E-Chalkboard

Download Report

Transcript E-Chalkboard

Identity Theft

Protecting Who You Are

Printing with “Notes” enabled will provide a script for each slide

Bob Samson

8/1/2008

The Disclaimer

Marriott Vacation Club International (MVCI) disclaims liability for any personal injury, property, or other damages of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, or reliance on this course material. In issuing and making this course available, MVCI is not undertaking to render professional or other services for or on behalf of any person or entity. Nor is MVCI undertaking to perform any duty owed by any person or entity to someone else. Anyone using this course material should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstance.

What is Identity Theft?

• The practice of stealing someone’s personal information to purchase things in their name cost Americans $50 billion dollars per year • About 10 Million people a year suffer some type of Identity Theft • In 2004, 39% of complaints to the Federal Trade Commission (FTC) were about Identity Theft but in 2007, it still was No. one at 32% • Three quarters of the Identity Thefts do not involve on line transactions • Victims spend an average of $1,500 and 175 hours to recover • The average Identity Theft Crime took 12 months before it was discovered by the victim • Friends, family members and neighbors account for half of all known thieves

No One is Safe

Even the unborn and the dead can be victims of identity theft

How Identity Theft Occurs

• Someone obtains sufficient information about you to apply for credit in your name – Social Security Number – Basic personal info like address or place of employment – A copy of your drivers license • Once approved, they purchase items for themselves • You are left with the bills for things you did not purchase

Where Do They Get Your Information?

• Medical records from your doctor’s office, accountants, lawyers, dentists, health insurance carriers or from any form such as credit applications that you may have filled out in the past • From your mail box or garbage can where you have received or discarded personal information • From public records where information has been made available through a court or other filing • From you directly where you have been tricked into giving your personal information to someone either over the phone or the Internet • Or just plain outright theft – a wallet or purse can contain sufficient information to steal someone’s identity

How Do You Know You are Affected?

• Credit cards or bank statements don’t arrive • Transactions not authorized by you appear on your financial statements • Bills arrive for accounts you didn’t apply for • A collection agency calls regarding an unknown debt • You are told at the time of purchase that you have reached your credit limit

Let’s Look at Specific Areas of Risk

• Your mailbox • Your phone • Your email knowledge • Your Internet habits • Your purse or wallet • Your trash • The people you do business with • You just tell people too much

Your Mailbox

• Install a locked mail box or use a post office box • Reduce the high risk items that are sent to your home – New checks – pick them up from your bank – Use the P.O. Box address on your checks (don’t put your phone number on your checks) – Take advantage of the opt-out on annual bank notices – Notify list brokers, credit companies and others that you do not want the junk mail • Don’t pay bills by leaving envelopes containing checks in your mailbox • Mail checks and other sensitive information from

inside

the Post Office, not in a neighborhood drop box

List Brokers

• Acxiom Corporation 1 Information Way Little Rock, AR 72202 Tel. No.: 501-342-2722 • Donnelly Marketing, Inc.

Data Base Operations 416 South Bell Ames, IA 50010 Tel. No.: 888-633-4402

You do not have a right to privacy in the US

• R.L. Polk & Company Attn: Opt-Out Coordinator 26955 Northwestern Highway Southfield, MI 48034 Tel. No.: 800-464-7655 • DMA Mail Preference Service P.O. Box 9008 Farmingdale, NY 11735-9008 Tel. No.: 501-342-2722

All information about you is for sale

Reduce Credit Offers

You can reduce credit card offers by calling (888) 567-8688 There are three credit bureaus: Equifax, P.O. Box 740241, Atlanta, GA 30374 • https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDI nfo.jsp

Experian Resource Center (TRW), 901 West Bond Street, Lincoln, NE 68521 • http://www.equifax.com/cs/Satellite?c=EFX_ContentRoot&cid =1165203975981&pagename=5-1%2F5-1_Layout TransUnion, Name Removal, P.O. Box 97328, Jackson, MS 39288-7328 • http://www.transunion.com/corporate/personal/fraudIdentityT heft/preventing/securityFreeze.page

