Identity Theft

1
Identity Theft

• Presented by
• Lois Davis
• Director of Academic Computing
• Casper College

2
History of Computer Crimes

• Viruses and Worms
• Spam
• Spyware
• Identity Theft
• Phishing

3
Virus Worms

• Commonly spread as an e-mail attachment such as
  I Love You or My Doom-- consists of hidden
  programming instructions which can automatically
  install when you attempt to open an attachment.
  Results loss of use of computer and data.
  Motivation Bragging rights, With My Doom,
  infected computers used to rely spam.
• Solution Current Anti-virus software.

4
SPAM

• Monty Python sketch in flying Circus (theres egg
  and bacon, egg, sausage and bacon, egg and spam,
  bacon and spam, egg, bacon, sausage and spam,
  etc.)
• Examples Mortgage Rates, Pills, Pornography,
  Rolex Watches
• Buy Viagra at discounted prices
• Motivation Selling
• Solution Delete

5
Why Does Spam Continue?

• Mirapont and the Radicati Group survey UK found
  nearly one-third of users have opened spam and
  one in ten has made a purchase. Spam URLs often
  link to web sites that install Spyware or other
  malicious code. If no money was gained, Spam
  would be as extinct as the Dinosaurs quoting
  Sophos representative.

6
Whats Being Done to Stop Spam?

• It is difficult because its not illegal in
  itself.
• System Administrators filter on KeyWords. It is
  difficult because Spammers change subject lines
  and spoof addresses.
• Microsoft filed 46 million in damages against
  OptinRealBig.com, 1 of the big 3 spammers. As a
  result OptinRealBig.com was forced to file
  bankruptcy.

7
(No Transcript)
8
(No Transcript)
9
Spyware

• Newer than Viruses, Worms, or Spam.
• Identity Theft Spyware have been the main
  source IT problems within the past year.
• Spyware is software that is installed on your
  computer in combination with a free download, a
  yes response to a Pop-up Ad, or is installed
  just by visiting a website (called drive-by
  download). Once installed, spyware transmits
  information in the background to merchants who
  reimburse spyware companies for the information
  gained to create marketing profiles
• Symptoms Computer gradually slows to a crawl.
• Threat Level low, all web information is
  anonymous, may result in need to reinstall
  operating system, data lost.
• Motivation Monetary
• Solution Install Spyware blocking software
  (i.e. SpyBot), upgrade to Windows XP2 and turn
  Pop-blocker on, and RUN SpyBot weekly.

10
PHISHING

• E-Mail pretending to be from trusted names such
  as Citibank or Paypal, but directing recipients
  to rogue sites. Once, there recipients are
  instructed to fill in personal information such
  as Social Security number, PINS, passwords, bank
  or credit card numbers. E-Mails look authentic.
• Symptoms None
• Motivation Monetary, large amounts
• Threat High, Identity Theft, bankruptcy, loss
  of credit rating, Social Security benefits

11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
Evolution of Threats Gartner Group 2004
Visibility
Phishing
Spam
Spyware
Viruses Worms
Identity Theft
Permanent Annoyance
New Threat
Maturity
15
Statistics

• Estimated by Gartner Group in March, 2005, 57
  million consumers had received phishing e-mails,
  and 11 million of them clicked on links taking
  them to forms that try to extract personal
  information. The screens appear to have been
  created by a financial institution or other
  trusted site. An estimated 3 million fill in the
  information, the same return for legitimate mass
  mailings.

16
Why is it Successful?

• Best identify thefts steal an average of 700,
  not enough for prosecutors.
• Citizens lack information
• More than 75 of counties in the US include
  social Security numbers on public documents
• No international agreements to bar the sale of
  phishing kits or to shut down illegitimate web
  sites

17
And yes,

• Cons feed our fantasies (luck, recognition,
  helping hand)
• As many as 150 million phishing e-mails are send
  out every day.
• Conference in Kiev for people interested in
  breaking into Identity Theft where phishing
  how-to kit are sold for 270.

18
More Success

• Ratio of risk to reward is appealing to several
  organized crime groups in Brazil and Eastern
  Europe, where the Russian mafia and offshoots
  have assembled crews of crackers, fences, and
  code writers who create and send fraudeulent
  e-mails and convert illgotten goods into hard
  currency.

