Presentation on theme: "Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, LLRX.com www.llrx.com Author, beSpacific.com www.bespacific.com."— Presentation transcript:
Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, LLRX.com www.llrx.com Author, beSpacific.com www.bespacific.com Barbara Fullerton, Director of Library Services Locke Liddell & Sapp LLP email@example.com
Barbara J. Fullerton & Sabrina I. Pacifici Be Alert, Be Wary, and Be Informed This presentation highlights federal, state, association, advocacy, corporate, commercial and news related resources providing reliable data that addresses the issues of spam, fraudulent website claims and offers, and attempts to obtain personal data to perpetrate ID theft. Websites and resources have been selected based on authority and topical relevance. We welcome your suggestions and recommendations for relevant sites not mentioned, for inclusion in this guide.
Barbara J. Fullerton & Sabrina I. Pacifici Is This Spam?
Barbara J. Fullerton & Sabrina I. Pacifici This is Spam… Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" –Email that is unwanted, inappropriate and no longer wanted… http://www.clickz.com/experts/em_mkt/em _mkt/article.php/1492521 Stats on Spam http://www.mailfrontier.com/threats/sta ts.html
Barbara J. Fullerton & Sabrina I. Pacifici Spam Laws – Federal and State Spam Laws, Federal - http://www.spamlaws.com/federal/index.html http://www.spamlaws.com/federal/index.html –CAN-SPAM Act of 2003 http://www.spamlaws.com/federal/108s877.html http://www.spamlaws.com/federal/108s877.html Spam Laws, State - http://www.spamlaws.com/state/index.html http://www.spamlaws.com/state/index.html
Barbara J. Fullerton & Sabrina I. Pacifici The Difficulties of Tracing Spam Email – Report prepared at request of FTC
Barbara J. Fullerton & Sabrina I. Pacifici Example: Spam Reduction Policy This is one of a number of internet and extranet sites (each, a Practice Website) accessed through the Internet and sponsored, owned, controlled and/or maintained by Mayer, Brown, Rowe & Maw (which is a combination of two limited liability partnerships, each named Mayer, Brown, Rowe & Maw LLP, one established in Illinois, USA, and one incorporated in England) (together with all owned or controlled subsidiaries and affiliates thereof (collectively, the Practice)) whose principal place of business in the United States of America is 190 South LaSalle Street, Chicago, Illinois 60603-3441. Introduction Receipt of Unsolicited Bulk Email (UBE also known as "spam") is a growing concern for Email users at the Practice. This document provides a description of what the Practice is doing about it, why and how that affects senders. This document serves several purposes and addresses several types of readers. 1.The user who wants to know what the Practice is doing about spam. 2.The legitimate user who finds that he/she is no longer able to send Email to a Practice user https://registration.mayerbrownrowe.com/registration/helpcenter/spam.asp
Barbara J. Fullerton & Sabrina I. Pacifici What Companies are Doing AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails If you receive an e-mail that you believe could be fraudulent, immediately forward it to firstname.lastname@example.org. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto- generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American ExpressContact American Express –http://www10.americanexpress.com/sif/cda/page/0,1641,21372,00. asphttp://www10.americanexpress.com/sif/cda/page/0,1641,21372,00. asp
E-Mail Fraud From U.S. Bank: Email Fraud Information and Help – Customer Alert and Data on Phishing Scams http://tinyurl.com/2h3vv http://tinyurl.com/2h3vv Email Threat Advisories http://www.mailfrontier.com/threats/advisories/threat_index.html http://www.mailfrontier.com/threats/advisories/threat_index.html Firewall to fry spam – A firewall designed to eliminate email spam has been developed at Queensland University. http://tinyurl.com/4w23r http://tinyurl.com/4w23r
The Good Old Days… Where are the Hackers? Hackers now chase money… not just the thrill of breaking into a website.
Barbara J. Fullerton & Sabrina I. Pacifici What is Phishing? --- listening to music by the band called Phish --- a hobby, sport or recreation involving the ocean, rivers or streams…nope Fishing for personal information Use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. –Anti-Phishing Working Group http://www.antiphishing.org/ http://www.antiphishing.org/
Barbara J. Fullerton & Sabrina I. Pacifici Example of Phishing From: Customer Support [mailto:email@example.com] Sent: Thursday, October 07, 2004 7:53 PM To: Eilts Subject: NOTE! Citibank account suspend in process Dear Customer: Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow: http://188.8.131.52/citifi/. Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R) http://184.108.40.206/citifi/ Regards, Citibank(R) Card Department (C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc
Barbara J. Fullerton & Sabrina I. Pacifici How to Detect Deception Publish your mail server addresses (to thwart spoofing) Educate customers (and employees) Establish online communication protocols Create a response plan now Proactively monitor for phishers and fraud Make yourself a difficult target http://www.cio.com/archive/090104/phish.html
Barbara J. Fullerton & Sabrina I. Pacifici Prevent Phishing from Fraud Watch International Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for personal information Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask!
