Credit Card Fraud

1
Credit Card Fraud Employee Monitoring10/06/08
2

• Credit Card Fraud
• 18-29 year-olds are the most common victims
  because they use the web most and are unaware of
  risks
• E-commerce has made it easier to steal card
  numbers and use
• without having the physical card
• Questions How many of you have ever used a
  credit card online?
• How many of you use them frequently?
• How many of you ONLY use credit cards/bank
  account routing numbers online to pay for
  things dont use paper checks anymore

3

• Credit Card Fraud - Techniques
• Phising e-mail fishing for personal and
  financial information disguised as legitimate
  business email
• The email contains authentic looking logos, and
  warns that your account will be suspended if you
  do not take action by clicking on their link

4

• Credit Card Fraud - Techniques
• Phishing user clicks on the given link, and is
  taken to a site that is graphically designed to
  look exactly like the authentic PayPal webpage.

5

• Credit Card Fraud - Techniques
• Phishing user clicks on the given link, and is
  taken to a site that is graphically designed to
  look exactly like the authentic PayPal webpage.
• User is prompted to enter paypal username and
  password, which is now in the hands of the
  phisher

6

• Credit Card Fraud - Protection
• Check the website address to ensure that it is
  the same as the actual site
• Even if it is, due to some vulnerabilities, more
  sophisticated schemes can still insert phishing
  pages into the genuine server, so use good
  judgment and common sense
• Rarely (if ever) will a decent company ask YOU to
  provide your email password, etc. When in doubt,
  CALL the company after looking up the OFFICIAL
  telephone number (not one provided in the email,
  obviously)

7

• Hacking
• Pharming - false Web sites that fish for personal
  and financial
• Information ?? Online resumes and job hunting
  sites may reveal SSNs, work
• history, birth dates and other information that
  can be used in
• identity theft

8

• Hacking
• Definition to gain illegal or unauthorized
  access to a file, computer, or network

9

• Hacking
• Definition to gain illegal or unauthorized
  access to a file, computer, or network

10

• Hacking
• Definition to gain illegal or unauthorized
  access to a file, computer, or network

11

• Hacking
• Definition to gain illegal or unauthorized
  access to a file, computer, or network

12

• Hacking
• Definition to gain illegal or unauthorized
  access to a file, computer, or network

13

• Hacking
• Definition to gain illegal or unauthorized
  access to a file, computer, or network

14

• Term Hacking has changed over time
• Phase 1 1960s to 1970s
• Was actually a positive term related to
  creativity and skill

15

• Term Hacking has changed over time
• Phase 2 1970s to mid 1990s
• Things start to get negative
• Hacker means one who breaks into computers for
  which he/she does not have access
• Companies using/employing hackers? For what?

16

• Term Hacking has changed over time
• Phase 3 beginning with the mid 1990s
• Growth of the Web gt Large-scale hacking
• Hactivism
• Attacks that shut down websites can affect large
  amounts of people
• Large-scale id and financial theft

17

• Hacktivism
• Political Hacking done to promote a political
  cause
• Examples Site Vandalism
• An individual or group hijacks a site and
  replaces the original content with their own
  message (often with inappropriate content)
• Denial-of-Service Attacks on a website flooding
  the site with hits in order to overload the
  server, rendering it inaccessible to the public
• Hactivism http//www.youtube.com/watch?vwNXk6kLd
  8IA

18

• Hacktivism Activism or Vandalism?
• Disagreement about whether it is a form of civil
  disobedience and how (whether) it should be
  punished
• Sarah Palins email address hacked, using
  password recovery questions that were easy for
  the hacker to google
• Bill OReilly suggests jail time
• Hackers angry at OReilly attack his site,
  leaking passwords and user information of
  hundreds his sites users

19

• The Law Catching and Punishing Hackers
• A variety of methods for catching hackers
• Law enforcement agents read hacker newsletters
  and participate
• in chat rooms undercover
• Security professionals set up honey pots which
  are Web sites
• that attract hackers, to record and study
• Computer forensics is used to retrieve evidence
  from computers

20

• The Law Catching and Punishing Hackers
• Penalties for young hackers
• Many young hackers have matured and gone on to
  productive
• and responsible careers
• Temptation to over or under punish
• Sentencing depends on intent and damage done
• Most young hackers receive probation, community
  service,
• and/or fines

21

• Security Whose Responsibility?
• Developers have a responsibility to develop with
  security as a goal
• Businesses have a responsibility to use security
  tools and
• monitor their systems to prevent attacks from
  succeeding
• Home users have a responsibility to ask
  questions and educate
• themselves on the tools to maintain security
  (personal firewalls,
• anti-virus and anti-spyware)

22

• Hiring Hackers
• Do you think hiring former hackers to enhance
  security is a good idea or a bad idea? Why?

23

• Cyberterrorism
• Basic definition from wikipedia Cyberterrorism
  is the leveraging of a target's computers and
  information , particularly via the Internet, to
  cause physical, real-world harm or severe
  disruption of infrastructure.
• Cyberterrorism http//www.youtube.com/watch?vF30
  NbJChNTIfeaturerelated