Transcript Slide 1
Protecting Your Identity
What is IA?
• Committee on National Security Systems definition: – Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
• CIA model – Confidentiality: prevent disclosure from unauthorized individuals or systems – Integrity: Information cannot be modified without authorization – Availability: Information must be accessible when needed – Authentication: establishing information as authentic – Non-repudiation: ensuring that a party cannot refute that information is genuine.
What is Identity Theft?
• Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes • The FTC estimates that as many as 9 million Americans have their identities stolen each • Typical Identity theft crimes – Rent an apartment – Obtain a credit card or other types of debt – Establish a telephone account – Get various types of identifications in the victim’s name – Steal financial assets
What is Identity Theft?
• Costs of Identity Theft – Legal fees – Exorbitant amount of time – Lost job opportunities – Denial of all types of financial resources – False accusations, and potential arrests for crimes not committed
How Does it Occur?
• In most cases attackers need personally identifiable information (PII) or personal documents in order to impersonate the victim.
• Name, Address, DOB, Birthplace, License Number, Credit Card Number, SSN • Where could an attacker find this information?
• Could you be an easy target?
Generation Stereotype
• Millennial Generation (Us) – Users of instant communication technology • Myspace, Twitter, Facebook, Text, IM, e-mail – Tech savvy • Video Games (PC, Xbox, Playstation) • MMOs (Second Life, WOW, Lineage, Maple Story) • 90 percent own a computer in US • Spend more time online than watching TV • How much information about you is stored on somebody else’s servers?
• What methods of protection are in place?
Contemporary High Risk Areas
• On-line shopping • Malware • Credit Card Applications – Online incentives – in person incentives – mail applications • Physical Assets – Laptops, cellphones, ipods...
– Wallet, purse, checkbook...
• Social Networking • Online Gaming
Social Engineering
• The process of using social skills to convince people to reveal access credentials or other valuable information • Common Social Engineering Techniques – Confidence Trick – Pretexting – Baiting – Quid Pro Quo – Phishing • Spear Phishing • Whaling • Phone Phishing
Phishing
• An attempt to obtain personal or financial information by using fraudulent means, usually by posing as a legitimate entity.
• Targets – PII • Methods – Bank Account Credentials – E-mail Login Credentials – Social Networking Login Credentials • Why?
Phishing Email Example
Phishing Email Example
Phishing Email Example
Phishing Logon Example
Phishing
• Phishing can take many forms: – E-mails from websites or services you use frequently – Bogus job offers – They might appear to be from a friend or someone you know (Spear Phishing) – They might ask you to call a number (Phone Phishing) – They usually contain official looking logos – They usually links to phony websites that ask for personal information – Physical Mail
Red Flags
• “ Verify your account” • “Click the link for account access” • “If you don’t respond, your account will be suspended” • “Suspicious activity alert” • Pop ups • Deceptive URLs – www.mircosoft.com
– www.facesbook.com
– www.192.168.XX.XX/citibank.com
• Masked URLs
Identity Theft
• What are other method’s of stealing someone’s identity?
– Technical?
– Non Technical?
Prevention
• Shred all your important information • Don’t access personal info in public places • privacy screens • Have your checks delivered to your bank • Properly destroy storage media (hard drives,flash drives, cds...)
Prevention
• Drop off payment checks at the post office • Note when new credit cards are to be received • Cancel old credit cards • Use strong passwords • Don’t post personally identifiable info on the internet.
Prevention
• Carry only necessary information with you • Do not give out personal information unless necessary • Monitor your accounts • Order your credit report at least twice a year • Know the website you are visiting.
• Ensure PII info is encrypted (SSL, TLS)
Annual Credit Report
• Request your Credit Report Online – https://www.annualcreditreport.com
• To Request your Credit Report by Phone – Call 1-877-322-8228 • To Request your Credit Report by Mail – Annual Credit Report Request Service P.O. Box 105281 Atlanta, GA 30348-5281
Recovering From Identity Theft
• What are the steps I should take if I'm a victim of identity theft?
– Place a fraud alert on your credit reports, and review your credit reports – Close the accounts that you know, or believe, have been tampered with or opened fraudulently – File a complaint with the Federal Trade Commission – File a report with your local police or the police in the community where the identity theft took place