Barbara J. Fullerton & Sabrina I. Pacifici Industry Sponsored Anti-Phishing Efforts The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. http://www.antiphishing.org/http://www.antiphishing.org/ –An updated chart of examples of phishing attacks submitted to antiphishing.org are available here: http://www.antiphishing.org/phishing_archive.htm http://www.antiphishing.org/phishing_archive.htm White Paper, Anti-Spam Technical Alliance, 22 June 2004, http://tinyurl.com/2qaje http://tinyurl.com/2qaje Microsoft Anti-Spam Virtual Press Room, http://www.microsoft.com/presspass/events/antispam/material.a sp http://www.microsoft.com/presspass/events/antispam/material.a sp TECF – Trusted Electronic Communications Forum http://www.tecf.org/ http://www.tecf.org/ –The Trusted Electronic Communications Forum (TECF) is a global, cross-industry consortium of industry leaders focused on efforts to eliminate the phishing and spoofing attacks that lead to identity theft and brand distrust.
What is ID Theft? Identity theft is a crime in which an imposter obtains key pieces of information such as Social Security and driver's license numbers and uses it for their own personal gain. ID Theft Resource Center http://www.idtheftcenter.org/index.shtml
Barbara J. Fullerton & Sabrina I. Pacifici Preventing ID Theft tips from CNN.com & FTC.gov Find out how your information will be used Pay attention to your billing cycles Put passwords on all your accounts Minimize the ID information & number of cards you carry Find out who has access to your PI at work and verify records are kept in a secure location Legitimate organizations with whom you do business have the info needed & should not ask you for it Give your SSN only when absolutely necessary Order a copy of your credit report from the 3 major credit reporting agencies Use one credit card for Internet purchases. Minimum amount.
Barbara J. Fullerton & Sabrina I. Pacifici Federal Legislation on ID Theft Identity Theft Penalty Enhancement Act (ITPEA), signed by the President on July 15, 2004 - To amend title 18, United States Code, to establish penalties for aggravated identity theft, and for other purposes. –The Presidents remarks upon signing the bill: http://www.whitehouse.gov/news/releases/2004/07/20040715- 3.html http://www.whitehouse.gov/news/releases/2004/07/20040715- 3.html –The text of the bill: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.01731: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.01731 For Reference, see also the Fair and Accurate Credit Transactions Act of 2003, H.R.2622, To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes. Became Public Law No: 108-159. http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02622http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02622:
Barbara J. Fullerton & Sabrina I. Pacifici Selected Pending Federal Legislation Anti-phishing Act of 2004, S. 2636, introduced July 9, 2004 - http://thomas.loc.gov/cgi-bin/query/z?c108:S.2636.IS: http://thomas.loc.gov/cgi-bin/query/z?c108:S.2636.IS –See also The Anti-Phishing Act of 2004: A Useful Tool Against Identity Theft, http://writ.news.findlaw.com/ramasastry/20040816.html http://writ.news.findlaw.com/ramasastry/20040816.html The SPY BLOCK Act, S. 2145, introduced February 27, 2004 –11/19/2004 Placed on Senate Legislative Calendar under General Orders. Calendar No. 811. –http://thomas.loc.gov/cgi-bin/query/z?c108:S.2145.RS:http://thomas.loc.gov/cgi-bin/query/z?c108:S.2145.RS The Safeguard Against Privacy Invasions Act or Spy Act, H.R. 2929 http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02929: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02929 Social Security Number Privacy and Identity Theft Prevention Act of 2003, HR 2971, http://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2971.IH: http://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2971.IH
