Internet Identity Theft By: Kaitlyn McRann Neera Pradhan
Definition Identity Theft n. the dishonest acquisition of personal information in order to perpetrate fraud, typically by obtaining credit, loans, etc., in someone else's name; fraud perpetrated in this way; (also) an instance of this. Source: (http://www.oed.com/view/Entry/91004?redirectedFrom=Identity%20theft#eid905879)
Where Identity Thieves Strike Anyone from anywhere in the world Internet makes it easier for the criminals to hide their identity and use social networking tools through their loop holes to access the target. The most popular ways of getting your identity stolen are: Your Mail – Leaving your mailbox overnight can cause problems Your Computer– Not having updated anti-spyware and anti-virus software Your Trash– Dumpster diving for personal information After creating successful fake ids for themselves, internet thieves can explore into others’ information without disclosing their own identity.
How “Third Party” gets involved in id-theft? Example The most common websites who offer net-detective services claiming to find anyone-anywhere in the world for you can be a starting point for internet thieves looking for personal information on others. One Web site, docusearch.com, will retrieve a person's Social Security number in one day for $49. Dan Cohn, the director of docusearch.com, said he got The New York Times numbers from "various sources" but that none of his firm's services have contributed to identity theft. "Social Security numbers are pretty much public numbers anyway," Cohn said.
ItemSensitivity Full NameLow AddressLow Phone NumberLow Date of BirthMedium BirthplaceMedium Mother's Maiden NameMedium Social Security NumberHigh Bank Account NumberHigh Credit Card NumberHigh PIN or PasswordHigh Three-tier Evaluation of Threat Level
Example http://news.bbc.co.uk/1/hi/technology/7376 738.stm
5 Most Common Ways identities Are Stolen Online Phishing: Despite consumer and employee awareness, a carefully crafted email that appears to have been sent by fellow employee or trusted entity is probably the most effective spear phish. “Whaling,” or targeting a CEO or other high level executive with a phishing email can be even more successful. P2P File Sharing: Peer-to-peer file sharing is a fantastic way to leak company and client data to the world. Social Networking: Social networking websites have grown too big, too fast, and can’t keep up with security. Malicious Websites: Websites designed to attack your computer and infect it with viruses number in the millions. Hacked websites, along with out-of-date operating systems and vulnerable browsers, put your identity at risk. Malicious Attachments: PDFs used to be safe, but Adobe is the same boat today that Microsoft found itself in years ago: hack central. Adobe’s software or files are used on almost every PC and across all operating systems, and criminal hackers love it. According to an estimate from McAfee, in the first quarter of this year, 28% of all exploit-carrying malware leveraged an Adobe Reader vulnerability.
Other Common Problems Lack of user awareness: It can have a huge impact on breaching any private information over the network. Any information entered into the website can lead hackers to access personal information without the knowledge of users. Business Record Theft: They get your information from businesses or institutions by stealing files out of offices where you're a customer, employee, patient or student; or bribing an employee who has access to your files; or even "hacking" into the organization's computer files. Shoulder Surfing: A "shoulder-surfing" identity thief, standing next to you in a checkout line, can memorize your name, address and phone number during the short time it takes you to write a check. An identity thief can stand near a public phone and watch you punch in your phone or credit card numbers. Dumpster Diving: They rummage through your trash, or the trash of businesses, and landfills For personal data. Under the Color of Authority: They fraudulently obtain credit reports by abusing their employer's authorized access to credit reports, or by posing as landlords, employers or others who may have a legitimate need/right to the information. Skimming: They steal your credit/debit card account numbers as your card is processed at a restaurant, store or other business location, using a special data collection/storage device.
When an identity is stolen Open new accounts Apply for credit cards Make charges and leave the bills unpaid Set up utility services in your name File for government services and benefits unemployment insurance or tax refunds Thieves can use the existing accounts to use credit and debit cards The victim must document everything they do and what happens with their records to prove someone else has been causing the problems and not them
Consequences In 2004 the US government passed the Identity Theft Penalty Enhancement Act because of the increase in cases. This was to amend “the federal criminal code to establish penalties for aggravated identity theft.”
