Stealing Your Identity FAST FACTS - PowerPoint PPT Presentation

1 / 67

About This Presentation

Title:

Stealing Your Identity FAST FACTS

Description:

Please ask questions as we go, others may benefit from your query ... www.zabasearch.com. www.familytreesearcher.com. Part II. How Bad is it. ... – PowerPoint PPT presentation

Number of Views:149

Avg rating:3.0/5.0

Slides: 68

Provided by: ecl61

Category:

more less

Transcript and Presenter's Notes

Title: Stealing Your Identity FAST FACTS

1
Stealing Your IdentityFAST FACTS

What you dont know can cost you your life

2
Interaction is Good

Please ask questions as we go, others may benefit
from your query
No such thing as a stupid question This is a
very difficult subject
Lets try to stay on topic, but side discussions
are welcome

3
Overview

Introduction
Current situation How bad is it really ??
How does ID theft happen
Why should you protect your information
How does ID theft affect you
How to protect your information
What to do if you are a victim of ID theft

4
Introduction

Why trust me ??
More than 25 years experience in security
Industry Certified
CISSP
CISM
ISSAP
ISSMP
CEH
IAM
IEM

5
Why Alternate Identity

Anonymous
Financial Gain
Revenge

6
Your Identity

Social Security Number
Passport
Birth Certificate
Drivers License
Diploma
Credit Cards
Bank Accounts

7
Methods

Obtaining New Identity
Inheriting Identity
Stealing Identity

8
Obtaining Social Security Numbers

New SSN
Through Identity Theft
Juvenile Application Method
International Citizens
Witness Protection Program

9
International Citizens

Genuine Passports
Dominica and St.Kitts/Nevis
Venezuela
Camouflage Passports
British Honduras
Zanzibar
New Granada
Rhodesia
Lottery

10
New SSN Through Identity Theft

Police Reports
Credit Reports
FTC Reports
Name Changes

11
Other Identifications

Drivers License
Professional ID

12
Other Identifications

Birth Certificate

13
Other Identifications

Credit Cards

14
Other Identifications

Degrees and Certificates
Life Experience Degree
Rocheville University

15
The Address

PO Boxes public or private
Rural Routes
International Addresses
Property
Private
Industrial
Vacant
Office buildings
Broom closets
Other

16
Stealing an Identity

Postal System
Shoulder Surfing
Garbage
Hacking
Social Engineering
Inheritance

17
Stealing an identity

Finding the SSN
Mail System
Purchasing
Terminally ill
Public Records
DMV
Tax records
Internet
www.bestpeoplesearch.com
www.docusearch.com
www.gum-shoes.com
www.secret-info.sslrx.com
www.zabasearch.com
www.familytreesearcher.com

Part II

19
How Bad is it

ID Theft FBI/FTC 1 Crime Very real threat
Federal and state agencies are passing the buck
Scans and mass mailers will find you
Scanning and hacking systems are freely available
on the internet

20
How Bad is it..

General weak information security practices
everywhere
The Internet is NOT the most common vector
Physical theft is a much greater risk
Hackers, criminals and even terrorists are
actively looking for you
Watch out for scams

21
(No Transcript)
22
Hacking on the Internet

Google search results
Hacker 12,500,000 hits
Hacking Windows 2000
271,000 hits
Hacker tools 757,000
hits
Hacking tools 697,000
hits
Hacking Microsoft
545,000 hits
Hacking Linux 12,290,000 hits
Hacking Mac
266,000 hits
Hacker Exploits
103,000 hits
Computer Vulnerabilities 403,000
hits

23
SPAM Dominates Internet Traffic

In April of 2004, SPAM
topped 82 of all U.S. email.
Spam is estimated to cost U.S. corporations in
excess of 10 billion in lost productivity.

24
Reputation Money Diversion of Resources
Legal and Regulatory
25
The VIRUS Threat

95 of all businesses are
affected by viruses each year.
By number, there are well over 100,000 known
computer viruses.
Variations of 180 of the most potent viruses pose
the greatest threat.
Viruses are no longer recreational but
a growing tool of organized criminals
who use zombie computers.

26
The ZOMBIE Threat

Hackers dont use their own computer systems.
HACKERS USE YOUR COMPUTERS.
More and more hackers are gaining access to large
entities by entering through a small business or
home computer system.

27
Shortened Response Time

Writers of malicious code are developing viruses
as soon as weaknesses become apparent.
January 2003 -- The Slammer virus appears
several months after Microsoft releases a patch
for a vulnerability.
August 2005 - "IRCBOT.WORM" and "RBOT.CBQ
surface, exploiting flaws announced
by Microsoft less than five days prior.

28
Why Hack any Business ?

Because we have made it easy and
it is the most inconspicuous way to hack.
Inadequate or no firewalls to overcome
Easy or no passwords
No Intrusion Detection systems
The vast majority of businesses and home users
are completely unprotected and
ignorant.

