Information Security Office The University of Arizona Security Awareness Brown Bag Series Identity...
-
Upload
angelique-keaton -
Category
Documents
-
view
219 -
download
2
Transcript of Information Security Office The University of Arizona Security Awareness Brown Bag Series Identity...
Information Security Office
The University of Arizona
Security Awareness Brown Bag Series
Identity Theft and Telephone Fraud
Information Security Office
Identity Theft
How to Protect Your Identity
Every 79 seconds a thief steals someone's identity, opens accounts in the victim's name, and goes
shopping
Information Security Office
OBJECTIVES
What is Identity Theft How Thieves Do It Preventive Actions Internet and On-Line
Services Credit Reports (who to
contact) Steps for Victims Reporting Identity Theft Consequences
Information Security Office
What Is Identity TheftAcquisition of key pieces of someone’s identifying information in order to impersonate them.Identifying Information Includes:
• Name
• Address
• Date of Birth
• Social Security Number
• Mother’s Maiden Name
• Credit Card Number
• ATM PIN’s
• Bank Account Numbers
Information Security Office
What Is Identity TheftPurpose
Take over financial accounts
Open new bank accounts
Apply for loans
Apply for credit cards
Apply for social security benefits
Purchase automobiles
Rent apartments
Establish services with utility and phone companies
Write Checks on accounts
Online Purchases and Services
Information Security Office
How They Do It• Use low and high tech methods• Shoulder surfing at ATMs and Pay
Phones• Steal your mail• Dumpster diving• Corrupted postal employees (including
Mail Room Personnel)• Check washing
– Mostly in Western U.S.– Related to Meth use (similarly used
chemicals)• Check creation software• Credit Card Checks
Information Security Office
Preventive Actions
• Promptly remove mail from your mail box
• Deposit outgoing mail in post office collection mail boxes or at your local post office
– Do not leave in unsecured mail receptacles
• Never give personal information over the telephone unless you initiated the call
Information Security Office
Preventive Actions• Shred pre-approved credit card
applications, credit card receipts, bills and other financial information you don’t want
• Empty your wallet/purse of extra credit cards and Ids
• Opt to use an alternate number on Driver’s License
• Memorize your SSN and all your passwords
Information Security Office
Preventive Actions• Order your credit report from the three
credit bureaus once a year to check for discrepancies
• Never leave receipts at bank machines, bank windows, trash receptacles, or unattended gasoline pumps
• Sign all new credit cards upon receipt
• Save all credit card receipts and match them against your monthly bills
• Never loan your credit cards to anyone else
Information Security Office
Preventive Actions• Be conscious of normal receipt of
financial statements
– Contact sender if they are not received on time
• Notify credit card companies and financial institutions in advance of any change of address or phone number
• Never put account numbers on post cards or on the outside of an envelope
• Report all lost or stolen credit cards immediately
Information Security Office
Preventive Actions• If you applied for a new credit card and
it hasn’t arrived in a timely manner, call the bank or credit card company involved
• Know your expiration dates
– Contact issuer if replacements are not received promptly
• Beware of mail or telephone solicitations disguised as promotions offering instant prizes or awards designed solely to obtain your personal information or credit card numbers
Information Security Office
Preventive Actions• Never use commonly used
passwords/PINs:
– Dates of Birth
– Last four of SSN
– Last four of phone number
– Series of consecutive numbers
• Don’t carry SSN card with you
• Do not use your SSN as your drivers license number
Information Security Office
Internet and On-Line ServicesUse caution when disclosing:
– checking account numbers
– credit card numbers or
– other personal financial data at any web site or on-line service location unless you receive a secured authentication key from your provider.
When you subscribe to an on-line service, you may be asked to give credit card information.– beware of con artists who may ask you to
“confirm” your enrollment service by disclosing passwords or the credit card account number you used to subscribe.
