numbers or passwords if they initiated the communication21The victim population is about 10 million per year.
1 in 6 Americans will be a victim.Victims will spend on average of 175 hours and $1200 recovering from this crime.In 2007, identity theft generated the most complaints to the FTC by far.
It was complained about 500% more than the complaint in second place.The U.S. Government Reform Committee reports that all 19 government departments and agencies reported at least one loss of personally identifiable information since Jan. 2003.
Only a small number of the data breaches were caused by hackers. The vast majority of losses occurred from physical thefts of portable computers, drives and disks, or unauthorized use of data by employees. According to the U.S. Department of Justice Statistics, identity theft has now passed updrug trafficking as the number one crime in the nation.Is this a big problem?Its huge.--Identity Theft Resource Center, Facts & Statistics 2006 & FTC2210 million victims per year, 19 people every minute
2004 330 hours to recover on average 50% spent under 100 hours (median), 50% spent more than 100 hours. The total reported hours ranged from 3 hours to 5,840 hours.
2004 43% knew their imposter, 14% were employees of a business
Since January 2003, all 19 government departments and agencies reported at least one loss of theft of personally identifiable information.Very small number caused by hackers. Mostly caused by loss or theft of devices.
Passing drug traffickingTrue StoriesMarch 2005 - Bank of America1,200,000 lost social security and account numbers were lostMay 2006 - Veterans Administration26,500,000 social security numbers and DOB were lost when a laptop was stolenJanuary 2007 - TJ Maxx47,500,000 credit card numbers were stolen by hackers taking advantage of unencrypted wireless network in parking lot23Medical ID TheftApril 2007, Salt Lake CityWoman delivers a baby at a local hospitalthen abandons it!Baby tests positive for methamphetamineHospital identifies mother as Anndorie Sachs and tracks her downAnndorie says she did not have a baby recentlyDCFS threatens to take away her other 4 children, aged 2-7
24Medical ID Theft (cont)Good newsAccusations were droppedAnndorie was absolved of paying the billBad newsAnndories medical records were altered to show the blood type and medical record of a complete strangerAnndorie has a blood clotting disorderThe hospitals insist that they have fixed the issue, but Anndorie cant be sure because they need to PROTECT the PRIVACY of the IDENTITY THIEF!
25Scrap PaperMarch 10, 2008School teacher purchases box of scrap paper for her fourth grade students - $20What she really gets?Medical records of 28 hospital patients!26
27Has anyone here been a victim?28How do you prevent Identity Theft?DETERDETECTDEFEND29How many of you...
have your Social Security card in your wallet or purse right now?
30Protect your sensitive informationDo NOT carry your SSN card with youMemorize PINs and passwordsBeware of promotions that request sensitive informationQuestion how SSN or other sensitive data will be used if it is requested by legitimate sourcesIt may not be needed!31Memorize your SSN and lock it up how many times do you REALLY need to refer to it?Protect your sensitive informationShred pre-approved credit offers, receipts, bills, other records that have SSNDo not provide CC#, SSN, etc. out over emailDo not click on links in unsolicited emails
32Email is clear text and not encrypted. It is ok to use your credit card on secure web sites. Look for https in the URL or the padlock in the lower right.How many of you...
...write checks to pay bills and then put them in the mailbox with the flag up?
33Modify your mail habitsDont leave mail containing checks or account information in your mailboxUse the post office mailboxesKeep an eye out for bills or statements that arent received in a timely manner
34Checks can be erased and re-used. Also the routing number and account number on your check make for easy electronic funds transfers.Consider Online Banking & Bill PaymentComputers dont steal identities, human beings doMinimize the number of people that have the opportunity to access your informationOnline banking & bill payment is secure as long as you see:https in the address s = secure OR Padlock in lower right corner of browserHow many of you...
...have noticed fewer and fewer places actually require or check your signature on a credit card?
36Modify your credit card habitsCarry only cards you use regularlySign the backs of all credit cards AND write Check IDDo not loan out your cards to anyoneReport lost/stolen cards immediatelyKeep a copy of both sides of your cards in a safe place37Mention check ID as signature however, it may invalidate card. Whatever you do, dont leave it blank!
Padlock appears in lower right corner of browser, https appears in URL address line.Modify your credit card habitsCheck for the padlock and/or https when purchasing onlineOpt out of pre-approved credit card offersOpt out of junk mailShred all pre-approved credit card offersDo not just tear them up!38Information on how to opt out of pre-approved credit card offers and junk mail is included in handouts.
How many of you...
...do not have a firewall or do not have anti-virus software on your computer at home that is up-to-date?
39Safeguard your computerUse a firewallUse anti-virus software AND keep it updatedUse wireless encryptionConfigure your computer to NOT remember logins/passwordsLock your computer when you are away from your deskUse different (and complex) passwords for different accounts
40Lock your computer you can either hit Ctrl-Alt-Delete click Lock Computer or configure your screen saver to lock after a certain period of time.Password ProtectionThe Imperva Application Defense Center (ADC) StudyDecember 2009, 32 million passwords were breached at rockyou.com and posted onlineAnalysis was performed on these passwords resulting in some startling findings
http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practices.pdfStudy Findings30% of users chose passwords whose length is