Wyoming Laws Wyo. Stat. §6-3- 315 Use of false identity, citizenship or resident alien documents Misdemeanor punishable by imprisonment for not more than six months, a fine of not more than $1,000, or both. Wyo. Stat. §6-3- 901 et seq. Theft of identity A misdemeanor punishable by imprisonment for not more than six months, a fine of not more than $750, or both, if no economic benefit was gained or was attempted to be gained, or if an economic benefit of less than $1,000 was gained or was attempted to be gained by the defendant. A felony punishable by imprisonment for not more than 10 years, a fine of not more than $10,000, or both, if an economic benefit of $1,000 or more was gained or was attempted to be gained by the defendant. Restitution If a restitution plan is ordered pursuant to W.S. 7-9-101 through 7-9-115, the court may include, as part of its determination of amount owed pursuant to W.S. 7-9- 103, payment for any costs incurred by the victim, including attorney fees, any costs incurred in clearing the credit history or credit rating of the victim or in connection with any civil or administrative proceeding to satisfy any debt, lien or other obligation of the victim arising as a result of the actions of the defendant.
Prevention Do not to give out personal information over unsecured networks or public websites Always use encrypted wireless connection While using public wi-fi, make sure you have anti-virus software and spyware updated Make sure you logged out of your online applications properly Only have one webpage open when using websites with your information Test the security of the websites that require personal information Never click links in emails and always type the address in manually or use a bookmark. You should set administrative privileges to prevent the installation of P2P software.
Prevention contd.. Create policies and procedures that outline appropriate use, and beware of social networking scams. Confirm the contact information from places asking for information Properly destroy papers with sensitive information Be careful of shoulder surfing Have checks sent directly to the bank and not a home address Cancel credit cards you have not used in 6 months Don’t carry unnecessary identifiers in your wallet Monitor your financial accounts and credit ratings Take your name off promotional lists
What To Do File an official police report Place a fraud alert on your credit reports Notify all your banks Change your passwords and other account security New driver’s license/passport Need hard evidence and police report to get new number Monitor your credit Example: www.creditkarma.com
Helpful Companies Form for reporting stolen passport
Conclusion Identity theft is a growing problem The more we use the internet and create online presence for ourselves, the more vulnerable we have become to online identity theft attacks. The solution to this problem is vast and will take time to fix Be cautious of where you give out personal information and what information you give out.
"About Identity Theft." Fighting Back Against Identity Theft (Federal Trade Comission). N.P., N.D. Web. 17 Apr. 2011.. Acquisti, Alessandro, And Ralph Gross. "Proceedings Of The National Academy Of Sciences." Predicting Social Security Numbers From Public Data 106.2718 Jan. (2009): 1-3. Print. Frank, M. J. (2010). Identity Theft Prevention And Survival. Retrieved From Http://Www.Identitytheft.Org/(Frank, 2010) “Internet Usage Statistics." Internet World Stats. N.P., 2010. Web. 17 Apr. 2011.. Jr., Jay F. Nunamaker, Et Al. "Detecting Fake Websites: The Contribution Of Statistical Learning Theory." MIS Quarterly 34.3 (2010): 435-461. Business Source Premier. Ebsco. Web. 16 Apr. 2011. "Phishing Schemes Grow In Number And Sophistication." Point For Credit Union Research & Advice (2006): 13. Business Source Premier. Ebsco. Web. 16 Apr. 2011. The Ultimate Guide To Identity Theft Prevention [Web Log Message]. (2006, October 13). Retrieved From Http://Www.Yourcreditadvisor.Com/Blog/2006/10/The_ultimate_gu.Html("the Ultimate Guide," 2006) U.S. Library Of Congress, United States Statutes At Large. (2006). Identity Theft Penalty Enhancement Act (The Global Legal Information Network Publication Issue No. 118 Stat. 831). Washington, DC: The Global Legal Information Network. Retrieved From Http://Www.Glin.Gov/View.Action?Glinid=183402(u.S. Library Of, 2006) U.S. Department Of The Treasury, Federal Reserve Bank Of Boston. (2005). Identity Theft Boston, MA: Public & Community Affairs. Retrieved From Http://Www.Bos.Frb.Org/Consumer/Identity/ (U.S. Department Of, 2005) Whitson, Jennifer R., And Kevin D. Haggerty. "Identity Theft And The Care Of The Virtual Self." Economy & Society 37.4 (2008): 572-594. Business Source Premier. Ebsco. Web. 16 Apr. 2011.Http://Www.Identitytheft.Org/ Http://Www.Yourcreditadvisor.Com/Blog/2006/10/The_ultimate_gu.HtmlHttp://Www.Glin.Gov/View.Action?Glinid=183402Http://Www.Bos.Frb.Org/Consumer/Identity/ References