Information Security Office The University of Arizona Security Awareness Brown Bag Series Identity Theft and Telephone Fraud
Information Security Office Identity Theft How to Protect Your Identity Every 79 seconds a thief steals someone's identity, opens accounts in the victim's name, and goes shopping
Information Security Office OBJECTIVES What is Identity Theft How Thieves Do It Preventive Actions Internet and On-Line Services Credit Reports (who to contact) Steps for Victims Reporting Identity Theft Consequences
Information Security Office What Is Identity Theft Acquisition of key pieces of someones identifying information in order to impersonate them. Identifying Information Includes: Name Address Date of Birth Social Security Number Mothers Maiden Name Credit Card Number ATM PINs Bank Account Numbers
Information Security Office What Is Identity Theft Purpose Take over financial accounts Open new bank accounts Apply for loans Apply for credit cards Apply for social security benefits Purchase automobiles Rent apartments Establish services with utility and phone companies Write Checks on accounts Online Purchases and Services
Information Security Office How They Do It Use low and high tech methods Shoulder surfing at ATMs and Pay Phones Steal your mail Dumpster diving Corrupted postal employees (including Mail Room Personnel) Check washing –Mostly in Western U.S. –Related to Meth use (similarly used chemicals) Check creation software Credit Card Checks
Information Security Office Preventive Actions Promptly remove mail from your mail box Deposit outgoing mail in post office collection mail boxes or at your local post office –Do not leave in unsecured mail receptacles Never give personal information over the telephone unless you initiated the call
Information Security Office Preventive Actions Shred pre-approved credit card applications, credit card receipts, bills and other financial information you dont want Empty your wallet/purse of extra credit cards and Ids Opt to use an alternate number on Drivers License Memorize your SSN and all your passwords
Information Security Office Preventive Actions Order your credit report from the three credit bureaus once a year to check for discrepancies Never leave receipts at bank machines, bank windows, trash receptacles, or unattended gasoline pumps Sign all new credit cards upon receipt Save all credit card receipts and match them against your monthly bills Never loan your credit cards to anyone else
Information Security Office Preventive Actions Be conscious of normal receipt of financial statements –Contact sender if they are not received on time Notify credit card companies and financial institutions in advance of any change of address or phone number Never put account numbers on post cards or on the outside of an envelope Report all lost or stolen credit cards immediately
Information Security Office Preventive Actions If you applied for a new credit card and it hasnt arrived in a timely manner, call the bank or credit card company involved Know your expiration dates –Contact issuer if replacements are not received promptly Beware of mail or telephone solicitations disguised as promotions offering instant prizes or awards designed solely to obtain your personal information or credit card numbers
Information Security Office Preventive Actions Never use commonly used passwords/PINs: –Dates of Birth –Last four of SSN –Last four of phone number –Series of consecutive numbers Dont carry SSN card with you Do not use your SSN as your drivers license number
Information Security Office Internet and On-Line Services Use caution when disclosing: – checking account numbers –credit card numbers or –other personal financial data at any web site or on-line service location unless you receive a secured authentication key from your provider. When you subscribe to an on-line service, you may be asked to give credit card information. –beware of con artists who may ask you to confirm your enrollment service by disclosing passwords or the credit card account number you used to subscribe.
Information Security Office Credit Reports Who to contact: Equifax – www.equifax.com P.O. Box 740241 Atlanta, GA 30374- 0241 Telephone: 1-800-685-1111 Experian - www.experian.com (Formerly TRW) P.O. Box 949 Allen, TX 75013-0949 Telephone: 1-800-397-3742 TransUnion – www.tuc.com P.O. Box 1000 Chester, PA 19022 Telephone: 1-800-916-8800
Information Security Office Action Steps For Victims Contact all creditors, by phone and in writing, to inform them of the problem Call your nearest Postal Inspection Service office and your local police Contact the Federal Trade Commission to report the problem Call one of the three credit bureaus fraud units to report identity theft (they will contact other 2 for you) –Ask to have a Fraud Alert/Victim Impact statement placed in your credit file asking that creditors call you before opening any new accounts Alert your bank to flag your accounts and to contact you to confirm unusual activity
Information Security Office Action Steps For Victims Request a change of PIN and new password Keep a log of all contacts and make copies of all documents You may also wish to contact a privacy or consumer advocacy group regarding illegal activity Contact the Social Security Administrations Fraud Hotline Contact the state office of the Department of Motor Vehicles to see if another license was issued in your name –If so, request a new license number and fill out the DMVs complaint form to begin the fraud investigation process
Information Security Office Report Identity Theft To Equifax Credit Bureau, Fraud 1-800-525-6285 Experian Information Solutions 1-888-397-3742 TransUnion Credit Bureau, Fraud 1-800-680-7289 Federal Trade Commission 1-877-IDTHEFT (438-4338) AFOSI Det 201 DSN 574-7371 or Commercial: (757) 764-7371 Social Security Administration, Fraud Hotline 1-800-269-0271
Information Security Office Security Awareness Brown Bag Series Sponsored by CCIT Telephone Fraud
Information Security Office Phone Fraud " This is Ernestine from the Phone Company. Have I reached the party to whom I am speaking?"