29
Phishing
30
Phishing
31
Phishing
32
Phishing
33
Phishing
34
The 7 Top Errors in Addressing Risks
35
100 Security vs. Reality

No Silver Bullet
Requires constant vigilance
Nothing is truly secure
Tradeoff of functionality/convenience
More security Higher cost

36
How Does ID Theft Happen

Criminals get information through businesses
Stealing employee records
Bribing to access these records
Hacking into organizations computers

37
How Does ID Theft Happen

Types of information that can be stolen
Names
Addresses
Date of birth
Social security numbers
Phone numbers
ID cards (passport, driver license, bank card,
more)
Passwords (mothers maiden name, pin codes, more)
Credit Cards

38
How Does ID Theft Happen
Theft

Steal wallets and purses
containing id, credit cards, bank cards, checks
Steal personal information from your home
Steal mail from your mailbox
Pre approved credit offers, new checks, bank
statements, tax info, social security
infomore..

39
How Does ID Theft Happen
Dumpster Diving

Criminals rummage through trash to obtain
Credit card applications
Bills
Bank statements
Sticky Notes
Other valuable documents

40
How Does ID Theft Happen
Social Engineering

Criminals pose as
Government Officials
Legitimate business people
Cable Company
Online Provider
Phone Company

41
How Does ID Theft Happen
Who and Why

Who
Prior criminals branching out
First time criminals
Neighbors
Co-Workers
Friends and Family
Why
Financial gain
Revenge
Challenge

42
How does ID theft affect you

Impacts associated with ID theft.
Loss of funds
Negative impact to credit rating
Loss of time
Denied jobs
Denied loans
Tickets and warrants
Check writing privileges

43
How to protect your information

Protection software
Protection hardware
Passwords
E-mail security
Web browser security
Internet purchasing security
Encryption
Secure deletion (guard your trash)
Snail mail security
Credit card and check security
Telephone security

44
Electronic Information Security

Protection hardware
Protection Software
Patch, Patch, Patch
Use strong passwords
Encrypt where feasible
Beware of free credit reports
Dont give out valid information via e-mail, web
or otherwise fake it when you can.

45
The ring (fortress Model)

Think of walls around a fortress or castle
Never put an unprotected system on the internet
you are an accident waiting to happen.
Not protecting systems may become a crime Due
Care Act 1977

46
Protection Software

Personal firewalls
Anti virus
Spyware/Adware blockers
Others
Content filters
Pop up blockers
Cookie crushers
History scrubbers

47
Protection Hardware

Hardware Firewalls
Routers/modems
VPN
Wireless
USB Tokens
2 Way Authentication
Biometrics

48
Internet Purchasing Security

Get a webmail (or otherwise separate) account
for all personal transactions
keeps primary e-mail cleaner and less noisy
More than one may be needed
Only use credit cards with fraud protection
Consider using one-time credit card numbers
Use strong passwords

49
E-mail Security

Use special/restricted account for financial
activity
Dont unsubscribe to spam
Watch for phishing and other online scams
Microsoft
Paypal, Ebay
Various banks
Trust no one even friends/family
Learn attachment types
(.exe, .zip, .com, bat, .scr.)
Concerned Just dont open it !!!

50
Web Browser Security

You can easily be hacked through your web browser
Quickly becoming most common threat factor
Dont click OK/Yes on any prompt without
reading it very carefully
Dont click on pop-ups, use AltF4 or Alttab to
pop unders
Clean out cookies regularly
Do not allow browser to store passwords
Ensure padlock is visible before entering any
sensitive information
Consider an alternate browser such as Firefox

51
Encryption

Password safes
Store all passwords in a safe location accessed
by a single password
Hold multiple safes in one location
File encryption
Encrypt specific files
Encrypt entire drives or partitions
E-mail encryption (PGP, Gnupg)
Encrypt content attached to e-mail
Encrypt entire e-mail

52
Secure Deletion

Donating to charity ?
Giving your old system to friends ?
Throwing away an old hard drive ?
Dont forget to scrub your data
What is in your garbage ?
Purchase a shredder

53
Snail Mail Security

Dont leave mail in mailbox for long periods of
time
Lock your mailbox if you can
Pay online or direct debit/deposit if you can
Shred all sensitive information with a cross-cut
shredder even free offers
Request non-SSN unique identifiers for all bills
Periodic change of address form, just to be safe

54
Check Security

Use initials on checks instead of first name
Only use the last 4 digits of your credit card
number in the For/Memo space to pay checks to
credit card company
Use work phone number and address on checks
instead of home number (or use PO Box even
better!)
Never put your SSN on your checks
Shred any voided check

