Presentation is loading. Please wait.

Presentation is loading. Please wait.

Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, Author,

Similar presentations

Presentation on theme: "Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, Author,"— Presentation transcript:

1 Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, Author, Barbara Fullerton, Director of Library Services Locke Liddell & Sapp LLP

2 Barbara J. Fullerton & Sabrina I. Pacifici Be Alert, Be Wary, and Be Informed This presentation highlights federal, state, association, advocacy, corporate, commercial and news related resources providing reliable data that addresses the issues of spam, fraudulent website claims and offers, and attempts to obtain personal data to perpetrate ID theft. Websites and resources have been selected based on authority and topical relevance. We welcome your suggestions and recommendations for relevant sites not mentioned, for inclusion in this guide.

3 Barbara J. Fullerton & Sabrina I. Pacifici Is This Spam?

4 Barbara J. Fullerton & Sabrina I. Pacifici This is Spam… Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" –Email that is unwanted, inappropriate and no longer wanted… _mkt/article.php/1492521 Stats on Spam ts.html

5 Barbara J. Fullerton & Sabrina I. Pacifici Spam Laws – Federal and State Spam Laws, Federal - –CAN-SPAM Act of 2003 Spam Laws, State -

6 Barbara J. Fullerton & Sabrina I. Pacifici The Difficulties of Tracing Spam Email – Report prepared at request of FTC

7 Barbara J. Fullerton & Sabrina I. Pacifici Example: Spam Reduction Policy This is one of a number of internet and extranet sites (each, a Practice Website) accessed through the Internet and sponsored, owned, controlled and/or maintained by Mayer, Brown, Rowe & Maw (which is a combination of two limited liability partnerships, each named Mayer, Brown, Rowe & Maw LLP, one established in Illinois, USA, and one incorporated in England) (together with all owned or controlled subsidiaries and affiliates thereof (collectively, the Practice)) whose principal place of business in the United States of America is 190 South LaSalle Street, Chicago, Illinois 60603-3441. Introduction Receipt of Unsolicited Bulk Email (UBE also known as "spam") is a growing concern for Email users at the Practice. This document provides a description of what the Practice is doing about it, why and how that affects senders. This document serves several purposes and addresses several types of readers. 1.The user who wants to know what the Practice is doing about spam. 2.The legitimate user who finds that he/she is no longer able to send Email to a Practice user

8 Barbara J. Fullerton & Sabrina I. Pacifici What Companies are Doing AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails If you receive an e-mail that you believe could be fraudulent, immediately forward it to Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto- generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American ExpressContact American Express –,1641,21372,00. asp,1641,21372,00. asp

9 Barbara J. Fullerton & Sabrina I. Pacifici

10 E-Mail Fraud From U.S. Bank: Email Fraud Information and Help – Customer Alert and Data on Phishing Scams Email Threat Advisories Firewall to fry spam – A firewall designed to eliminate email spam has been developed at Queensland University.

11 Barbara J. Fullerton & Sabrina I. Pacifici

12 The Good Old Days… Where are the Hackers? Hackers now chase money… not just the thrill of breaking into a website.

13 Barbara J. Fullerton & Sabrina I. Pacifici What is Phishing? --- listening to music by the band called Phish --- a hobby, sport or recreation involving the ocean, rivers or streams…nope Fishing for personal information Use spoofed e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. –Anti-Phishing Working Group

14 Barbara J. Fullerton & Sabrina I. Pacifici Example of Phishing From: Customer Support [] Sent: Thursday, October 07, 2004 7:53 PM To: Eilts Subject: NOTE! Citibank account suspend in process Dear Customer: Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow: Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R) Regards, Citibank(R) Card Department (C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc

15 Barbara J. Fullerton & Sabrina I. Pacifici How to Detect Deception Publish your mail server addresses (to thwart spoofing) Educate customers (and employees) Establish online communication protocols Create a response plan now Proactively monitor for phishers and fraud Make yourself a difficult target

16 Barbara J. Fullerton & Sabrina I. Pacifici Prevent Phishing from Fraud Watch International Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for personal information Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask!

17 Barbara J. Fullerton & Sabrina I. Pacifici Industry Sponsored Anti-Phishing Efforts The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing. –An updated chart of examples of phishing attacks submitted to are available here: White Paper, Anti-Spam Technical Alliance, 22 June 2004, Microsoft Anti-Spam Virtual Press Room, sp sp TECF – Trusted Electronic Communications Forum –The Trusted Electronic Communications Forum (TECF) is a global, cross-industry consortium of industry leaders focused on efforts to eliminate the phishing and spoofing attacks that lead to identity theft and brand distrust.

