Identity Theft The crime that keeps on taking

1
Identity Theft The crime that keeps on taking!
National Webcast Initiative
Thursday, February 16, 2006 300pm 400pm
Eastern
2
National Webcast Initiative
William F. Pelgrin

• Joint Partnership between MS-ISAC and DHS
  US-CERT
• Coordinated through the New York State Office of
  Cyber Security and Critical Infrastructure
  Coordination and the New York State Forum
• Provides timely and practical information
  regarding cyber security topics
• Webcast documents http//www.cscic.state.ny.us/m
  sisac/webcasts/02_06/index.htm

3
Current Listing of Vendors Interested In
Participation

• Accenture
• Aon
• ATT
• Cisco
• Computer Associates
• CDW-G
• CGI
• CMA
• DD Consulting
• Ernst Young
• Foundstone/McAfee
• Gartner
• HP
• IIC
• ISS, Inc.

• Jay Dee Systems
• Keane
• MCI
• Microsoft
• Nortel
• Novell
• NYSTEC
• Oracle
• RH Security Consulting LLC
• SAIC
• SAS
• SRA International, Inc.
• Sybase
• Symantec
• Veritas

This listing will continue to evolve over time
4
Identity Theft Introduction

• Between January and December 2005, Consumer
  Sentinel, the complaint database developed and
  maintained by the FTC, received over 685,000
  consumer fraud and identity theft complaints.
  Consumers reported losses from fraud of more than
  680 million.
• Todays presentation will focus on
• What Identity Theft Is
• What you can do to Protect Yourself against
  Identity Theft
• What to do if you are, or think you may be, a
  victim of identity theft
• Identity Theft and the Online World
• Resources on Identity Theft

5

National Cyber Security Division U.S. Department
of Homeland Security

• US-CERT established in September 2003 and is
  the operational arm of the National Cyber
  Security Division at the Department of Homeland
  Security
• Nations focal point for preventing, protecting
  against, and responding to cyber security threats
  and vulnerabilities
• US-CERT also hosts a public website, at
  www.uscert.gov, which provides a wealth of
  information regarding cyber security

6

• Presenters Howard Schmidt, CISSP,
  CISM President CEO R H Security Consulting
  LLC ____________ D. Scott Parsons Deputy
  Assistant SecretaryOffice of Critical
  Infrastructure Protection and Compliance
  PolicyU.S. Department of the Treasury
• ____________ Joseph Martucci Senior
  Security EngineerSymantec Consulting Services

7

What is Identity Theft?
8
We All Have a Role to Play In Combating Identity
Theft

• The fight against Identity Theft involves
  cooperation by
• Federal and State government
• Law enforcement
• Financial institutions and businesses
• Technology innovators
• Consumers

9
A Legal Definition

• Under the Fair and Accurate Credit Transactions
  Act of 2003, Identity Theft means
• A fraud committed or attempted using the
  identifying information of another person without
  authority.
• 
  16 CFR 603.2
• There is an important difference between credit
  card fraud, which is now included in the
  definition, and someone actually assuming an
  identity to commit fraud.

10
Poll What type(s) of personal information need
to be safegu...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Account numbers
• Address
• Security codes from the back of credit and debit
  cards
• Driver's license number
• Mother's maiden Name
• Internet passwords
• All of the Above

11
Identity Thieves Look For

• Internet passwords
• Personal identification numbers
• User IDs for online account access
• Security codes from the back of credit and debit
  cards
• Other identifying information

• Name
• Address
• Date of birth
• Social Security number
• Drivers license number
• Mothers maiden name
• Account numbers
• Card expiration dates

12
How Your Identity Can Be Stolen

• Loss or theft of your wallet, purse, or credit
  card
• Mail theft
• Skimming information from the magnetic strip on
  credit or debit cards
• Dumpster diving through the trash
• Shoulder surfing, looking over your shoulder
  when you are entering a PIN or password

13
Common Types of Identity Theft orFinancial Fraud

• Unauthorized transactions on existing accounts
  (e.g., unauthorized charges on a credit card or
  checks on a checking account) often more easily
  corrected than the others
• Takeover of existing accounts (e.g., prolonged
  use or emptying of a financial account)
• Creation of new accounts

14
Businesses and Identity Theft Why be concerned

• Businesses are prime targets for identity
  theft.
• Identity theft often happens from the inside.
• Identity theft is bad for business.
• Potential legal liability.