Warranty Cards

There is generally no need to fill out warranty cards To remove yourself from existing lists, write: • National Demographics and Lifestyles Customer Service Department 1621 18th Street, #300 Denver, CO 80202

Your Phone

• Be wary of social engineering – Use Caller ID – Never, never, give personal information to someone who has called you unless you

know them

and are sure you can trust them – Never give a credit card number to someone who has called you – call the company direct and purchase • Sign up with the Federal Trade Commission’s Do Not Call program (http://www.donotcall.gov or call (888) 382-1222) • If you receive a tele-marketing call and you are not interested, ask to be placed on the company’s

Do Not Call list

• Be cautious when giving out your phone number • Consider an unlisted phone number

Your Email Knowledge

• Never send credit card data in an email - Emails should always be considered unsecured • Don’t open email attachments without understanding that these are the largest cause of viruses - Even opening an attachment from a trusted email address is not safe (your friend could have been infected and had their address book stolen) •

Again:

Email is one of the largest sources of viruses, trojans and spyware • Never open an eCard

What about email attachments?

Deadly Could Be Deadly Usually Safe

• Can you spot a safe attachment?

– .ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, .inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shb, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh, .app, .fxp, .prg, .mdw, .mdt, .ops, .ksh, .csh, .ceo, .cnf, .htm, .html, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mav, .maw, .mht, .mhtml, .scf, .uls, .xnk

– What about .doc, .pdf, .zip

– Or .bmp, .jpg, .tif

One of the latest cyber crime techniques is the use of videos to install malware (malicious software) and/or Trojans just by watching the video

A Special Note about Phishing

• Emails from legitimate companies are copied to trick consumers into providing confidential information – Passwords – Credit card numbers and expiration dates – Banking account numbers • Even experts cannot tell by looking at the messages or the web site to which you are directed that this message is a forgery • Understand that no legitimate company ever asks you to validate personal information via an email • Never respond, even if you do business with the company. If you are concerned after receiving email,

call them

!

How does Phishing Work?

• Hyperlinks have two addresses: – The Display Address – The URL or Universal Resource Locator • You are shown one address but directed to another

What’s a deadly Phish?

Example “one” of a phish

Example “two” of a phish

Example “three” of a phish

BAD!

What do you think?

Good or bad?

Spaces are not permitted

So how do you catch a phish?

• No legitimate business ever asks for Personal Information via email (no exceptions) – A clue: a threatening or urgent message with concern for your security • Never call a phone number in the email to verify its authenticity • Never click on a link within an email and enter personal information • Never think you are smart enough to figure out if the email is real • Never trust a website linked via an email

Too good to be true?

Let’s look at a few examples: • Check fraud and Nigerian Scams • Lotteries (that you did not play in) • Watch what you buy

Check Fraud & The Nigerian Scam

The Lottery Scam

Watch what you buy

• Cheap drugs • Internet Auction sites • Know your http

s

: • Sell your soul for a bottle cap

How data thefts occur

• Malicious software (malware) is placed on your computer via an email attachment, deceptive website, freeware • Your logins or passwords are captured, your Outlook Address Book is stolen • Your on-line bank accounts are raided • Messages are sent under your name to those in your address book – Besides email, beware of eCards • Your friends/contacts are compromised and the cycle continues • Computers, yours as well as your friends, are under the control of criminals (zombies sending more phishing attacks to others)

Your Internet Habits

• “Social Networks” are services joined to help you remember addresses and phone numbers • Some companies like this are Plaxo, Friendster, Tickle and others • You risk your personal information, privacy and the information contained in your own computer’s address book • Remember, joining free services will expose your information and possibly the information stored on your computer to misuse and theft • Be careful of HTML email - it can contain web bugs • Learn how to identify a “secured” web page - Never send your personal information over an unsecured web page • AND… Don’t click on “Unsubscribe” links unless you know you actually subscribed

Time to learn something

This is the “address” bar It displays a URL Universal Resource Locator

Can you find the URL scams?

