simple ways to protect yourself from identity theft jay ferron, cism, cissp, mcse, mcdba, mct...
TRANSCRIPT
Simple Ways to Protect Simple Ways to Protect Yourself From Identity Theft Yourself From Identity Theft
Jay Ferron,Jay Ferron,CISM, CISSP, MCSE, MCDBA, MCT NSA-IAM TCICISM, CISSP, MCSE, MCDBA, MCT NSA-IAM TCI
QuestionsQuestions
Use the Internet?Use the Internet?
Use on-line banking, pay bills on-line?Use on-line banking, pay bills on-line?
Have kids using the internet?Have kids using the internet?
Know anyone who has been a target? Know anyone who has been a target?
Think you have already been a target? Think you have already been a target?
Does your computer seem possessed?Does your computer seem possessed?
AgendaAgenda
What Information are the bad guys afterWhat Information are the bad guys after
What bad things can happen to youWhat bad things can happen to you
How they get your informationHow they get your information
How to prevent becoming a victim How to prevent becoming a victim
How to recognize if your information has How to recognize if your information has been stolenbeen stolen
What to do if you are a victimWhat to do if you are a victim
What are they looking for?What are they looking for?
Social Security NumberSocial Security Number
Mother’s maiden nameMother’s maiden name
Birth dateBirth date
Billing AddressesBilling Addresses
Email AddressesEmail Addresses
Account NumbersAccount Numbers
PasswordsPasswords
How is your information abusedHow is your information abused
Physical (offline) theft used for: Physical (offline) theft used for: New Account FraudNew Account Fraud Check ForgeryCheck Forgery
Information stolen on-line used for: Information stolen on-line used for: Unauthorized checking account transfersUnauthorized checking account transfers Stolen credit card purchasesStolen credit card purchases Illegal credit card advancesIllegal credit card advances Acquiring other services in your nameAcquiring other services in your name Cyberstalking and CyberharassmentCyberstalking and Cyberharassment
How they get Your InformationHow they get Your Information
Stealing your mail and dumpster divingStealing your mail and dumpster diving
PhishingPhishing
Internet scamsInternet scams
SpywareSpyware
Public Computers and NetworksPublic Computers and Networks
Inadequate computer securityInadequate computer security
You actually give it themYou actually give it them
Stealing your mail and Dumpster Stealing your mail and Dumpster DivingDiving
Get a shredderGet a shredder
Use a post office boxUse a post office box
Pay attention to missing mailPay attention to missing mail
Oracle chief defends Microsoft snoopingOracle chief defends Microsoft snooping By Wylie Wong By Wylie Wong Staff Writer, CNET News.comStaff Writer, CNET News.comJune 28, 2000, 3:10 PM PTJune 28, 2000, 3:10 PM PT
Oracle chief executive Larry Ellison today defended Oracle chief executive Larry Ellison today defended his company's decision to hire detectives to his company's decision to hire detectives to investigate two research groups that supported investigate two research groups that supported Microsoft during the antitrust trial. Microsoft during the antitrust trial. Oracle hired Investigative Group International to Oracle hired Investigative Group International to probe two research organizations, the probe two research organizations, the Independence Institute and the National Taxpayers Independence Institute and the National Taxpayers Union. The company sought to verify links between Union. The company sought to verify links between Microsoft and the organizations during its antitrust Microsoft and the organizations during its antitrust trial--and even tried to buy trash from another trial--and even tried to buy trash from another research group with close ties to Microsoft. research group with close ties to Microsoft. Oracle told Bloomberg News today it discovered Oracle told Bloomberg News today it discovered that the two organizations were misrepresenting that the two organizations were misrepresenting themselves as independent advocacy groups when themselves as independent advocacy groups when they were in fact funded by Microsoft. Oracle said they were in fact funded by Microsoft. Oracle said the company hired the detective agency because the company hired the detective agency because the organizations were releasing studies supporting the organizations were releasing studies supporting Microsoft during the antitrust trial. The financial ties Microsoft during the antitrust trial. The financial ties between the organizations were reported by The between the organizations were reported by The Wall Street Journal and The Washington Post.Wall Street Journal and The Washington Post.
PhishingPhishing
Rapidly spreadingRapidly spreading
Victims are more prone to fraudVictims are more prone to fraud
Internet scamsInternet scams
SpywareSpyware
Gets in through kids down loading games, Gets in through kids down loading games, music off the Web.music off the Web.