18 Barbara J. Fullerton & Sabrina I. Pacifici

19 What is ID Theft? Identity theft is a crime in which an imposter obtains key pieces of information such as Social Security and driver's license numbers and uses it for their own personal gain. ID Theft Resource Center

20 Barbara J. Fullerton & Sabrina I. Pacifici Preventing ID Theft tips from & Find out how your information will be used Pay attention to your billing cycles Put passwords on all your accounts Minimize the ID information & number of cards you carry Find out who has access to your PI at work and verify records are kept in a secure location Legitimate organizations with whom you do business have the info needed & should not ask you for it Give your SSN only when absolutely necessary Order a copy of your credit report from the 3 major credit reporting agencies Use one credit card for Internet purchases. Minimum amount.

21 Barbara J. Fullerton & Sabrina I. Pacifici


23 Barbara J. Fullerton & Sabrina I. Pacifici Federal Legislation on ID Theft Identity Theft Penalty Enhancement Act (ITPEA), signed by the President on July 15, 2004 - To amend title 18, United States Code, to establish penalties for aggravated identity theft, and for other purposes. –The Presidents remarks upon signing the bill: 3.html 3.html –The text of the bill: For Reference, see also the Fair and Accurate Credit Transactions Act of 2003, H.R.2622, To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes. Became Public Law No: 108-159.

24 Barbara J. Fullerton & Sabrina I. Pacifici Selected Pending Federal Legislation Anti-phishing Act of 2004, S. 2636, introduced July 9, 2004 - –See also The Anti-Phishing Act of 2004: A Useful Tool Against Identity Theft, The SPY BLOCK Act, S. 2145, introduced February 27, 2004 –11/19/2004 Placed on Senate Legislative Calendar under General Orders. Calendar No. 811. – The Safeguard Against Privacy Invasions Act or Spy Act, H.R. 2929 Social Security Number Privacy and Identity Theft Prevention Act of 2003, HR 2971,

25 Barbara J. Fullerton & Sabrina I. Pacifici Sites Sponsored By Advocacy Groups National Fraud Information Center/Internet Fraud Watch The Better Business Bureau Online Call For Action Identity Theft Resource Center Privacy Rights Clearinghouse Center for Democracy and Technology webpage on Spyware - Internet Fraud Tips from the National Consumer Leagues Internet Fraud Watch

26 Barbara J. Fullerton & Sabrina I. Pacifici

27 Federal Trade Commission Resources on ID Theft The Federal Trade Commission ( serves as clearinghouse to receive consumer complaints and provide assistance. National and State Trends in Fraud and Identity Theft, January – December 2003, ID Theft: When Bad Things Happen To Your Good Name: a step- by-step guide to prevent ID theft that also provides useful documentation on services and resources available to those who are already victims of fraud. ID Theft Complaint Input Form$.startup?Z_ORG_CODE=PU03$.startup?Z_ORG_CODE=PU03 ID Theft Alert website reviews how identity thieves work, provides government reports and Congressional testimony, law enforcement updates and links to other identity theft sites.

28 Barbara J. Fullerton & Sabrina I. Pacifici


30 Security Freeze to Prevent ID Theft Your file cannot be shared with potential creditors. Most businesses will not open credit accounts without checking a consumer's credit history first. Must write to all 3 credit companies; set-up with PIN You can order a credit report, but no one else can Only available in 2 states –California and Texas –Louisiana and Vermont make it available July 2005 –See this AP article, Credit bureaus shun identity theft weapon,, for more details Only you can unfreeze it Used only in extreme measures Fee for lifting the freeze: $10-$15 for each transaction

31 Barbara J. Fullerton & Sabrina I. Pacifici At Home: Preventing ID Theft If you are buying a new computer, you need to take the following steps to prevent your information from being stolen from your old computer –Clean your disk –Destroy that hard drive, or remove it –Donate rest of computer to charity or recycle it

32 Barbara J. Fullerton & Sabrina I. Pacifici Other Resources on PC Security, Spam and ID Theft, sponsored by the federal government FTC-Spam Homepage ml ml FTC ID Theft Homepage - FTC Consumer Information Security website - United States Postal Service, Pub 280, August 2003, Safeguard your personal information,

33 Barbara J. Fullerton & Sabrina I. Pacifici Department of Justice Resources on ID Theft and Online Fraud Criminal Division, Fraud Section Special Report on "Phishing Foreign Corrupt Practices Act (FCPA) Identity Theft and Identity Fraud Internet Fraud