Tip photocopy all items in your wallet and keep
on file
55
Credit Card Security

Write down all toll free numbers
Dont sign credit cards, use PHOTO ID REQUIRED
instead
Handle credit card receipts carefully like cash
Shred all pre-approved offers
Shred all unused credit card checks
Shred anything with account info/number

56
Telephone Security

Cord vs. Cordless phones
Encrypted handset-to-base is the only secure
cordless (not cell/mobile) phone
Wireless/cordless traffic is easy to scan
Digit grabbers capture touchpad entries
Mobile/Cell phones
Mobile/cell traffic is easy to intercept
Bluetooth issues for mobile/cell phones
Viruses, DoS, Cross-talk
War-nibbling, Snarfing
Phone scams
a.k.a. Social Engineering
Yes/No recording
Fake charities
Phone phishing

57
Wireless Security

Use Encryption
Log events
Use Mac addressing
Upgrade to WPA

58
Home Network Security Checklist

Use a hardware firewall
Use a software firewall (w/IDS)
Patch, patch, patch - automatically
Use anti-virus and keep it updated (or
auto-update)
Use a spyware/adware blocker
Harden operating system
Dont use Admin account by default assign
specific users
Strong passwords upper and lower case, numbers,
special characters
Disable unnecessary services
Test your system periodically
Microsoft Baseline Security Analyzer
GRC Shields Up!
Configure wireless to be secure
Strong WEP key
MAC address restrictions
Wardriving happens

59
What To Do If Youre A Victim

Contact all creditors immediately!
Change account information/number
Remove SSN as identifier
Establish a password, if possible
Contact Credit Bureaus and get a Fraud Alert put
on your account
Experian, Equifax, Trans Union
Contact Federal agencies
Social Security Administration, Federal Bureau of
Investigation, Federal Trade Commission, Secret
Service, etc
Contact Police , FBI
Contact your Legislators
Monitor all accounts very closely (daily)

60
What To Do If Youre A Victim

Create a checklist and log --
Document all agencies and companies contacted
Document exactly what they are going to do to
remedy your issue and when they expect to have it
done (verify)
Get name of contact person you speak with every
time you call it may change
Record every phone number you call and if you get
transferred, write down the new number
Record time, number and duration of calls
Take extensive notes or record conversation
Be persistent! Ask to speak with a supervisor.
Dont take no for an answer unless you
absolutely have to

61
Fraud Reporting Resources

Experian (formerly TRW)
http//www.experian.com 888.397.3742
Equifax
http//www.equifax.com 800.525.6285
Trans Union
http//www.transunion.com 800.680.7289
Social Security Administration
http//www.consumer.gov/idtheft/ 800.269.0271
Federal Trade Commission
https//rn.ftc.gov/pls/dod/widtpubl.startup?Z_ORG
_CODEPU03 1.877.IDTHEFT (438.4338)
Federal Bureau of Investigation
http//www.fbi.gov
Secret Service
http//www.ustreas.gov/usss

62
Microsoft Security Resources

Microsoft Update Center
http//v4.windowsupdate.microsoft.com/en/default.a
sp
Microsoft Security Center
http//www.microsoft.com/security/
Microsoft Office Updates
http//office.microsoft.com/productupdates
Microsoft Security Bulletin Service
http//www.microsoft.com/technet/security/bulletin
/notify.asp
Microsoft Security Tools and Checklists
http//www.microsoft.com/technet/security/tools/to
ols.asp
Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/
tools/tools/MBSAHome.ASP
Microsoft HFNetCheck
http//www.microsoft.com/technet/security/tools/to
ols/hfnetchk.asp

63
Other Security Resources

US CERT US Computer Emergency Response Team
http//www.us-cert.gov/
The I3P Security in the News
http//www.thei3p.org/news/today.html
DHS Daily Report - Department of Homeland
Security daily report
http//www.nipc.gov/dailyreports/dailyindex.htm
SANS Internet Storm Center - Internet weather
report
http//www.incidents.org
Packet Storm Security Information site
http//www.packetstormsecurity.net
Security Tracker - Comprehensive list of all
known vulnerabilities
http//www.securitytracker.com
World Virus Map - Interactive map of all current
viruses
http//www.trendmicro.com/map
Security Focus
http//www.securityfocus.com

64
Hackers password cracking tools decode

Over the network tools 3-4000 words per min
On the local computer
1.4 MM passwords per 4 min

65
Security Alert Overload

The average Security Professional spends 2.5
hours a day tracking information.
1997 Internet Security Systems X-Force reported
an average of 20 vulnerabilities a month.
2004 Symantec documented more than 1,237 new
vulnerabilities between Jan. 1 and June 30, an
average of 48 new vulnerabilities per week. 70
were considered easy to exploit, and
96 were considered moderately
or highly severe.

66
CEBIC Technologies, Inc.