Peer to Peer sharing networksPeer to Peer sharing networks
Some screensaversSome screensavers
Keyboard loggersKeyboard loggers
Some “Free software”Some “Free software”
SpywareSpyware
Spyware is software that reports where Spyware is software that reports where you go and what you do on your computeryou go and what you do on your computer
Software to test for and remove spywareSoftware to test for and remove spyware Spy CopSpy Cop Ad-Aware – Lavasoft – Ad-Aware – Lavasoft – Microsoft Anti-Spam – (Free)Microsoft Anti-Spam – (Free)
Phishing & Spyware combines to create problems !Phishing & Spyware combines to create problems !
Sample E-mailSample E-mail Below is a sample of a fraudulent e-mail that's been sent to Below is a sample of a fraudulent e-mail that's been sent to Citibank customers. It purports to be from Citibank, but it is not. Its intent is Citibank customers. It purports to be from Citibank, but it is not. Its intent is to get you to enter sensitive information about your account and to then use to get you to enter sensitive information about your account and to then use this information to commit fraud.this information to commit fraud. This E-mail used spyware to add use name and credit card and last login This E-mail used spyware to add use name and credit card and last login date to the e-mail !!!!date to the e-mail !!!!
Public Computers & NetworksPublic Computers & Networks
KiosksKiosks
Wireless Hot spotsWireless Hot spots
What did the person before you do ?What did the person before you do ?
What will the person after you do ?What will the person after you do ?
Inadequate Computer SecurityInadequate Computer Security
Worms and virusesWorms and viruses
Does your computer seem possessed?Does your computer seem possessed?
Fizzer Worm Is on the MoveFizzer Worm Is on the MoveThe Fizzer worm continued to spread rapidly late The Fizzer worm continued to spread rapidly late Monday afternoon as anti-virus experts raced to Monday afternoon as anti-virus experts raced to analyze the code of what they called one of the more analyze the code of what they called one of the more complex worms in recent memory. complex worms in recent memory. The worm is 200kB of code spaghetti, containing The worm is 200kB of code spaghetti, containing backdoors, code droppers, attack agents, key loggers backdoors, code droppers, attack agents, key loggers and even a small Web server. Fizzer includes an IRC and even a small Web server. Fizzer includes an IRC bot that attempts to connect to a number of different bot that attempts to connect to a number of different IRC servers and, once it establishes a connection, IRC servers and, once it establishes a connection, listens passively for further instructions. listens passively for further instructions.
The keystroke logger records every typed letter and The keystroke logger records every typed letter and saves the log in an encrypted file on the infected saves the log in an encrypted file on the infected machine. If the infected PC has the Kazaa file-sharing machine. If the infected PC has the Kazaa file-sharing program installed, Fizzer also has the ability to find the program installed, Fizzer also has the ability to find the default download location for Kazaa files and copy itself default download location for Kazaa files and copy itself to that folder. to that folder.
Social EngineeringSocial Engineering
EULAsEULAs
Don’t disclose any personal informationDon’t disclose any personal information PasswordsPasswords Your mothers maiden nameYour mothers maiden name
How to Know if you’re in TroubleHow to Know if you’re in Trouble
Review your statements within the your Review your statements within the your account’s dispute period.account’s dispute period.
Periodically check your credit report Periodically check your credit report through a Credit Bureaus such as through a Credit Bureaus such as EquifaxEquifax, , Experian, TransUnionExperian, TransUnion
You get a call from a collection agentYou get a call from a collection agent
What to do if You Are a VictimWhat to do if You Are a Victim
Contact all of your banking, credit card, Contact all of your banking, credit card, mortgage, etc. mortgage, etc.
Contact the policeContact the police
Report it Report it to the Federal Trade Commissionto the Federal Trade Commission
Prepare an ID Theft Affidavit and Prepare an ID Theft Affidavit and Fraudulent Account StatementFraudulent Account Statement
How to Protect YourselfHow to Protect Yourself
Two additional Brown Bag Sessions: Two additional Brown Bag Sessions: Securing Your Home ComputerSecuring Your Home Computer Configuring Your Home NetworkConfiguring Your Home Network
Wipe out the hard drive when disposing of Wipe out the hard drive when disposing of computers – computers – Active KillDisk (Free)Active KillDisk (Free) WipeDiskWipeDisk BCwipeBCwipe
QuestionsQuestions