Presentation is loading. Please wait.

Presentation is loading. Please wait.

IDENTITY THEFT Day 1: Background of Identity Theft SAMPLE ONLY.

Similar presentations


Presentation on theme: "IDENTITY THEFT Day 1: Background of Identity Theft SAMPLE ONLY."— Presentation transcript:

1 IDENTITY THEFT Day 1: Background of Identity Theft SAMPLE ONLY

2 2 Background Legal Definitions of Identity Theft Various Other Definitions Working Definition For Telecoms Classification of Identity Theft Who are the Identity Thieves? Who are the Victims? Informations Needed For ID Theft A Sample ID Theft Methodology SAMPLE ONLY

3 3 Objective/Intention 1.Personal Gain 2.Vengeance 3.Provide Anonymity 4.Challenge 5.Satisfy Ego Classifications of Identity Theft SAMPLE ONLY

4 4 Methods of ID Information Retrieval: 1.Third Party Sources: A.Dumpster Diving: Experian, in early 2002, investigated 400 Trash bins in Nottingham, England 72% of trash bins contain at least one full name and address 40% of trash bins contain a credit card number 32% of trash bins contain a credit card number AND expiration date 20% of trash bins contain a bank account number and a sort code (similar to a US Bank’s routing number) Classifications of Identity Theft SAMPLE ONLY

5 5 Methods of ID Information Retrieval: 1.Third Party Sources: B.From Businesses or Institutions HR or Employment Records Internal Fraud –Bribes to employees –Disgruntled employees Social Engineering Through Information Technology Systems –Hacking or other Technological Means. –Simply searching Public Databases On- or Off- line. –Google or other Search Engines Classifications of Identity Theft SAMPLE ONLY

6 6 Methods of ID Information Retrieval: 1.Third Party Sources: B.From Businesses or Institutions Hackers Steal California State Employees Social Security Numbers? Yahoo News/Associated Press - May 24, 2002 Hackers Break Into California Computers Does it make you feel better to know that not even California Governor Gray Davis is immune from possible identity theft? It appears that on April 7th, hackers broke into a California state computer system that houses the names, social security numbers, and maybe even bank information for 260,000 state employees — including Gov. Gray Davis and his staff. It's not clear if the hackers took anything or have used the information to commit identity theft. The servers have since been patched to keep this from happening again. Right. Classifications of Identity Theft SAMPLE ONLY

7 7 Methods of ID Information Retrieval: 1.Third Party Sources: B.From Businesses or Institutions Bank Loses Card Data of Senators, U.S. Govt Staff Feb 26, 2005 By Joanne Morrison WASHINGTON, Feb 26 (Reuters) - Computer tapes containing credit card records of U.S. Senators and more than a million U.S. government employees are missing, Bank of America said on Friday, putting the customers at increased risk of identity theft. The security breach, which included data on a third of the Pentagon's staff, angered lawmakers... Classifications of Identity Theft SAMPLE ONLY

8 8 Methods of ID Information Retrieval: 1.Third Party Sources: B.From Businesses or Institutions March 18, 2005 Auditors Find IRS Workers Prone to Hackers By MARY DALRYMPLE AP Tax Writer WASHINGTON -- More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday Classifications of Identity Theft SAMPLE ONLY

9 9 Methods of ID Information Retrieval: 1.Third Party Sources: B.From Businesses or Institutions March 22, 2005 Personal Data of 59,000 People Stolen By Associated Press CHICO, Calif. — Hackers gained personal information of 59,000 people affiliated with a California university -- the latest in a string of high-profile cases of identity theft. California State University, Chico spokesman Joe Wills said nearly all the current, former and prospective students, faculty and staff who were affected have been notified of the theft, which happened about three weeks ago. Hackers gained access to the victims' names and Social Security numbers. Classifications of Identity Theft SAMPLE ONLY

10 10 Methods of ID Information Retrieval: 1.Third Party Sources: C.From Detective Agencies (both real and fake): Examples: Agencies like these are considered legal and they serve as a source of identity information for the ID Thief. Classifications of Identity Theft SAMPLE ONLY