Barbara J. Fullerton & Sabrina I. Pacifici Sites Sponsored By Advocacy Groups National Fraud Information Center/Internet Fraud Watch http://www.fraud.org/welcome.htm http://www.fraud.org/welcome.htm The Better Business Bureau Online http://www.bbbonline.org/idtheft/phishing.asp http://www.bbbonline.org/idtheft/phishing.asp Call For Action http://www.callforaction.org/ Identity Theft Resource Center http://www.idtheftcenter.org/index.shtml http://www.idtheftcenter.org/index.shtml Privacy Rights Clearinghouse http://www.privacyrights.org/identity.htm http://www.privacyrights.org/identity.htm Center for Democracy and Technology webpage on Spyware - http://www.cdt.org/privacy/spyware/http://www.cdt.org/privacy/spyware/ Internet Fraud Tips from the National Consumer Leagues Internet Fraud Watch http://www.fraud.org/tips/internet/phishing.htm http://www.fraud.org/tips/internet/phishing.htm
Federal Trade Commission Resources on ID Theft The Federal Trade Commission (http://www.ftc.gov) serves as clearinghouse to receive consumer complaints and provide assistance.http://www.ftc.gov National and State Trends in Fraud and Identity Theft, January – December 2003, http://www.consumer.gov/sentinel/pubs/Top10Fraud_2003.pdf http://www.consumer.gov/sentinel/pubs/Top10Fraud_2003.pdf ID Theft: When Bad Things Happen To Your Good Name: a step- by-step guide to prevent ID theft that also provides useful documentation on services and resources available to those who are already victims of fraud. http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm ID Theft Complaint Input Form https://rn.ftc.gov/dod/widtpubl$.startup?Z_ORG_CODE=PU03 https://rn.ftc.gov/dod/widtpubl$.startup?Z_ORG_CODE=PU03 ID Theft Alert website reviews how identity thieves work, provides government reports and Congressional testimony, law enforcement updates and links to other identity theft sites. http://www.consumer.gov/idtheft/ http://www.consumer.gov/idtheft/
Security Freeze to Prevent ID Theft Your file cannot be shared with potential creditors. Most businesses will not open credit accounts without checking a consumer's credit history first. Must write to all 3 credit companies; set-up with PIN You can order a credit report, but no one else can Only available in 2 states –California and Texas –Louisiana and Vermont make it available July 2005 –See this AP article, Credit bureaus shun identity theft weapon, http://msnbc.msn.com/id/5841962/, for more details http://msnbc.msn.com/id/5841962/ Only you can unfreeze it Used only in extreme measures Fee for lifting the freeze: $10-$15 for each transaction
Barbara J. Fullerton & Sabrina I. Pacifici At Home: Preventing ID Theft If you are buying a new computer, you need to take the following steps to prevent your information from being stolen from your old computer –Clean your disk –Destroy that hard drive, or remove it –Donate rest of computer to charity or recycle it
Barbara J. Fullerton & Sabrina I. Pacifici Other Resources on PC Security, Spam and ID Theft, sponsored by the federal government FTC-Spam Homepage http://www.ftc.gov/bcp/conline/edcams/spam/index.ht ml http://www.ftc.gov/bcp/conline/edcams/spam/index.ht ml FTC ID Theft Homepage - http://www.consumer.gov/idtheft/ http://www.consumer.gov/idtheft/ FTC Consumer Information Security website - http://www.ftc.gov/infosecurity/ http://www.ftc.gov/infosecurity/ United States Postal Service, Pub 280, August 2003, Safeguard your personal information, http://www.usps.com/cpim/ftp/pubs/pub280.pdf http://www.usps.com/cpim/ftp/pubs/pub280.pdf
Barbara J. Fullerton & Sabrina I. Pacifici Department of Justice Resources on ID Theft and Online Fraud Criminal Division, Fraud Section http://www.usdoj.gov/criminal/fraud.html http://www.usdoj.gov/criminal/fraud.html Special Report on "Phishing http://www.usdoj.gov/criminal/fraud/Phishing.pdf Foreign Corrupt Practices Act (FCPA) http://www.usdoj.gov/criminal/fraud/fcpa.html http://www.usdoj.gov/criminal/fraud/fcpa.html Identity Theft and Identity Fraud http://www.usdoj.gov/criminal/fraud/idtheft.html http://www.usdoj.gov/criminal/fraud/idtheft.html Internet Fraud http://www.usdoj.gov/criminal/fraud/Internet.htm http://www.usdoj.gov/criminal/fraud/Internet.htm