19
Because

• Consumers have become accustomed to entering
  credit card information with online purchases, to
  performing online banking
• To decifer get to know your favorites URL,
  look for misspelling, unusual English context,
  unusual characters.
• NEVER give out personal information that is
  solicited. Legitimate companies DO NOT initiate
  contact with you.

20
Other Methods of Identity Thefts

• Garbage
• USPS mail theft
• Nigerian Scams (deposit money into my bank
  account and you will be a winner!)
• Hackers break into servers and access
  confidential records of students and staff.
• (CA State University, Chico, lost records of
  59,000 individuals Boston College, 100,000.)

21
Data-Brokering Companies

• Collect personal information. Everyone from
  landlords screening tenants to insurance
  companies weighing drivers risk to human
  resource depts wondering if job applicants are
  ex-felons can buy such data.
• Compile these reports largely by gathering public
  records

22
What Public Records

• Property records, phone books, directory service,
  voter registration, questionnaires, warranty
  cards, catalog buyer behavior, product
  registration, motor vehicle reports, police
  reports, license and deed transfer, military
  records, bankruptcies, civil judgments, federal
  and state tax liens, birth, death, marriage, and
  divorce certificates, prior employment, education

23
Who are They?

• ChoicePoint, Inc., US based, had sales of 795.7
  million in 2004
• Acxiom Corp., US based, had 1 billion in sales
  (gross includes other sources of income for both
  companies)
• LexisNexis, London based, had sales of 120
  million in 2004

24
Theft

• In February ChoicePoint notified 145,000 people
  that their data including credit reports and
  Social Security numbers were stolenLater
  admitted to Congress they had sold the records to
  Identity Thefts by mistake.
• LexisNexis announced that information on 32,000
  Americans had been illegally accessed by
  criminals.

25
ChoicePoint News

• April 1 announced that it is developing an
  application that will allow consumers to view any
  information about them that the company collects
  and sells. The records sold will no longer
  include complete drivers license or Social
  Security numbersas a result of congressional
  legislation.

26
Lawsuits Target Phisers

• Microsoft filed 117 John Doe lawsuits against
  operators of Web sites involved in phishing
  scams. The lawsuits are an attempt to discover
  who is behind the largest phishing operations and
  put them out of business.

27
What Can Happen?

• Person using your identity creates debt
• Person using your identity commits crime
• Person using your identity empties your bank
  accounts, collects your Social Security
• Detection rate of identity theft is lowest of any
  category of crime. (Jonathan Turley, professor of
  Law, George Washington University, USA Today,
  February 24.)

28
What Can You Do?

• Obtain one free credit report every 12 months
  from each of 3 nationwide consumer reporting
  companies Equifax, Experian, and TransUnion.
  (If you have a credit score in the high 600
  range or above you should be able to obtain the
  best available rates and terms on loans. More
  often inquiries counterproductive.)

29
What Can You Do cont.

• Shred USPS mail other documents with personal
  information.
• Most secure way to receive USPS mail is at a POST
  OFFICE BOX
• Ask Credit card companies not to send you blank
  checks.
• Dont respond to Phishing E-Mail.
• Dont respond to Spam E-Mail.
• Keep track of all credit card purchases.

30
And do this

• Protect Social Security Number
• Lock your mailbox
• Dont carry more than one or two credit cards.
  Never carry your SS card.
• Get online passwords for your credit card
  accounts through the companies or financial
  institutions. If a credit card number is stolen,
  a password can kept a theft from accessing your
  account.

31
And maybe

• Consider opting out of free credit card offers by
  calling 888-567-8688 or online at www.optout
  prescreen.com
• Dont send money to get money. Dont accept
  money with the promise of wiring or mailing money
  back
• Dont fax Social Security for possible
  employment to an unverified company.

32
Report Phishing

• Anti-Phishing Working Group
• http//www.antiphishing.org/index.html
• Internet Crime Complaint Center
• http//www.ic3.gov/

33
Identity Theft

• Fastest-growing white-collar crime in America
  (FTC Consumer Alert 2002)
• 27.3 million Americans have been victims of
  identity theft in the last 5 years including 9.9
  million people in the last year alone. (FTC
  Survey 2003)
• AMEX offers Identity Theft Protection to cover
  legal fees and personal assistance.

34
Dont be Easy Pickings for Undesirables. (Excuse
the Stereotyping) THE END