11 11 Classifications of Identity Theft SAMPLE ONLY

12 12 Classifications of Identity Theft SAMPLE ONLY

13 13 Classifications of Identity Theft SAMPLE ONLY

14 14 Classifications of Identity Theft SAMPLE ONLY

15 15 Methods of ID Information Retrieval: 1.Third Party Sources: D.From Information Brokers: Examples: Agencies like these provide data that can be used to validate identities, however, they are also sources for ID Thieves. Classifications of Identity Theft SAMPLE ONLY

16 16 Classifications of Identity Theft SAMPLE ONLY

17 17 Methods of ID Information Retrieval: 1.Third Party Sources: D.From Information Brokers: ChoicePoint data theft widens to 145,000 people February 18, 2005 By Matt Hines Staff Writer, CNET News.comMatt Hines ChoicePoint has confirmed that scammers culled the personal information of tens of thousands of Americans in a recent attack on its consumer database, resulting in 750 individual cases of identity theft. The Atlanta-based company said that it plans to inform approximately 110,000 consumers outside the state of California whose information may have been accessed in the criminal scheme, originally reported on Tuesday. The company has already told some 35,000 Californians that their personal data, including their names, addresses, Social Security numbers and credit reports, was stolen by scammers. California is the only U.S. state with legislation in place that requires companies to notify its residents when their personal data has been compromised.originally reported Classifications of Identity Theft SAMPLE ONLY

18 18 Classifications of Identity Theft SAMPLE ONLY

19 19 Methods of ID Information Retrieval: 1.Third Party Sources: D.From Information Brokers: Hackers Hit Lexis Nexis Database NEW YORK, March 10, 2005 (CBS/AP) Lexis Nexis says hackers commandeered one of its databases, gaining access to the personal files of as many as 32,000 people. Federal and company investigators are looking into the security breach in the Seisint database, which was recently acquired by Lexis Nexis and includes millions of personal files for use by such customers as police and legal professionals. Classifications of Identity Theft SAMPLE ONLY

20 20 Classifications of Identity Theft SAMPLE ONLY

21 21 Methods of ID Information Retrieval: 1.Third Party Sources: D.From Information Brokers: ALLEGED ACXIOM HACKER INDICTED July 21, 2004 KTHV-DT, Little Rock, Arkansas It could be one of the largest cyber crimes in U.S. history, and Arkansas based Acxiom is the victim. Wednesday federal investigators arrested a Florida man, saying he hacked into the company's computer system causing seven million dollars worth of damage. Federal investigators say 45-year-old Scott Levine from Boca Raton, Florida stole the personal information of millions of people. They say he was able to get names, addresses, and in some cases even credit card numbers. "Acxiom is simply a massive data base of information," Sandra Cherry, Assistant US Attorney says. Classifications of Identity Theft SAMPLE ONLY

22 22 Methods of ID Information Retrieval: 1.Third Party Sources: E.From Credit Reporting Agencies: Examples: In addition to selling credit reports, these agencies also sell information that can be used for identity validation, which makes them vulnerable to ID Thieves. https://www.equifax.com Classifications of Identity Theft SAMPLE ONLY

23 23 Methods of ID Information Retrieval: 1.Third Party Sources: E.From Credit Reporting Agencies: Experian credit reports stolen Hackers pose as Ford Motor Credit staff to access database from credit reporting agency. May 17, 2002: 4:36 PM EDT NEW YORK (CNN/Money) - Ford Motor Credit Co. is warning 13,000 people to be aware of identity theft after the automaker found hackers posed as employees to gain access to consumer credit reports from credit reporting agency Experian. Classifications of Identity Theft SAMPLE ONLY

24 24 Methods of ID Information Retrieval: 1.Third Party Sources: E.From Credit Reporting Agencies: TELEPHONE FRAUD An international group, dubbed the "Phonemasters" by the FBI, hacked into the networks of a number of companies including MCI WorldCom, Sprint, AT&T, and Equifax credit reporters. The FBI estimates that the gang accounted for approximately $1.85 million in business losses. "They had a menu of activities they could perform," says Richard Power, author of Tangled Web, a book chronicling tales of digital crime. "They had Madonna's home phone number, they could hack into the FBI's national crime database." The Phonemasters reportedly forwarded an FBI phone line to a sex-chat line, racking up $200,000 in bills. They snooped in confidential databases to see whose phones the FBI and federal Drug Enforcement Agency were tapping. They hacked into the computer systems of several companies and downloaded calling card numbers and personal information about customers and created telephone numbers for their own use. Classifications of Identity Theft SAMPLE ONLY