Information Security Office
Credit ReportsWho to contact:
Equifax – www.equifax.com
P.O. Box 740241
Atlanta, GA 30374-0241
Telephone:
1-800-685-1111
Experian - www.experian.com
(Formerly TRW)
P.O. Box 949
Allen, TX 75013-0949
Telephone:
1-800-397-3742
TransUnion – www.tuc.com
P.O. Box 1000
Chester, PA 19022
Telephone: 1-800-916-8800
Information Security Office
Action Steps For Victims• Contact all creditors, by phone and in
writing, to inform them of the problem• Call your nearest Postal Inspection Service
office and your local police• Contact the Federal Trade Commission to
report the problem• Call one of the three credit bureau’s fraud
units to report identity theft (they will contact other 2 for you)– Ask to have a “Fraud Alert/Victim Impact”
statement placed in your credit file asking that creditors call you before opening any new accounts
• Alert your bank to flag your accounts and to contact you to confirm unusual activity
Information Security Office
Action Steps For Victims• Request a change of PIN and new password• Keep a log of all contacts and make copies of all
documents• You may also wish to contact a privacy or
consumer advocacy group regarding illegal activity
• Contact the Social Security Administration’s Fraud
Hotline• Contact the state office of the Department of
Motor Vehicles to see if another license was issued in your
name– If so, request a new license number and fill out
the DMV’s complaint form to begin the fraud investigation process
Information Security Office
Report Identity Theft To• Equifax Credit Bureau, Fraud
1-800-525-6285
• Experian Information Solutions
1-888-397-3742
• TransUnion Credit Bureau, Fraud
1-800-680-7289
• Federal Trade Commission
1-877-IDTHEFT (438-4338)
• AFOSI Det 201
DSN 574-7371 or Commercial: (757) 764-7371
• Social Security Administration, Fraud Hotline
1-800-269-0271
Information Security Office
Security Awareness Brown Bag Series
Sponsored by CCIT
Telephone Fraud
Information Security Office
Phone Fraud
"This is Ernestine from the Phone Company. Have I reached the party to whom I am speaking?"
Information Security Office
Phone Fraud Impact
Costs the Telecommunication industry more than $4 billion a year – costs are
ultimately passed on to consumer.
Information Security Office
Telephone FraudThe 9-0-# Phone Scam
• Call is made to an office and cons unsuspecting worker to transfer call to outside line
• Caller claims to be a telecommunication service technician “repairing” phone lines
• Convinces recipient of call to “help” by transferring him to an outside line AND hang up
• Once done, the caller starts dialing calls that are charged to owner of PBX
Information Security Office
"Compromised Private Branch Exchange (PBX) and Telephone
Voice Mail Systems”• Dated 6/3/2003 from NIPC• Enables unauthorized communication via
compromised US phone systems • Cannot be traced • Used to connect to local access numbers for
ISP’s - free Internet service via a modem• Can redirect repeated calls to a specific
number, such as 911, and cause denial-of-service (DoS) activity.
Information Security Office
Telephone Fraud DetectionToll Fraud warning signs:
– Long holding times– Unexplained surges in use– Increase in calls after business hours– Reports of odd calls– Complaints that system is always busy
Information Security Office
Telephone Fraud Protection• Memorize calling card number.• Prevent shoulder surfing - Be aware of people
loitering around phones. Stand directly in front of phone when entering number.
• Don’t give your Calling Card numbers to others• Guard your Calling Card number as you would a
credit card number• Report lost or stolen cards immediately• Don’t accept third-party calls from those you
don’t know
Information Security Office
PreventionPrimarily targets businesses and universitiesTechnician would never ask customer to helpcheck phone linesBest defense is to be aware of this scam andreview what to do if it happens:
– Ask “technician” for call-back number or for name and number of supervisor. Then
hang up– Report call
Information Security Office
809 Area Code Scam
The 809 scam involve a message (phone,email, pager)Request you immediately call or fax an809 area code numberExamples of reason to call include:
– avoiding litigation– receiving info about someone who has died or been
arrested – winning a prize– getting a job– even death in family
Information Security Office
Prevention 809 Area Code Scam
809 area code is in the Caribbean. Nointernational code is requiredSome numbers in 809 areas code are “pay-percall” numbersScamsters try and keep you on phone as long aspossibleNot just limited to 809 (284, 876)
AT&T’s Webpage on phone fraud and scamshttp://www.att.com/fraud/home.html#b
Information Security Office
Wireless Telephone Fraud Prevention Tips
• Lock phones, remove handsets and wireless antenna when vehicle left with someone
• Protect sensitive documents (subscriber agreement containing electronic serial numbers)
• Immediately report lost or stolen wireless phone carrier
• Don’t leave phone in unattended car or in isolated area for extended period of time
Information Security Office
SEC- -Y
If not you, who? If not now, when?
The key to security awareness is embedded in the word security………….
Information Security Office
Resources at the University of Arizona
Kerio Firewall https://sitelicense.arizona.edu/kerio/kerio.shtml
Sophos Anti Virushttps://sitelicense.arizona.edu/sophos/sophos.html
VPN client softwarehttps://sitelicense.arizona.edu/vpn/vpn.shtml
Policies, Procedures and Guidelineshttp://security.arizona.edu/guidelinesetc.html
Security Awareness http://security.arizona.edu/awareness.html
Information Security Office
University Information Security Office
Bob LancasterUniversity Information Security OfficerCo-Director – CCIT, [email protected]
Security Incident Response Team (SIRT)[email protected]
Kelley BogartInformation Security Office [email protected]