15
Businesses and Identity TheftSteps to reduce the
risk

• Establish privacy policies.
• If you dont need it, dont collect it.
• Record retention and disposal schedule.
• Personnel Background checks.
• Data and network security.
• Restrict access to sensitive data, on a need
  to know basis.
• Training and awareness.
• Accountability for compliance.

16

What You Can Do To Protect Yourself
17
Minimizing the Risks of Becoming a Victim

• Do not leave a lot of financial records lying
  around your house for prying eyes to see
• Do not keep information that you dont need in
  your purse or wallet
• Do not carry your Social Security Number with
  you
• Do not leave credit or debit card receipts at the
  ATM, gas pump, or anywhere else
• Do not keep personal identification numbers
  attached to credit, debit, or ATM cards

18
Minimizing the Risks of Becoming a Victim

• Shred personal records or get rid of them as
  effectively as possible
• Beware of giving information to anyone over the
  phone or Internet unless you initiate the
  contact
• Remember that your bank or credit card issuers
  already have your account numbers, PINs, access
  codes, passwords, Social Security numbers and
  other information they need. They wont phone or
  e-mail you to ask for it.
• Protect your mail send and receive it safely

19
Poll How long has it been since you reviewed
your credit re...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Recently (within the last month)
• Between 1-6 months ago
• Over a year ago
• Never
• I don't know where to get my credit report

20
Minimizing the Risks of Becoming a Victim

• Check your credit report at least once a year
• To see whether accounts have been opened in your
  name without your knowledge
• To spot unexpected delinquency on established
  accounts
• To review your credit report before making a
  major purchase
• These reports can be free and are easy to get
• Contact www.AnnualCreditReport.com for a free
  credit report once every 12 months from each of
  the three nationwide consumer reporting agencies
  (i.e., credit bureaus) Equifax, Experian,
  TransUnion

21
Poll Have you ever been a victime of Identity
Theft?

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Yes
• No
• I'm not sure

22

What To Do If You Are, Or Think You May Be, A
Victim of Identity Theft
23
Warning Signs

• A financial institution may call if a transaction
  seems out of the ordinary
• You may see unauthorized charges on a credit card
  or checking account statement
• You may see an account that you did not open on
  your credit report
• You may get a call from a collection agency
  asking why you have not paid a bill

24
Poll Do you know what to do if you have or may
have become ...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Yes
• No
• I'm not sure

25
Must Do List Act Quickly!

• Contact the financial institutions or the
  companies where the information about you has
  been misused and let them know that youre a
  victim of Identity Theft
• Contact the credit reporting agencies (Equifax,
  Experian, TransUnion) to report your suspicions
  about Identity Theft, and request a fraud alert

26
Must Do List Act Quickly!

• Contact your local police department to report
  the crime, and get a copy of your police report
• Contact the Federal Trade Commission for helpful
  information and because the FTC tracks incidents
  of Identity Theft

27

Identity Theft and the Online World
28
Phishing

• Uses spam or junk e-mails that
• Seek to obtain the same kind of information that
  any ID thief wants
• May mimic
• Financial institutions
• Government agencies
• Computer software companies
• e-Commerce sites
• Other legitimate businesses

29
Phishing

• May ask you to go to a Web site to verify and
  enter your personal information
• May contain a link that takes you to a Web site
  that looks just like your banks
• At the fake Web site, crooks copy, or spoof,
  graphics from real Web sites
• The message may include an excuse (e.g., the bank
  is undergoing a computer upgrade), or sound
  urgent or intimidating (e.g., you will lose
  access to your account if you dont provide the
  information promptly)

30
Spyware

• Spyware software
• Monitors your online activity and diverts
  information while you are using legitimate Web
  sites
• May be installed on your computer when you visit
  deceptive Web sites, download seemingly innocent
  games or other software, or open e-mails that may
  have spyware attached

31
Poll What type of security is used on your
personal/home co...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Anti-Virus
• Spyware
• Firewall
• Nothing

32
Protect Yourself from Phishing

• Update your browsers, spam filters, anti-virus
  and anti-spyware software regularly
• Use parental controls
• Visit a Web site by typing the Web address - or
  URL into your Web browser yourself, not by
  clicking a link
• Look for the s in https when engaging in
  financial transactions because it indicates
  scrambling or encryption of the communication
  (dont just copy a link that appears to have an
  s in https)
• Look for the lock icon in the lower right corner
  of the screen when engaging in financial or other
  sensitive transactions because the lock signifies
  an encrypted session (Spoofed phishing sites
  may have fake locks, so beware)