34 Barbara J. Fullerton & Sabrina I. Pacifici Federal Deposit Insurance Corp. and Social Security Administration Resources FDIC –When a Criminal's Cover Is Your Identity Social Security Administration –Identity Theft And Your Social Security Number, –Public Fraud Reporting Home Page, –Enhancing Social Security Number Privacy hes/06152004testimony.htm hes/06152004testimony.htm –Fact Sheet, Social Security Identity Theft, Committee on Ways & Means

35 Barbara J. Fullerton & Sabrina I. Pacifici State Specific Resources on ID Theft: California California: Financial Information Privacy Act ID Theft: California Right to "Freeze" Your Credit History –How to put a freeze on your credit file - DMV Information about Fraud and Identity Theft - Office of the Attorney General, Identity Theft Data

36 Barbara J. Fullerton & Sabrina I. Pacifici More State Resources on ID Theft Louisiana credit freeze info Links to State Attorneys General Websites ID Theft Statutes as of July 2003 National Conference of State Legislatures (NCSL), Identity Theft Information, Identity Theft Legislation updated as of August 20, 2004 2003 Enacted Identity Theft Legislation

37 Barbara J. Fullerton & Sabrina I. Pacifici Credit Card Companies Equifax Phone: 800-685-1111; P.O. Box 105788, Atlanta, GA 30348 Experian Phone: 888-397-3742; P.O. Box 95554, Allen, TX 75013 TransUnion Phone: 888-909-8872; P.O. Box 6790, Fullerton, CA 92834 Consumer Infos Free Credit Report

38 Dont Like those Nasty Pre- Approved Credit Card Offers? Opt Out! 1-888-5OPTOUT Good for 2 years or permanent

39 Barbara J. Fullerton & Sabrina I. Pacifici What is Spyware? Any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Defined by

40 Barbara J. Fullerton & Sabrina I. Pacifici What is Adware? Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. Defined by,

41 Barbara J. Fullerton & Sabrina I. Pacifici Resources on Spyware Who Downloaded the Spyware? Not Me! by Chris Hayes, May 24, 2004, Spyware: What You Don't Know Can Hurt You, Hearing by the Subcommittee on Commerce, Trade, and Consumer Protection, April 29, 2004, Link to Witness List & Prepared Testimony, Related Documents and Bills, Spyware Warrior, Waging the war against spyware Spyware vs. spyware Lawmakers are preparing to attack spyware, but efforts could criminalize common tools and techniques currently in use. McAfee releases VirusScan with intrusion prevention

42 Barbara J. Fullerton & Sabrina I. Pacifici Blog devoted to fighting spyware – Spyware Warrior

43 Barbara J. Fullerton & Sabrina I. Pacifici Additional Resources on Spyware From Lehigh University Library & Technical Services, Guide to Spybot Search & Destroy 1.3: Downloading, Installing, and Using Spybot -, the blog on law and technology news: postings on spyware yware yware And for broadband users, this article, recommends free applications and software. Fraud Watch International Techweb 2004's Most Popular Viruses, and Hacking Tools, Douglas Chick

44 Barbara J. Fullerton & Sabrina I. Pacifici

45 Barbara J. Fullerton & Sabrina I. Pacifici Spyware Warrior – links to spyware help forums and free anti-spyware software

46 Barbara J. Fullerton & Sabrina I. Pacifici Selected Anti-Spyware Articles & Resources Spy Stoppers by Cade Metz, March 2, 2004,,4149,1525474,00.aspCade Metz,4149,1525474,00.asp Compare Top Spyware Removers, Spyware - It's lurking on your machine, by Cade Metz,,1759,978170,00.aspCade Metz,1759,978170,00.asp Your PC May Be A Haven for Spies, by Dan Tynan,,aid,116526,00.asp,aid,116526,00.asp Poor Defenders – Some anti-spyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors.,aid,118362,00.asp,aid,118362,00.asp,aid,116302,00.asp Special Report: Readers Take The Offensive Against Spyware, Aug. 9, 2004, The Soft Invasion, by Walter S. Mossberg, August 2004, WSJ, Microsofts Protect Your PC site

47 Barbara J. Fullerton & Sabrina I. Pacifici Selected Software Ad-Aware Spybot Search and Destroy PAL Emergency Response AVG Anti-Virus free edition

Download ppt "Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, Author,"

Similar presentations

Ads by Google