• https://web-ao-da-us.citibank.com/cgi-bin/ • http://online.da.us.citibank.com.businesssupport.ru/ • http://www.kolemsveta.oz/www.citibank.com/index.php

• https://onlineservices.wachovia.com/ • http://ww3.nationalgeographic.com/ • http://secure-signin.ebay.com.ttps.us/ • http://www.latam.citibank.com/uruguay/ • http://24.130.75.227/mymbna/mbna/login/

First, find the real web site URL (Universal Resource Locator)

Know your forward slashes

O K

Scam Scam

O K O K

Scam

O K

Scam • https://web-ao-da-us.

citibank.com

/cgi-bin/ • http://online.da.us.citibank.com.

businesssupport.ru

/ • http://www.

kolemsveta.oz

/www.citibank.com/index.php

• https://onlineservices.

wachovia.com

/ • http://ww3.

nationalgeographic.com

/ • http://secure-signin.ebay.com.

ttps.us

/ • http://www.latam.

citibank.com

/uruguay/ • http://

24.130.75.227

/mymbna/mbna/login/

Tip: Look for the first “/” after the http:// or https://

Your Purse or Wallet

• Never carry your Social Security Card or any card that contains that number • Carry only credit cards that you need for that day – Cancel unused credit card accounts • Try to use debit cards – they are password protected – Better yet, carry only one credit card that protects you from fraud and limit your exposure • Use a password that is not easily found from information in your wallet or purse • Reduce the number of credit cards you have taken out in your name • Avoid fake VISA or MasterCard in your wallet

Your Trash

• Destroy all documents containing personal information – Credit account billing statements – Old bank statements – Receipts – Insurance forms – Credit applications • Don’t forget to destroy your backup CD’s or diskettes from your computer • Never discard a computer without having the information removed with a professional software eraser

The People with whom You Do Business

• Who you choose to do business with will reduce your risk of identity theft • Read privacy policies and terms – If you disagree with them, don’t do business with them • Be savvy about your rights • If you hand over your credit card, make sure the one you receive back is yours

The FACT Act

• Why check your credit history?

– The Fair and Accurate Credit Transactions Act of 2003 gives you the right – Any company can have a breach of security (

ChoicePoint

) – Mistakes can be made affecting your credit history • For insurance claims ChoicePoint Consumer Disclosure Center, P.O. Box 105292, Altanta, Ga 30348 (866) 312-8076 • For employment history reports ChoicePoint WorkPlace Solutions Consumer Disclosure Center, P.O. Box 105292, Altanta, GA 30348 (866) 312-8075 • For tenant history reports Resident Data Consumer Disclosure Center, P.O. Box 850126, Richardson, TX 75085-0126 (877) 448-5732 – A free credit report can be obtained annually from http://www.annualcreidtreport.com/

Some Last Points to Consider

• Monitor your credit report at least annually – Do not use free credit report services – Deal directly • Equifax (http://www.equifaxcom) to order your report call: (800) 685-1111 • Experian (http://www.experian.com) (888) 397-3742 • TransUnion (http://www.transunion.com) (800) 888 4213 • Add a “Credit Freeze” to your credit reports – http://www.consumersunion.org/pdf/security/securityFL.pdf

• If you should have your identity stolen, you can get help at: • The Federal Trade Commission – Web Site (http://www.consumer.gov/idtheft/index.html) – Phone: (888) 438-4338) – Free ID Theft Guide (http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm)

If You Are a Business

• Collection – Only collect essential data – Obtain consent before you collect it • Security and Storage – Don’t retain unneeded data – Encrypt data – Update security software frequently – Do not store PII on desktops and laptops, only network servers that are protected – Use physical locks, alarms and video cameras – Conduct employee background checks – Let employees access information only when they need it to do their job – When an employee leaves, terminate network access privileges

Summary

• Guard your personal information • Don’t be socially engineered or phished • Keep your computer and its contents safe • Always be on the lookout for signs of ID theft

Some YouTube Fun!

Click Here