25 25 Methods of ID Information Retrieval: 1.Third Party Sources: F.From Obituaries: IDENTITY THEFT CASE MAINE WABI TV 5 News Broadcast: March 15, :00pm JODY HERSEY SPOKE WITH A HOLDEN WOMAN TODAY WHO WAS OUTRAGED AFTER SOMEONE STOLE THE IDENTITY OF HER DECEASED DAUGHTER. SHARON MILLETT OF HOLDEN SAYS THAT'S HOW HER DAUGHTER TORI'S IDENTITY WAS STOLEN. SHE SAYS VERMONT STATE POLICE PULLED OVER A WOMAN LAST WEEK CLAIMING TO BE TORI. POLICE SAY THAT WOMAN IS 41 YEAR OLD KRISTINE LOMBARDI OF CALIFORNIA. VERMONT STATE POLICE SAY LOMBARDI WAS DRIVING A STOLEN CAR WITH NUMEROUS BIRTH CERTIFICATES AND LICENSES INSIDE. POLICE BELIEVE SHE WAS USING CLOSE TO 30 DIFFERENT ALIASES. MILLETT BELIEVES LOMBARDI GOT THE INFORMATION SHE NEEDED TO ASSUME HER DAUGHTER'S IDENTITY FROM TORI'S OBITUARY AND USED IT TO OBTAIN A COPY OF TORI'S BIRTH CERTIFICATE. SO WE WENT TO THE HOLDEN TOWN OFFICE TO SEE WHAT IT TAKES TO GET A BIRTH CERTIFICATE. THE WOMAN INSIDE SAID IT WOULD COST ME 7 DOLLARS AND ALL SHE NEEDED WAS MY NAME AND BIRTH DATE. Classifications of Identity Theft SAMPLE ONLY

26 26 Methods of ID Information Retrieval: 1.Third Party Sources: G.From Public Files: Common Databases: The Dept of Heath Services has Birth and Death Certificates. The City Clerk -- list of business licenses (name, address, date) and building permits (name, address, cost of construction) The County Clerk or County Recorder has liens on file (lien holder, payment agreements), a Probate Index (estate settlements), records of lawsuits and judgments, powers of attorney with respect to real estate, records of mortgages on personal property, and bankruptcy papers. The City and County Courts have a Civil Index (civil actions, plaintiffs and defendants, and civil files with a description of any disputed property or valuables), a Criminal Index (criminal cases in Superior Court, as well as criminal files), and voter's registration files. The County Tax Collector has a description of any property owned, as well as taxes paid on real estate and personal property. The County Assessor has maps and photos, or even blueprints showing the location of a person’s property. The Secretary of State has corporation files and annual financial reports of a person’s company. The Dept of Motor Vehicles (DMV) contains information on the cars owned, insurance, as well as other data such as address and SSN. Classifications of Identity Theft SAMPLE ONLY