Information Security Office Phone Fraud Impact Costs the Telecommunication industry more than $4 billion a year – costs are ultimately passed on to consumer.
Information Security Office Telephone Fraud The 9-0-# Phone Scam Call is made to an office and cons unsuspecting worker to transfer call to outside line Caller claims to be a telecommunication service technician repairing phone lines Convinces recipient of call to help by transferring him to an outside line AND hang up Once done, the caller starts dialing calls that are charged to owner of PBX
Information Security Office "Compromised Private Branch Exchange (PBX) and Telephone Voice Mail Systems Dated 6/3/2003 from NIPC Enables unauthorized communication via compromised US phone systems Cannot be traced Used to connect to local access numbers for ISPs - free Internet service via a modem Can redirect repeated calls to a specific number, such as 911, and cause denial-of- service (DoS) activity.
Information Security Office Telephone Fraud Detection Toll Fraud warning signs: –Long holding times –Unexplained surges in use –Increase in calls after business hours –Reports of odd calls –Complaints that system is always busy
Information Security Office Telephone Fraud Protection Memorize calling card number. Prevent shoulder surfing - Be aware of people loitering around phones. Stand directly in front of phone when entering number. Dont give your Calling Card numbers to others Guard your Calling Card number as you would a credit card number Report lost or stolen cards immediately Dont accept third-party calls from those you dont know
Information Security Office Prevention Primarily targets businesses and universities Technician would never ask customer to help check phone lines Best defense is to be aware of this scam and review what to do if it happens: –Ask technician for call-back number or for name and number of supervisor. Then hang up –Report call
Information Security Office 809 Area Code Scam The 809 scam involve a message (phone, email, pager) Request you immediately call or fax an 809 area code number Examples of reason to call include: –avoiding litigation – receiving info about someone who has died or been arrested –winning a prize –getting a job –even death in family
Information Security Office Prevention 809 Area Code Scam 809 area code is in the Caribbean. No international code is required Some numbers in 809 areas code are pay-per call numbers Scamsters try and keep you on phone as long as possible Not just limited to 809 (284, 876) AT&Ts Webpage on phone fraud and scams http://www.att.com/fraud/home.html#b
Information Security Office Wireless Telephone Fraud Prevention Tips Lock phones, remove handsets and wireless antenna when vehicle left with someone Protect sensitive documents (subscriber agreement containing electronic serial numbers) Immediately report lost or stolen wireless phone carrier Dont leave phone in unattended car or in isolated area for extended period of time
Information Security Office SEC- -Y If not you, who? If not now, when? The key to security awareness is embedded in the word security………….
Information Security Office Resources at the University of Arizona Kerio Firewall https://sitelicense.arizona.edu/kerio/kerio.shtml Sophos Anti Virus https://sitelicense.arizona.edu/sophos/sophos.html VPN client software https://sitelicense.arizona.edu/vpn/vpn.shtml Policies, Procedures and Guidelines http://security.arizona.edu/guidelinesetc.html Security Awareness http://security.arizona.edu/awareness.html
Information Security Office University Information Security Office Bob Lancaster 4 University Information Security Officer 4 Co-Director – CCIT, Telecommunications 4 Lancaster@arizona.edu 4 621-4482 Security Incident Response Team (SIRT) 4 firstname.lastname@example.org 4 626-0100 Kelley Bogart 4 Information Security Office Coordinator 4 Bogartk@u.arizona.edu 4 626-8232