Barbara J. Fullerton & Sabrina I. Pacifici Federal Deposit Insurance Corp. and Social Security Administration Resources FDIC –When a Criminal's Cover Is Your Identity http://www.fdic.gov/consumers/privacy/criminalscover/index.html http://www.fdic.gov/consumers/privacy/criminalscover/index.html Social Security Administration –Identity Theft And Your Social Security Number, http://www.socialsecurity.gov/pubs/10064.html http://www.socialsecurity.gov/pubs/10064.html –Public Fraud Reporting Home Page, http://www.socialsecurity.gov/oig/public_fraud_reporting/index.htm http://www.socialsecurity.gov/oig/public_fraud_reporting/index.htm –Enhancing Social Security Number Privacy http://www.socialsecurity.gov/oig/communications/testimony_speec hes/06152004testimony.htm http://www.socialsecurity.gov/oig/communications/testimony_speec hes/06152004testimony.htm –Fact Sheet, Social Security Identity Theft, Committee on Ways & Means http://waysandmeans.house.gov/media/pdf/ss/factsheet.pdf http://waysandmeans.house.gov/media/pdf/ss/factsheet.pdf
Barbara J. Fullerton & Sabrina I. Pacifici State Specific Resources on ID Theft: California California: Financial Information Privacy Act http://www.privacy.ca.gov/sb1/sb1.htm http://www.privacy.ca.gov/sb1/sb1.htm ID Theft: http://www.privacy.ca.gov/cover/identitytheft.htmhttp://www.privacy.ca.gov/cover/identitytheft.htm California Right to "Freeze" Your Credit History http://www.privacy.ca.gov/financial/cfreeze.htm http://www.privacy.ca.gov/financial/cfreeze.htm –How to put a freeze on your credit file - http://www.privacy.ca.gov/financial/cfreezeon.htm http://www.privacy.ca.gov/financial/cfreezeon.htm DMV Information about Fraud and Identity Theft - http://www.dmv.ca.gov/consumer/fraud.htm http://www.dmv.ca.gov/consumer/fraud.htm Office of the Attorney General, Identity Theft Data http://caag.state.ca.us/idtheft/index.htm http://caag.state.ca.us/idtheft/index.htm
Barbara J. Fullerton & Sabrina I. Pacifici More State Resources on ID Theft Louisiana credit freeze info http://www.ag.state.la.us/calerts/alert0004.aspx http://www.ag.state.la.us/calerts/alert0004.aspx Links to State Attorneys General Websites http://www.findlaw.com/11stategov/indexag.html http://www.findlaw.com/11stategov/indexag.html ID Theft Statutes as of July 2003 http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm National Conference of State Legislatures (NCSL), Identity Theft Information, http://www.ncsl.org/programs/lis/privacy/idtheft.htm http://www.ncsl.org/programs/lis/privacy/idtheft.htm Identity Theft Legislation updated as of August 20, 2004 http://www.ncsl.org/programs/lis/privacy/idt-01legis.htm http://www.ncsl.org/programs/lis/privacy/idt-01legis.htm 2003 Enacted Identity Theft Legislation http://www.ncsl.org/programs/lis/privacy/idt-03enacted.htm http://www.ncsl.org/programs/lis/privacy/idt-03enacted.htm
Barbara J. Fullerton & Sabrina I. Pacifici Credit Card Companies Equifax Phone: 800-685-1111; P.O. Box 105788, Atlanta, GA 30348 Experian Phone: 888-397-3742; P.O. Box 95554, Allen, TX 75013 TransUnion Phone: 888-909-8872; P.O. Box 6790, Fullerton, CA 92834 Consumer Infos Free Credit Report http://tinyurl.com/49rug
Dont Like those Nasty Pre- Approved Credit Card Offers? Opt Out! 1-888-5OPTOUT Good for 2 years or permanent
Barbara J. Fullerton & Sabrina I. Pacifici What is Spyware? Any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Defined by searchCRM.com
Barbara J. Fullerton & Sabrina I. Pacifici What is Adware? Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. Defined by searchSmallBizIT.com, http://searchsmallbizit.techtarget.com/ http://searchsmallbizit.techtarget.com/
