identity theft mike carr, esq., cissp csn information security officer [email protected] september...
TRANSCRIPT
![Page 1: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/1.jpg)
Identity TheftIdentity Theft
Mike CarrMike Carr, Esq., CISSP, Esq., CISSPCSN Information Security OfficerCSN Information Security Officer
[email protected]@nebraska.edu September 2004September 2004
![Page 2: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/2.jpg)
Identity TheftIdentity Theft
© 2003 Citibank, N.A.Used with permission.
![Page 3: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/3.jpg)
Identity TheftIdentity Theft
We’ve all seen the We’ve all seen the commercialscommercials
… …and read the headlinesand read the headlines
![Page 4: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/4.jpg)
Identity TheftIdentity Theft
• What exactly is it?What exactly is it?• How does it happen?How does it happen?• What can we do to prevent What can we do to prevent
it?it?• What should I do if I am a What should I do if I am a
victim?victim?
![Page 5: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/5.jpg)
Identity TheftIdentity Theft
• What exactly is it?What exactly is it?– ID Theft is a form of fraud that ID Theft is a form of fraud that
occurs when…occurs when…• Someone pretends to be you and…Someone pretends to be you and…• You are billed for their purchasesYou are billed for their purchases• You are arrested for their crimesYou are arrested for their crimes• You are denied credit for not paying You are denied credit for not paying
your (their) billsyour (their) bills• You are accused of under-reporting You are accused of under-reporting
your wages your wages (someone gets a job & gives H/R your SSN)
![Page 6: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/6.jpg)
Identity TheftIdentity Theft
• ID Theft is a federal crimeID Theft is a federal crime– 18 U.S.C. 18 U.S.C. §§1708 – Mail theft or 1708 – Mail theft or
filing a false change-of-addressfiling a false change-of-address
![Page 7: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/7.jpg)
Identity TheftIdentity Theft
– Identity Theft Act - 18 U.S.C. Identity Theft Act - 18 U.S.C. §1028§1028• ““to knowingly … use … identification to knowingly … use … identification
of another person with the intent to of another person with the intent to commit, or to aid or abet, any commit, or to aid or abet, any unlawful activity that constitutes a unlawful activity that constitutes a violation of Federal lawviolation of Federal law””
![Page 8: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/8.jpg)
Identity TheftIdentity Theft
• ID Theft is also a ID Theft is also a statestate crime crime– Nebraska Revised StatutesNebraska Revised Statutes
• § 28-608: Criminal Impersonation§ 28-608: Criminal Impersonation• § 28-620: Unauthorized Use of a § 28-620: Unauthorized Use of a
Financial Transaction DeviceFinancial Transaction Device
– Iowa Code: Iowa Code: § 715A.8: Identity Theft§ 715A.8: Identity Theft
– Kansas Statute Kansas Statute 21-4018: Identity Theft21-4018: Identity Theft
![Page 9: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/9.jpg)
Identity TheftIdentity Theft
• And it’s getting bad…And it’s getting bad…– $47.5 $47.5 BillionBillion stolen in 2002 stolen in 2002 – 9.9 million individuals affected9.9 million individuals affected– Avg 175 hrs spent straightening Avg 175 hrs spent straightening
outout• Taking between 2-4 yearsTaking between 2-4 years
![Page 10: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/10.jpg)
Identity TheftIdentity Theft
• As recently as Aug 26…As recently as Aug 26…– US DOJ’s Operation Web SnareUS DOJ’s Operation Web Snare
– June 1 through August 26 June 1 through August 26
– 150,000 victims 150,000 victims – $215M estimated losses$215M estimated losses
![Page 11: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/11.jpg)
Identity TheftIdentity Theft
• Operation Web Snare Operation Web Snare IndictmentsIndictments– Internet “sales” of phantom items– Credit card trafficking via Internet
chat– Hacked into online ordering
system and placed fraudulent orders
![Page 12: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/12.jpg)
Identity TheftIdentity Theft
© 2003 Citibank, N.A.Used with permission.