27 27 Classifications of Identity Theft SAMPLE ONLY

28 28 Classifications of Identity Theft SAMPLE ONLY

29 29 Classifications of Identity Theft SAMPLE ONLY

30 30 Classifications of Identity Theft SAMPLE ONLY

31 31 Methods of ID Information Retrieval: 1.Third Party Sources: G.From Public Files: NICAR PUBLIC FILES AVAILABLE TO MEMBERS: Transportation/Air FAA Enforcements: A database of FAA enforcement actions against airlines, pilots, mechanics, and designees FAA Service Difficulty Reports: A database of maintenance incidents collected by the FAA for the purpose of tracking repair problems with commercial, private, and military aircraft, and aircraft components. FAA Accidents and Incidents: A database of mainly U.S. flights where there was an accident or an incident, including crashes, collisions, deaths, injuries, major mechanical problems or costly damages. FAA Aircraft Registry: A listing of all aircraft and aircraft owners registered in the United States. This dataset also includes tables on registered aircraft dealers and individuals/companies that reserved the N-number for their plane. FAA Airmen Directory: The FAA Airmen Directory is a listing of pilots and other airmen, including the type of certificate's) they hold and their ratings. As a result of a new law that allows airmen to have their information withheld from the public, this listing is incomplete. NASA Aviation Safety Reporting System: A database of anonymous reports of airplane safety submitted by pilots, flight attendants, air traffic controllers and passengers. Transportation/Roads DOT Fatal Accidents: A nation-wide database of fatal road-vehicle accidents. NHTSA Vehicle Recalls and Complaints: A database of vehicle complaints, recalls, service bulletins and inspections. DOT Truck Accidents: A database of accidents on U.S. roads involving a commercial vehicle weighing more than 10,000 pounds, including semi-tractor trailers, buses. The data of also has information about hazardous material carriers. Truck Census: This U.S. Department of Transportation database contains records on each company that has commercial interstate vehicles weighing more than 10,000 pounds. Truck Inspections: The Truck Inspections database contains data from state and federal truck inspections involving motor carriers as well as shippers and transporters of hazardous materials operating in the United States. Transportation/Waterways Boating Accidents: The database contains information on recreational boating accidents in the United States. Boat Registration: The database contains information on registered recreational and commercial boats. Transportation/General Hazardous Materials: A database of information on transportation accidents involving hazardous materials. Election Campaigns/Federal FEC Campaign Contributions: A database of all individual and political action group (PAC) contributions to federal election campaigns. Mortality, Multiple Cause-of-Death Database: The Mortality Multiple Cause-of-Death database contains detailed information found in U.S. standard death certificate records from the United States and its territories. National Practitioner Databank: This database contains information about doctors and other health care practitioners who have had medical malpractice suits filed or adverse action taken against them. Although names are not included, some news organizations have been able to use this database with other public records to determine the identity of individual practitioners. Manufacturer and User Facility Device Experience Database: A database listing medical devices which have failed, how they failed and the manufacturer information. CDC AIDS Public Information Dataset: Contains details about AIDS cases reported to state and local health departments since 1981, such as age, race and location. Names are not included. FDA Adverse Event Reporting System: The FDA relies on the Adverse Event Reporting system to flag safety issues and identify pharmaceuticals or therapeutic biological products (such as blood products), for further epidemiological study. Public Safety Campus Crime Statistics: 19 tables of crime data reported to the U.S. Department of Education by campus police and local law enforcement Nuclear Materials Events Database: The Nuclear Materials Events Database contains records of all non-commercial power reactor incidents and events, including medical events, involving the use of radioactive byproduct material. National Bridge Inventory Survey: A database of bridge maintenance information collected by the Federal Highway Administration National Inventory of Dams: A database including dam location, condition, maintenance, and inspection reports. FBI Uniform Crime Reports: 6 tables of crime data gathered by the FBI from law enforcement agencies across the country. ATF Federal Firearms: A listing of federally approved gun dealers across the country. Occupational Safety and Health Administration : Ten databases, one listing companies and inspection results, and three subordinate databases listing worker accidents, hazardous substance injuries and workplace violations. Consumer Product Safety Commission : The CPSC dataset includes information about potential injuries, deaths and investigations related to consumer products. Some of the products include children's toys, bicycles, swimming pools, ATV's (three- and four-wheelers), sports equipment, hobby items, lawn mowers, hair dryers, playground equipment and many more. Storm Events: This database is the official record of storm events in the United States, including tornadoes, hurricanes, tropical storms, droughts, snowstorms, flash floods, hail, wild/forest fires, temperature extremes, strong winds, fog, and avalanches. Environment CERCLIS: The Comprehensive Environmental Response, Compensation and Liability Information System (CERCLIS) database maintained by the Environmental Protection Agency contains general information on sites across the nation and U.S. territories including location, status, contaminants and actions taken. Toxic Release Inventory: The Toxics Release Inventory (TRI) consists of information about on- and off-site releases of chemicals and other waste management activities reported annually by industries, including federal facilities. Business Wage and Hour Enforcement Database: The Wage and Hour Division of the U.S. Department of Labor is responsible for the enforcement of several labor laws. The database contains information about the violations, penalties, and employers. NAFTA/TAA: Databases include records of petitions by workers, companies and unions for assistance for those who have become unemployed because of an increase in imports or shifts in production to foreign countries. SEC Administrative Proceedings: Cases before the Securities and Exchange Commission administrative judges, who can issue cease-and-desist orders, hand out civil penalties, and bar parties to associate with investment advisers, brokers or dealers. Services Agency. Federal Contracts Data: A database of Individual Contract Action Reports (ICARS) created by the Government Services Agency. Home Mortgage Disclosure Act Data : A database of home mortgage loan requests, information about the requesters as well as the financial institutions. IRS Exempt Organizations: A database of information on tax-exempt organizations. SBA 7a Business Loans database: The database includes information about loans guaranteed by the U.S. Small Business Administration under its main lending program, now known as 7a. The data include loans approved by the SBA since 1953, when Congress created the agency to help entrepreneurs form or expand small enterprises. SBA Disaster Loans: The data contains information about loans made to businesses and individuals as disaster assistance. SBA 8(a) Businesses: This is a list of businesses approved for the Small Business Administration's program for small, minority and other disadvantaged businesses. Federal acquisition policies encourage agencies to award a certain percentage of their contracts to these businesses. Federal Spending Federal Audit Clearinghouse Database: The Single Audit database is a great tool for journalists to examine local nonprofits and state or local government agencies that receive substantial assistance from the federal government. Federal Award Assistance Data System: The Federal Award Assistance Data System, maintained by the Census Bureau, includes all federal financial assistance award transactions. Consolidated Federal Funds Reports: A database of all federal money that goes to states, counties and local agencies, including Social Security payments, grants and direct loans. National Endowment for the Arts Data: A database of grant receivers, their projects, and the amount they received. Other 2000 Census: this data represents three releases from the U.S. Census IRS Migration: With the IRS migration data, you can track movement in and out of counties. Moreover, financial information in the data allows you to gauge whether your community is gaining or losing wealth. INS Legal Residency: Information on the characteristics of aliens who immigrated and attained legal residency. 46+ Public Databases with Personal Informations! Classifications of Identity Theft SAMPLE ONLY