Barbara J. Fullerton & Sabrina I. Pacifici Resources on Spyware Who Downloaded the Spyware? Not Me! by Chris Hayes, May 24, 2004, http://www.llrx.com/features/spyware.htmhttp://www.llrx.com/features/spyware.htm Spyware: What You Don't Know Can Hurt You, Hearing by the Subcommittee on Commerce, Trade, and Consumer Protection, April 29, 2004, Link to Witness List & Prepared Testimony, Related Documents and Bills, http://energycommerce.house.gov/108/Hearings/04292004hearing1255/hearing.htm http://energycommerce.house.gov/108/Hearings/04292004hearing1255/hearing.htm Spyware Warrior, Waging the war against spyware http://www.netrn.net/spywareblog/ http://www.netrn.net/spywareblog/ Spyware vs. spyware Lawmakers are preparing to attack spyware, but efforts could criminalize common tools and techniques currently in use. http://www.infoworld.com/article/04/08/30/HNspyware_1.html http://www.infoworld.com/article/04/08/30/HNspyware_1.html McAfee releases VirusScan with intrusion prevention http://www.infoworld.com/article/04/08/30/HNmcafeevirusscan_1.html http://www.infoworld.com/article/04/08/30/HNmcafeevirusscan_1.html
Barbara J. Fullerton & Sabrina I. Pacifici Blog devoted to fighting spyware – Spyware Warrior
Barbara J. Fullerton & Sabrina I. Pacifici Additional Resources on Spyware From Lehigh University Library & Technical Services, Guide to Spybot Search & Destroy 1.3: Downloading, Installing, and Using Spybot - http://www.lehigh.edu/~inlts/help/spyware/spybotinstall.html http://www.lehigh.edu/~inlts/help/spyware/spybotinstall.html beSpacific.com, the blog on law and technology news: postings on spyware http://www.bespacific.com/mt/mtsearch.cgi?IncludeBlogs=1&search=sp yware http://www.bespacific.com/mt/mtsearch.cgi?IncludeBlogs=1&search=sp yware And for broadband users, this article, http://www.thebusinessledger.com/Articles.asp?artId=573&isuID=25 recommends free applications and software. http://www.thebusinessledger.com/Articles.asp?artId=573&isuID=25 Fraud Watch International http://www.fraudwatchinternational.com Techweb http://www.techweb.com 2004's Most Popular Viruses, and Hacking Tools, Douglas Chick http://www.thenetworkadministrator.com/top2004hackertools.htm
Barbara J. Fullerton & Sabrina I. Pacifici http://www.lehigh.edu/~inlts/help/spyware/spybotinstall.html
Barbara J. Fullerton & Sabrina I. Pacifici Spyware Warrior – links to spyware help forums and free anti-spyware software
Barbara J. Fullerton & Sabrina I. Pacifici Selected Anti-Spyware Articles & Resources Spy Stoppers by Cade Metz, March 2, 2004, http://www.pcmag.com/article2/0,4149,1525474,00.aspCade Metz http://www.pcmag.com/article2/0,4149,1525474,00.asp Compare Top Spyware Removers, http://www.spywareremoversreview.com/ http://www.spywareremoversreview.com/ Spyware - It's lurking on your machine, by Cade Metz, http://www.pcmag.com/article2/0,1759,978170,00.aspCade Metz http://www.pcmag.com/article2/0,1759,978170,00.asp Your PC May Be A Haven for Spies, by Dan Tynan, http://www.pcworld.com/news/article/0,aid,116526,00.asp http://www.pcworld.com/news/article/0,aid,116526,00.asp Poor Defenders – Some anti-spyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors. http://www.pcworld.com/news/article/0,aid,118362,00.asphttp://www.pcworld.com/news/article/0,aid,118362,00.asp http://www.pcworld.com/resource/printable/article/0,aid,116302,00.asp Special Report: Readers Take The Offensive Against Spyware, Aug. 9, 2004, http://tinyurl.com/3jadnhttp://tinyurl.com/3jadn The Soft Invasion, by Walter S. Mossberg, August 2004, WSJ, http://ptech.wsj.com/archive/report-200408.html http://ptech.wsj.com/archive/report-200408.html Microsofts Protect Your PC site http://www.microsoft.com/athome/security/protect/ http://www.microsoft.com/athome/security/protect/
Barbara J. Fullerton & Sabrina I. Pacifici Selected Software Ad-Aware http://www.lavasoftusa.com/software/adaware/ http://www.lavasoftusa.com/software/adaware/ Spybot Search and Destroy http://www.spybot.info/en/index.html http://www.spybot.info/en/index.html PAL Emergency Response http://www.winxpfix.com/PAL-Emergency-Response.htm AVG Anti-Virus free edition http://free.grisoft.com/freeweb.php/doc/1/