310 likes | 448 Views
The University of Arizona. Security Awareness Brown Bag Series Identity Theft and Telephone Fraud. Identity Theft. How to Protect Your Identity. Every 79 seconds a thief steals someone's identity, opens accounts in the victim's name, and goes shopping. OBJECTIVES. What is Identity Theft
E N D
The University of Arizona Security Awareness Brown Bag Series Identity Theft and Telephone Fraud
Identity Theft How to Protect Your Identity Every 79 seconds a thief steals someone's identity, opens accounts in the victim's name, and goes shopping
OBJECTIVES • What is Identity Theft • How Thieves Do It • Preventive Actions • Internet and On-Line Services • Credit Reports (who to contact) • Steps for Victims • Reporting Identity Theft • Consequences
What Is Identity Theft • Acquisition of key pieces of someone’s identifying information in order to impersonate them. • Identifying Information Includes: • Name • Address • Date of Birth • Social Security Number • Mother’s Maiden Name • Credit Card Number • ATM PIN’s • Bank Account Numbers
What Is Identity Theft • Purpose • Take over financial accounts • Open new bank accounts • Apply for loans • Apply for credit cards • Apply for social security benefits • Purchase automobiles • Rent apartments • Establish services with utility and phone companies • Write Checks on accounts • Online Purchases and Services
How They Do It • Use low and high tech methods • Shoulder surfing at ATMs and Pay Phones • Steal your mail • Dumpster diving • Corrupted postal employees (including Mail Room Personnel) • Check washing • Mostly in Western U.S. • Related to Meth use (similarly used chemicals) • Check creation software • Credit Card Checks
Preventive Actions • Promptly remove mail from your mail box • Deposit outgoing mail in post office collection mail boxes or at your local post office • Do not leave in unsecured mail receptacles • Never give personal information over the telephone unless you initiated the call
Preventive Actions • Shred pre-approved credit card applications, credit card receipts, bills and other financial information you don’t want • Empty your wallet/purse of extra credit cards and Ids • Opt to use an alternate number on Driver’s License • Memorize your SSN and all your passwords
Preventive Actions • Order your credit report from the three credit bureaus once a year to check for discrepancies • Never leave receipts at bank machines, bank windows, trash receptacles, or unattended gasoline pumps • Sign all new credit cards upon receipt • Save all credit card receipts and match them against your monthly bills • Never loan your credit cards to anyone else
Preventive Actions • Be conscious of normal receipt of financial statements • Contact sender if they are not received on time • Notify credit card companies and financial institutions in advance of any change of address or phone number • Never put account numbers on post cards or on the outside of an envelope • Report all lost or stolen credit cards immediately
Preventive Actions • If you applied for a new credit card and it hasn’t arrived in a timely manner, call the bank or credit card company involved • Know your expiration dates • Contact issuer if replacements are not received promptly • Beware of mail or telephone solicitations disguised as promotions offering instant prizes or awards designed solely to obtain your personal information or credit card numbers
Preventive Actions • Never use commonly used passwords/PINs: • Dates of Birth • Last four of SSN • Last four of phone number • Series of consecutive numbers • Don’t carry SSN card with you • Do not use your SSN as your drivers license number
Internet and On-Line Services • Use caution when disclosing: • checking account numbers • credit card numbers or • other personal financial data at any web site or on-line service location unless you receive a secured authentication key from your provider. • When you subscribe to an on-line service, you may be asked to give credit card information. • beware of con artists who may ask you to “confirm” your enrollment service by disclosing passwords or the credit card account number you used to subscribe.