32 32 Methods of ID Information Retrieval: 1.Third Party Sources: H.From Genealogical Databases: Classifications of Identity Theft SAMPLE ONLY

33 33 Methods of ID Information Retrieval: 1.Third Party Sources: H.From Online Resumes: Classifications of Identity Theft SAMPLE ONLY

34 34 Person with experience working with ID Theft as Fraud Analyst! Classifications of Identity Theft SAMPLE ONLY

35 35 Methods of ID Information Retrieval: 1.Third Party Sources: H.From Other Sources Online: Sex Offender Lists Most Wanted Lists Bail Jumper Lists Classifications of Identity Theft SAMPLE ONLY

36 36 Classifications of Identity Theft SAMPLE ONLY

37 37 Classifications of Identity Theft SAMPLE ONLY

38 38 Methods of ID Information Retrieval: 2.First Party Sources: A.Purchasing ID Information from “street people” This is a common problem in third world countries where there is a large class of people in poverty. Many of these people have no hope of ever obtaining a bank loan, purchasing a car, or even a nice home. For a few $$ they are willing to sell the use of their name, address, and SSN. And in the end, if they are ever questioned about crimes committed, they can claim their IDs were stolen. Classifications of Identity Theft SAMPLE ONLY

39 39 Methods of ID Information Retrieval: 2.First Party Sources: B.Mail Theft An ID Thief’s dream is to find in a mailbox a Credit Card statement or a Bank Statement. Generally, with the information alone on the statement they can perform an account takeover. Javelin Strategy & Research claims that 8 percent of identity theft incidents start because of stolen mail. C.Move-In Account Takeovers A person who moves into a new apartment and receives mail from the previous occupant can be easily tempted to perform an Account Takeover. Classifications of Identity Theft SAMPLE ONLY