33
Protect Yourself from Phishing

• More information on Phishing is available at
• www.SecretService.gov
• www.Antiphishing.org
• www.FTC.gov

34
Poll Do you think you have been tricked into
responding to ...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Yes
• No
• I don't know

35
Online Safety

• Generally, you can operate safely on the
  Internet, but you need to use common sense
• Protect your computer like you would protect your
  personal financial information.
• Turn it off when you walk away from the computer
  so that no one else can gain access while you are
  not there
• Use a firewall
• Make sure that your operating system and software
  are updated on a frequent basis (keep patches
  current)

36
Online Safety

• Make sure that you have anti-spam softwaremany
  phishing attacks come as a result of spam
• Use strong passwords
• Words or numbers that are not easy to guess
• Use a combination of numbers, letters, and other
  characters
• Do not use the same password for every account.
  Consider changing your passwords periodically.

37
Online Safety

• Know the Web addressor URLof the Web site
  that you are going to visit
• Read and learn how the Web site is going to
  protect and use your personal information
• Clean your hard drive before you dispose of an
  old computer

38
SummaryMinimizing the Risk of Identity Theft

• Minimize the amount of information that can be
  stolen.
• Monitor your credit report and account
  statements.
• Be sensitive about disclosing your personal
  information to others on and offline. Answer the
  questions Who, Why and How.
• Protect your computer and online experience

39
SummaryWhat to Do if you become a Victim of
Identity Theft

• Immediately notify any one of the nationwide
  reporting agencies (Experian, Equifax,
  Transunion) and place a fraud alert on your
  credit report.
• Contact the company where you believe the
  fraudulent account was opened or where the
  fraudulent transaction was made.
• File a complaint with your local police
  department or the police department where the
  identity theft took place.
• Dont wait to get help, there are organizations
  that are aware of this issue and are set up to
  help victims like the FTC.
• Keep records of all your communications and
  follow up in writing by certified mail return
  receipt.

40
Identity Theft Outsmarting the Crooks DVD
Identity Theft Resources
Order your DVD by visiting http//www.treas.gov/o
ffices/domestic-finance/financial-institution/cip/
identity-theft.shtml
41
Identity Theft Resources

• Federal Trade Commission http//www.consumer.g
  ov/idtheft/
• US Department of the Treasury
  http//www.treas.gov/offices/domestic-finance/fina
  ncial-institution/cip/identity-theft.shtml
• (BBBOnline http//www.bbbonline.org/IDTheft/
• Privacy Rights Clearinghouse
  http//www.privacyrights.org/identity.htm
• Identity Theft Resource Center
  http//www.idtheftcenter.org/index.shtml
• Fight Identity Theft http//www.fightidentityth
  eft.com/
• Anti-Phishing Working Group http//www.antiphish
  ing.org/consumer_recs.html
• CarnegieMellon http//www.cert.org/homeusers/Ho
  meComputerSecurity/

42
Questions and Answers ?
43
Thank you for participating

• The archive of todays session will be available
  at
• http//www.cscic.state.ny.us/msisac/webcasts/02_0
  6/index.htm
• Mark Your Calendar!
• The next National Webcast Initiative
• is scheduled for April 13, 2006!

44
Poll What cyber security topic would you be
interested in f...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Remote Access
• Identity Management and Access Control
• VoIP
• Instant Messaging and How to Protect Your Home
  Computer
• Insider Threat
• Other (please enter your response in the QA tool)

45
Poll How are you participating in today's
webcast?

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Individually
• In a group setting with lt 5 people
• In a group setting with 6 - 10 people
• In a group setting with 11 - 20 people
• In a group setting with 21 - 40 people
• In a group setting with gt 40 people

46
Poll Did you find today's webcast useful in
helping to adva...

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• Yes
• No- Please explain using the Questions and
  Answers Tool

47
Poll How did you learn about today's webcast?

• Live Meeting Multiple Choice Poll. Use Live
  Meeting gt Edit Slide Properties... to edit.
• From the MS-ISAC
• From US-CERT/DHS
• From the US Treasury
• From NCSA
• From NYS CSCIC
• From NYS FORUM
• Other - please explain using the Questions and
  Answers Tool

48
Identity Theft The crime that keeps taking!
National Webcast Initiative
February 16, 2006
Thank You!