Credit Reports • Who to contact: Experian - www.experian.com (Formerly TRW) P.O. Box 949 Allen, TX 75013-0949 Telephone: 1-800-397-3742 Equifax – www.equifax.com P.O. Box 740241 Atlanta, GA 30374-0241 Telephone: 1-800-685-1111 TransUnion – www.tuc.com P.O. Box 1000 Chester, PA 19022 Telephone: 1-800-916-8800
Action Steps For Victims • Contact all creditors, by phone and in writing, to inform them of the problem • Call your nearest Postal Inspection Service office and your local police • Contact the Federal Trade Commission to report the problem • Call one of the three credit bureau’s fraud units to report identity theft (they will contact other 2 for you) • Ask to have a “Fraud Alert/Victim Impact” statement placed in your credit file asking that creditors call you before opening any new accounts • Alert your bank to flag your accounts and to contact you to confirm unusual activity
Action Steps For Victims • Request a change of PIN and new password • Keep a log of all contacts and make copies of all • documents • You may also wish to contact a privacy or consumer advocacy group regarding illegal activity • Contact the Social Security Administration’s Fraud • Hotline • Contact the state office of the Department of Motor Vehicles to see if another license was issued in your • name • If so, request a new license number and fill out the DMV’s complaint form to begin the fraud investigation process
Report Identity Theft To • Equifax Credit Bureau, Fraud 1-800-525-6285 • Experian Information Solutions 1-888-397-3742 • TransUnion Credit Bureau, Fraud 1-800-680-7289 • Federal Trade Commission 1-877-IDTHEFT (438-4338) • AFOSI Det 201 DSN 574-7371 or Commercial: (757) 764-7371 • Social Security Administration, Fraud Hotline 1-800-269-0271
Telephone Fraud Security Awareness Brown Bag Series Sponsored by CCIT
Phone Fraud "This is Ernestine from the Phone Company. Have I reached the party to whom I am speaking?"
Phone Fraud Impact • Costs the Telecommunication industry more than $4 billion a year – costs are ultimately passed on to consumer.
Telephone Fraud • The 9-0-# Phone Scam • Call is made to an office and cons unsuspecting worker to transfer call to outside line • Caller claims to be a telecommunication service technician “repairing” phone lines • Convinces recipient of call to “help” by transferring him to an outside line AND hang up • Once done, the caller starts dialing calls that are charged to owner of PBX
"Compromised Private Branch Exchange (PBX) and Telephone Voice Mail Systems” • Dated 6/3/2003 from NIPC • Enables unauthorized communication via • compromised US phone systems • Cannot be traced • Used to connect to local access numbers for • ISP’s - free Internet service via a modem • Can redirect repeated calls to a specific number, such as 911, and cause denial-of-service (DoS) activity.
Telephone Fraud Detection • Toll Fraud warning signs: • Long holding times • Unexplained surges in use • Increase in calls after business hours • Reports of odd calls • Complaints that system is always busy
Telephone Fraud Protection • Memorize calling card number. • Prevent shoulder surfing - Be aware of people loitering around phones. Stand directly in front of phone when entering number. • Don’t give your Calling Card numbers to others • Guard your Calling Card number as you would a credit card number • Report lost or stolen cards immediately • Don’t accept third-party calls from those you don’t know
Prevention • Primarily targets businesses and universities • Technician would never ask customer to help • check phone lines • Best defense is to be aware of this scam and • review what to do if it happens: • Ask “technician” for call-back number or for name and number of supervisor. Then hang up • Report call
809 Area Code Scam • The 809 scam involve a message (phone, • email, pager) • Request you immediately call or fax an • 809 area code number • Examples of reason to call include: • avoiding litigation • receiving info about someone who has died or been arrested • winning a prize • getting a job • even death in family
Prevention 809 Area Code Scam • 809 area code is in the Caribbean. No • international code is required • Some numbers in 809 areas code are “pay-per • call” numbers • Scamsters try and keep you on phone as long as • possible • Not just limited to 809 (284, 876) • AT&T’s Webpage on phone fraud and scams • http://www.att.com/fraud/home.html#b
Wireless Telephone Fraud Prevention Tips • Lock phones, remove handsets and wireless antenna when vehicle left with someone • Protect sensitive documents (subscriber agreement containing electronic serial numbers) • Immediately report lost or stolen wireless phone carrier • Don’t leave phone in unattended car or in isolated area for extended period of time
The key to security awareness is embedded in the word security…………. U - R - IT SEC--Y If not you, who? If not now, when?
Resources at the University of Arizona Kerio Firewall https://sitelicense.arizona.edu/kerio/kerio.shtml Sophos Anti Virus https://sitelicense.arizona.edu/sophos/sophos.html VPN client software https://sitelicense.arizona.edu/vpn/vpn.shtml Policies, Procedures and Guidelines http://security.arizona.edu/guidelinesetc.html Security Awarenesshttp://security.arizona.edu/awareness.html
University Information Security Office • Bob Lancaster • University Information Security Officer • Co-Director – CCIT, Telecommunications • Lancaster@arizona.edu • 621-4482 • Security Incident Response Team (SIRT) • sirt@arizona.edu • 626-0100 Kelley Bogart • Information Security Office Coordinator • Bogartk@u.arizona.edu • 626-8232