40 40 Methods of ID Information Retrieval: 2.First Party Sources: B.Mail Theft Identity Theft: Kauai People Too Trusting By Pamela V. Brown - Special to The Garden Island Posted: Saturday, Sep 11, 2004 Within the last year there was a rash of residential mailbox theft, including pilferage from more than 100 mailboxes in the Kapaa area, Kapua said. Typically mail thieves are attracted to outgoing mail, advertised by the little red flags on the sides of mailboxes erected to alert letter carriers to take the envelopes to the post office. Appropriately enough, thieves call it "red flagging," explained Kathryn Derwey, a 19- year postal inspector in Honolulu. "They know the outgoing mail is a payment of some type, and probably will contain a check, a name, a signature, account number or Social Security number, " she said. "That's how they get the information." Thieves use that information to produce new IDs and also to wash the checks - wash the ink off to change the payee - or to make counterfeit checks, Derwey said. Simply selling newly created identification cards is profitable. "The going rate is $1,500 for a 'good ID,' an ID card with a good name and mailing address," said Mel Rapozo, a Kauai county councilman and co-owner of M & P Legal Support Services, a private investigative agency. "With that, they can get a new credit card with a $15,000 credit line in no time." Classifications of Identity Theft SAMPLE ONLY

41 41 Methods of ID Information Retrieval: 2.First Party Sources: D.Stealing Wallets, Purses, Laptops, etc. Identity Theft Soars, Remains Lower Tech Crime, Gartner Says July 21, 2003 By Keith Ferrell, TechWeb.comKeith Ferrell "The bulk of identity crimes are committed through decidedly old- fashioned means," Gartner analyst Avivah Litan said. "Information stolen in pre-existing relationships, pickpockets taking wallets and purses, mail interception where the thief opens financial mail, copies the information and re-seals the envelope all play a large part." Classifications of Identity Theft SAMPLE ONLY

42 42 Methods of ID Information Retrieval: 2.First Party Sources: E.Kidnapping Grab a victim, collect ransom at ATM: In Mexico, small-time kidnapping is big business February 2, 2002 By Lisa J. Adams, ASSOCIATED PRESS MEXICO CITY Miguel Soriano sat in darkness, wondering whether he would live or die. Bound and blindfolded, his mind was the only thing allowed to run free, flashing memories of his life and worst-case scenarios of what could happen to him, his wife and his children. "The days became eternal," Soriano said. "I kept thinking the worst, and 'Why me?'"Why indeed? This was no millionaire, just the humble owner of five small graphic arts businesses. But as Mexico endures an epidemic of kidnaps-for- ransom, no one is safe - neither politicians and business moguls nor ordinary housewives or even their maids.Grabbed in the middle of the day just two blocks from his house in Mexico state, Soriano was held for five days, forced to withdraw $2,630 worth of pesos from automatic teller machines and finally released after he agreed to pay an additional $14,250 or else his family would be killed. Classifications of Identity Theft SAMPLE ONLY

43 43 Methods of ID Information Retrieval: 2.First Party Sources: F.Internet Porn Scams $650M Porn Scam BY JOHN MARZULLI DAILY NEWS STAFF WRITER Tuesday, February 15th, 2005 A half-dozen Gambino mobsters copped pleas yesterday to the biggest consumer fraud in U.S. history - preying on hapless porn Web site users and phone sex customers in a huge $650 million scam. Brooklyn U.S. Attorney Roslynn Mauskopf said thousands of customers in the U.S., Europe and Asia were victimized by the vast operation - which pelted dupes with bogus credit card and phone bill charges - between 1996 and Operating behind a maze of 64 companies, they lured suckers to X-rated Web sites promising "free tours" of the lurid content. The viewers were required to give their credit or debit card numbers as proof of age. Then the unwitting victims were hit with charges of up to $90 on their card. The phone scam did not even require conning the consumer out of their card number. Martino and Chanes solicited dupes to call an 800 number for "free" samples of phone sex, horoscopes and phone dating. Merely dialing the 800 number "trapped" the callers' phone numbers in a computer - and they got billed at least $40 a month for unwanted voice mail service. Classifications of Identity Theft SAMPLE ONLY

44 44 Methods of ID Information Retrieval: 2.First Party Sources: G.Social Engineering, i.e., “Pretexting” According to the FTC, “Pretexting” is: “Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law.” It should be duly noted that “Pretexting” is a technique often employed by Bad Debt Collection Agencies, Lawyers, and HeadHunters (Employment Agencies) in order to retrieve information. It is important for a Telecom Service Provider to insure that a contracted Bad Debt Collection agency is not practicing “Pretexting”. Classifications of Identity Theft SAMPLE ONLY

