Transcript Scary Security Storys be aware, beware

Simple Ways to Protect
Yourself From Identity Theft
Jay Ferron,
CISM, CISSP, MCSE, MCDBA, MCT NSA-IAM TCI
Questions
Use the Internet?
Use on-line banking, pay bills on-line?
Have kids using the internet?
Know anyone who has been a target?
Think you have already been a target?
Does your computer seem possessed?
Agenda
What Information are the bad guys after
What bad things can happen to you
How they get your information
How to prevent becoming a victim
How to recognize if your information has
been stolen
What to do if you are a victim
What are they looking for?
Social Security Number
Mother’s maiden name
Birth date
Billing Addresses
Email Addresses
Account Numbers
Passwords
How is your information abused
Physical (offline) theft used for:


New Account Fraud
Check Forgery
Information stolen on-line used for:





Unauthorized checking account transfers
Stolen credit card purchases
Illegal credit card advances
Acquiring other services in your name
Cyberstalking and Cyberharassment
How they get Your Information
Stealing your mail and dumpster diving
Phishing
Internet scams
Spyware
Public Computers and Networks
Inadequate computer security
You actually give it them
Stealing your mail and Dumpster
Diving
Get a shredder
Use a post office box
Pay attention to missing mail
Oracle chief defends Microsoft snooping
By Wylie Wong
Staff Writer, CNET News.com
June 28, 2000, 3:10 PM PT
Oracle chief executive Larry Ellison today defended
his company's decision to hire detectives to
investigate two research groups that supported
Microsoft during the antitrust trial.
Oracle hired Investigative Group International to
probe two research organizations, the
Independence Institute and the National Taxpayers
Union. The company sought to verify links between
Microsoft and the organizations during its antitrust
trial--and even tried to buy trash from another
research group with close ties to Microsoft.
Oracle told Bloomberg News today it discovered
that the two organizations were misrepresenting
themselves as independent advocacy groups when
they were in fact funded by Microsoft. Oracle said
the company hired the detective agency because
the organizations were releasing studies supporting
Microsoft during the antitrust trial. The financial ties
between the organizations were reported by The
Wall Street Journal and The Washington Post.
Phishing
Rapidly spreading
Victims are more prone to fraud
Internet scams
Spyware
Gets in through kids down loading games,
music off the Web.
Peer to Peer sharing networks
Some screensavers
Keyboard loggers
Some “Free software”
Spyware
Spyware is software that reports where
you go and what you do on your computer
Software to test for and remove spyware



Spy Cop
Ad-Aware – Lavasoft –
Microsoft Anti-Spam – (Free)
Phishing & Spyware combines to create problems !
Sample E-mail Below is a sample of a fraudulent e-mail that's been sent to
Citibank customers. It purports to be from Citibank, but it is not. Its intent is
to get you to enter sensitive information about your account and to then use
this information to commit fraud.
This E-mail used spyware to add use name and credit card and last login
date to the e-mail !!!!
Public Computers & Networks
Kiosks
Wireless Hot spots
What did the person before you do ?
What will the person after you do ?
Inadequate Computer Security
Worms and viruses
Does your computer seem possessed?
Fizzer Worm Is on the Move
The Fizzer worm continued to spread rapidly late
Monday afternoon as anti-virus experts raced to
analyze the code of what they called one of the more
complex worms in recent memory.
The worm is 200kB of code spaghetti, containing
backdoors, code droppers, attack agents, key loggers
and even a small Web server. Fizzer includes an IRC
bot that attempts to connect to a number of different
IRC servers and, once it establishes a connection,
listens passively for further instructions.
The keystroke logger records every typed letter and
saves the log in an encrypted file on the infected
machine. If the infected PC has the Kazaa file-sharing
program installed, Fizzer also has the ability to find the
default download location for Kazaa files and copy itself
to that folder.
Social Engineering
EULAs
Don’t disclose any personal information


Passwords
Your mothers maiden name
How to Know if you’re in Trouble
Review your statements within the your
account’s dispute period.
Periodically check your credit report
through a Credit Bureaus such as Equifax,
Experian, TransUnion
You get a call from a collection agent
What to do if You Are a Victim
Contact all of your banking, credit card,
mortgage, etc.
Contact the police
Report it to the Federal Trade Commission
Prepare an ID Theft Affidavit and
Fraudulent Account Statement
How to Protect Yourself
Two additional Brown Bag Sessions:


Securing Your Home Computer
Configuring Your Home Network
Wipe out the hard drive when disposing of
computers –



Active KillDisk (Free)
WipeDisk
BCwipe
Questions