![Page 13: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/13.jpg)
Identity TheftIdentity Theft
• How does it happen?How does it happen?– Thieves get a SSN & apply for Thieves get a SSN & apply for
credit credit (“application fraud”)(“application fraud”)
– Thieves steal mail and hijack an Thieves steal mail and hijack an account account (“account takeover”)(“account takeover”)
– Thieves get bank routing & Thieves get bank routing & account numbers and transfer $$account numbers and transfer $$
![Page 14: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/14.jpg)
Identity TheftIdentity Theft
• How does it happen?How does it happen?– Wallets & Purses get stolenWallets & Purses get stolen– ““Dumpster Diving” Dumpster Diving” (taken from trash)(taken from trash) – Mail TheftMail Theft
• from unsecured mailboxesfrom unsecured mailboxes• from mail processing areasfrom mail processing areas• change of address card change of address card new credit new credit
cards get re-directed to thievescards get re-directed to thieves
![Page 15: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/15.jpg)
Identity TheftIdentity Theft
• How does it happen?How does it happen?– Papers left out on desksPapers left out on desks– Passwords written on Post-It Notes Passwords written on Post-It Notes – PDAs & Laptops get lost or stolenPDAs & Laptops get lost or stolen
![Page 16: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/16.jpg)
Identity TheftIdentity Theft
• How does it happen?How does it happen?– ““Inside” jobsInside” jobs
• access to computer applicationsaccess to computer applications• access to storage roomsaccess to storage rooms• ““friends”, ex-spouses friends”, ex-spouses
– Obtained from Credit BureausObtained from Credit Bureaus• thief poses as landlord, etc.thief poses as landlord, etc.• credit headers containing SSN soldcredit headers containing SSN sold
![Page 17: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/17.jpg)
Identity TheftIdentity Theft
• How does it happen?How does it happen?– SSNs, etc. get read from SSNs, etc. get read from
unencrypted eMailunencrypted eMail– ““phishing” phishing” (bogus online forms)(bogus online forms) – PCs accessed via unsecured PCs accessed via unsecured
home wireless networks home wireless networks (war (war driving)driving)
– ““trojan” computer viruses from trojan” computer viruses from eMail attachmentseMail attachments or Peer-to- or Peer-to-Peer file sharing Peer file sharing
![Page 18: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/18.jpg)
Identity TheftIdentity Theft
• What can we do?What can we do?1.1. Try to Try to prevent itprevent it from happening from happening
2.2. Discover itDiscover it quickly if it does quickly if it does happenhappen
3.3. Report itReport it if it happens if it happens
![Page 19: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/19.jpg)
Identity TheftIdentity Theft
• Try to Try to prevent itprevent it– Don’t give personal info unless Don’t give personal info unless youyou
initiate the callinitiate the call– Buy and use a shredder Buy and use a shredder (if realistic)(if realistic)
– Don’t carry SSN card with youDon’t carry SSN card with you– Use a password vs. mother’s maiden Use a password vs. mother’s maiden
namename– Put outgoing mail in Put outgoing mail in securedsecured mailbox mailbox
![Page 20: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/20.jpg)
Identity TheftIdentity Theft
• Try to Try to prevent itprevent it– Keep wallet/purse in “safe” place at workKeep wallet/purse in “safe” place at work– Opt out of pre-screened credit card Opt out of pre-screened credit card
offers (1-888-5-OPTOUT) offers (1-888-5-OPTOUT) – Password protect your PC and filesPassword protect your PC and files– Keep your passwords secretKeep your passwords secret– Only shop on secure websitesOnly shop on secure websites– Don’t eMail personal or confidential Don’t eMail personal or confidential
informationinformation
![Page 21: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/21.jpg)
Identity TheftIdentity Theft
• Try to Try to prevent itprevent it– Use a personal firewall on your PCUse a personal firewall on your PC– Secure your wireless network at homeSecure your wireless network at home– Watch out for “shoulder surfing”Watch out for “shoulder surfing”– Don’t put passwords on Post-It NotesDon’t put passwords on Post-It Notes– Watch out for future versions of camera Watch out for future versions of camera
phones phones (snapping pics of your checkbook, (snapping pics of your checkbook, etc.)etc.)
![Page 22: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/22.jpg)
Identity TheftIdentity Theft
• Try to Try to prevent itprevent it– Follow the “Follow the “Golden Rules of eMailGolden Rules of eMail””
1.1. NeverNever open attachments from strangers open attachments from strangers
2.2. NeverNever open from friends if unexpected open from friends if unexpected
3.3. If you are going to open itIf you are going to open it
-- -- NeverNever open directly – save 1st open directly – save 1st
![Page 23: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/23.jpg)
Identity TheftIdentity Theft
• Detect itDetect it early early– Call if bills don’t come on timeCall if bills don’t come on time– Review monthly statementsReview monthly statements– Write to get credit report Write to get credit report – Review credit report annuallyReview credit report annually
• Look for new accts andLook for new accts and• Denied accts where you didn’t Denied accts where you didn’t
applyapply
![Page 24: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/24.jpg)
Identity TheftIdentity Theft
• And then And then report itreport it (if it (if it happens)happens)– Contact credit bureau fraud deptsContact credit bureau fraud depts
• Close fraudulent or tampered acctsClose fraudulent or tampered accts
– Contact credit card companies & banksContact credit card companies & banks– File a police and Postal Inspector reportFile a police and Postal Inspector report
• get a copy to send to creditorsget a copy to send to creditors
– File an impersonation reportFile an impersonation report– Contact Dept of Motor VehiclesContact Dept of Motor Vehicles
![Page 25: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/25.jpg)
Identity TheftIdentity Theft
© 2003 Citibank, N.A.Used with permission
![Page 26: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/26.jpg)
Identity TheftIdentity Theft
• It’s “funny” It’s “funny” untiluntil– It happens to you orIt happens to you or– A mistake on your part allows it to A mistake on your part allows it to
happen to someone elsehappen to someone else• And the University gets suedAnd the University gets sued• And/or . . . And/or . . .
people lose their jobs because of itpeople lose their jobs because of it
![Page 27: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/27.jpg)
Identity TheftIdentity Theft
More info available atMore info available at
www.consumer.gov/idtheftwww.consumer.gov/idtheft and
www.idtheftcenter.orgwww.idtheftcenter.org
![Page 28: Identity Theft Mike Carr, Esq., CISSP CSN Information Security Officer mcarr@nebraska.edu September 2004](https://reader035.vdocument.in/reader035/viewer/2022062620/551aca5a550346b2288b58a1/html5/thumbnails/28.jpg)
Identity TheftIdentity Theft
csn.nebraska.edu/securitycsn.nebraska.edu/security