45 45 Methods of ID Information Retrieval: 2.First Party Sources: H. Scams: “Phishing” According to the FTC, “Phishing” is: “a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.” “Phishers” have success rates up to 5% according to the Florida Division of Consumer Services. See Microsoft Video on Phishing: Day1\Background\Phishing.exe Classifications of Identity Theft SAMPLE ONLY

46 46 Methods of ID Information Retrieval: 2.First Party Sources: I.Technological Means: “Pharming” Definition of “Pharming” according to Webopedia: “Similar in nature to phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an while pharming allows the scammers to target large groups of people at one time through domain spoofing.” Classifications of Identity Theft SAMPLE ONLY

47 47 Methods of ID Information Retrieval: 2.First Party Sources: J.Technological Means: “Skimming” Skimming is defined as stealing the data off the magnetic strip of a card or out of the memory of a “Smart Card”. The same technology that reads the information recorded on credit and debit cards at the store checkout lane is what the fraudsters use to steal the same information off the cards. These fraudsters can then steal money and/or steal the Identity associated with the card. Classifications of Identity Theft SAMPLE ONLY

48 48 Methods of ID Information Retrieval: 2.First Party Sources: J.Technological Means: “Skimming” This is a Pocket Skimmer that can fit inside the pocket of any fraudster working at a store or a restaurant. With your card in one hand and the skimmer concealed in the other hand, the fraudster swipes the card and all the information on the magnetic strip is recorded in the memory of the skimmer. Skimmers can hold up to many hundred card informations. The cable connects to a computer for downloading the information. Coin for size reference. Classifications of Identity Theft SAMPLE ONLY

49 49 Methods of ID Information Retrieval: 2.First Party Sources: J.Technological Means: “Skimming” This is a Skimmer installed in an ATM in Brazil. It appears to be part of the ATM. Classifications of Identity Theft SAMPLE ONLY

50 50 Methods of ID Information Retrieval: 2.First Party Sources: J.Technological Means: “Skimming” Here the Skimmer is now identifiable. It was created specifically for this model of ATM. Classifications of Identity Theft SAMPLE ONLY

51 51 Methods of ID Information Retrieval: 2.First Party Sources: J.Technological Means: “Skimming” In addition to the Skimmer, there was a hidden camera in order to record the PIN number entered by the victim. This is especially needed for DEBIT cards. Classifications of Identity Theft SAMPLE ONLY

52 52 Methods of ID Information Retrieval: 2.First Party Sources: J.Technological Means: “Skimming” Installed was a wireless camera with a strong long lasting battery pack. The fraudster can pickup and record the images remotely from a car across the street. Classifications of Identity Theft SAMPLE ONLY

53 53 Methods of ID Information Retrieval: 2.First Party Sources: K.Technological Means: “Sniffing” Sniffing is a generic term that means finding information by “listening” on a line or monitoring bytes either in transit or somewhere between the data entry and data reception. For example: Listening for DTMF tones on a standard phone line. Looking for credit card numbers/passwords in the network packet data in transit in a network. Spyware recording the keystrokes of a user on a computer. Spyware looking for key words or phrases in servers. Classifications of Identity Theft SAMPLE ONLY

54 54 Methods of ID Information Retrieval: 2.First Party Sources: L.Technological Means: “Trojan Horses, Worms, and Viruses” Definitions according to Microsoft: Virus (n.) Code written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to a host program. It may damage hardware, software, or information. Worm (n.) A subclass of virus. A worm generally spreads without user action and distributes complete copies (possibly modified) of itself across networks. A worm can consume memory or network bandwidth, thus causing a computer to stop responding. Trojan (n.) A computer program that appears to be useful but that actually does damage. Classifications of Identity Theft SAMPLE ONLY

55 55 Methods of ID Information Retrieval: 2.First Party Sources: L.Technological Means: “Trojan Horses, Worms, and Viruses” Definitions in relation to Identity Theft: Virus (n.) Viruses can be used to replicate themselves quickly across a network, but in addition to causing hardware or software problems, they can be coded to look for informations and then send whatever information found to the fraudster. Worm (n.) Same as a virus. Trojan (n.) A computer program that someone sends you via , Instant Messaging, or even SMS that appears to be useful but that actually can either look for information to send to a fraudster, or actually give a remote fraudster control over you PC, thus exposing all your files to him. Classifications of Identity Theft SAMPLE ONLY

56 56 Methods of ID Information Retrieval: 2.First Party Sources: M.Technological Means: “Spyware” Definition by Webopedia.com: Spyware (n.) Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about addresses and even passwords and credit card numbers. See Microsoft Video on Phishing: Day1\Background\Spyware.exe Classifications of Identity Theft SAMPLE ONLY

57 57 Methods of ID Information Retrieval: 2.First Party Sources: N.Technological Means: “Hacking” With the plethora of other ways of getting Identity Information why would anyone resort to hacking? Answer: It may be the only way to get information from you! And there are experts who have the expertise to hack into your system. Classifications of Identity Theft SAMPLE ONLY

58 58 Methods of ID Information Retrieval: 2.Other Sources: A.International IDs Now many states are accepting Mexican “matricula consular” cards as proof of identity. This has many people worried because it is believed that these cards are easy to falsify. The question about the validity of the “matricula consular” cards as a proof of ID is currently “HOTLY” debated in the US. Passports and Visas to the US can be falsified. Belo Horizante, Brazil is known for falsifying documents such as passports and visas. However, chances are very small that they would work going through an Immigration Checkpoint. Instead, these false documents serve to help the user to obtain services in the US. Using a fake foreign passport and visa would be the author’s method of choice. Classifications of Identity Theft SAMPLE ONLY

59 59 Methods of ID Information Retrieval: 2.Other Sources: A.International IDs The required documentation needed for a Mexican Citizen to obtain a “Matricula Consular” Card: (taken directly from the Mexican Consulate in San Diego Website. )http://www.sre.gob.mx/sandiego/ One of the following documents: Mexican Birth Certificate National ID Card National Mexican Official Declaration Mexican Passport A High Security Matrícula Consular Card Prove identity with a photo-ID such as: Voter registration card with photo Mexican Driver’s License California Driver’s License Mexican School ID with Photo Mexican Passport with Photo Whatever “official” document with photo either from Mexico or California Classifications of Identity Theft SAMPLE ONLY

60 60 Methods of ID Information Retrieval: 2.Other Sources: A.International IDs The required documentation needed for a Mexican Citizen to obtain a “Matricula Consular" Card: (taken directly from the Mexican Consulate in San Diego Website. )http://www.sre.gob.mx/sandiego/ Prove local residence with: Utilities receipts (gas, electricity, telephone, water, etc.) Rent Payment Receipt Medical document A letter with name and address. Other documents that show name and address. Cost: $27.00 Classifications of Identity Theft SAMPLE ONLY

61 61 Methods of ID Information Retrieval: 2.Other Sources: A.International IDs The Matricula: Good for Everything and for Everybody? March 18, 2005 Jorge Mújica Murias – La Raza The Executive Committee of the Illinois Senate this week approved with minor discussion SB 1623 introduced by Martín Sandoval. This bill would oblige state authorities at all levels to accept consular matriculas as official identification documents. The bill defines the matricula as official identification issued by a foreign government through its consulates to its citizens living abroad. SB 1623 directs all offices and local authorities in the state to accept matriculas as valid identification, although it does not forbid their requesting other documents to confirm the information. This includes, for example, all police departments in Illinois. The senator says this law will help immigrants identify themselves while at the same time benefiting the police and financial institutions, improving their relations with immigrants. Classifications of Identity Theft SAMPLE ONLY

62 62 Classifications of Identity Theft Methods of ID Information Retrieval: 2.Other Sources: Q: Is it possible to Steal an Identity without having access to Identity Information? A: Consider the case of Clip-on Telephone Fraud. A: Consider the case of Cellular Cloning. If we assume that just because the originating number is associated with an identity, then we can make the mistake of providing credit to someone other than the True Identity. SAMPLE ONLY


Download ppt "IDENTITY THEFT Day 1: Background of Identity Theft SAMPLE ONLY."

Similar presentations


Ads by Google