1 / 47

Spam, Phishing and Fraud on the Net

Spam, Phishing and Fraud on the Net. Sabrina I. Pacifici , Law Librarian Founder, Editor, Publisher, LLRX.com www.llrx.com Author, beSpacific.com www.bespacific.com Barbara Fullerton , Director of Library Services Locke Liddell & Sapp LLP bfullerton@lockeliddell.com.

fathi
Download Presentation

Spam, Phishing and Fraud on the Net

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, LLRX.com www.llrx.com Author, beSpacific.com www.bespacific.com Barbara Fullerton, Director of Library Services Locke Liddell & Sapp LLP bfullerton@lockeliddell.com

  2. Be Alert, Be Wary, and Be Informed • This presentation highlights federal, state, association, advocacy, corporate, commercial and news related resources providing reliable data that addresses the issues of spam, fraudulent website claims and offers, and attempts to obtain personal data to perpetrate ID theft. • Websites and resources have been selected based on authority and topical relevance. We welcome your suggestions and recommendations for relevant sites not mentioned, for inclusion in this guide. Barbara J. Fullerton & Sabrina I. Pacifici

  3. Is This Spam? NO!! Barbara J. Fullerton & Sabrina I. Pacifici

  4. This is Spam… • Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" • Email that is “unwanted, “inappropriate” and no longer wanted…” http://www.clickz.com/experts/em_mkt/em_mkt/article.php/1492521 Stats on Spam http://www.mailfrontier.com/threats/stats.html Barbara J. Fullerton & Sabrina I. Pacifici

  5. Spam Laws – Federal and State • Spam Laws, Federal - http://www.spamlaws.com/federal/index.html • CAN-SPAM Act of 2003 http://www.spamlaws.com/federal/108s877.html • Spam Laws, State - http://www.spamlaws.com/state/index.html Barbara J. Fullerton & Sabrina I. Pacifici

  6. The Difficulties of Tracing Spam Email – Report prepared at request of FTC Barbara J. Fullerton & Sabrina I. Pacifici

  7. Example: Spam Reduction Policy This is one of a number of internet and extranet sites (each, a “Practice Website”) accessed through the Internet and sponsored, owned, controlled and/or maintained by Mayer, Brown, Rowe & Maw (which is a combination of two limited liability partnerships, each named Mayer, Brown, Rowe & Maw LLP, one established in Illinois, USA, and one incorporated in England) (together with all owned or controlled subsidiaries and affiliates thereof (collectively, the “Practice”)) whose principal place of business in the United States of America is 190 South LaSalle Street, Chicago, Illinois 60603-3441. IntroductionReceipt of Unsolicited Bulk Email (UBE also known as "spam") is a growing concern for Email users at the Practice. This document provides a description of what the Practice is doing about it, why and how that affects senders. • This document serves several purposes and addresses several types of readers. • The user who wants to know what the Practice is doing about spam. • The legitimate user who finds that he/she is no longer able to send Email to a Practice user https://registration.mayerbrownrowe.com/registration/helpcenter/spam.asp Barbara J. Fullerton & Sabrina I. Pacifici

  8. What Companies are Doing • AMERICAN EXPRESS - How to Contact American Express about Fraudulent E-Mails • If you receive an e-mail that you believe could be fraudulent, immediately forward it to emailhoax@service.americanexpress.com. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto-generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express • http://www10.americanexpress.com/sif/cda/page/0,1641,21372,00.asp Barbara J. Fullerton & Sabrina I. Pacifici

  9. Barbara J. Fullerton & Sabrina I. Pacifici

  10. E-Mail Fraud • From U.S. Bank: Email Fraud Information and Help – Customer Alert and Data on Phishing Scamshttp://tinyurl.com/2h3vv • Email Threat Advisorieshttp://www.mailfrontier.com/threats/advisories/threat_index.html • Firewall to fry spam – “A firewall designed to eliminate email spam has been developed at Queensland University.” http://tinyurl.com/4w23r Barbara J. Fullerton & Sabrina I. Pacifici

  11. Barbara J. Fullerton & Sabrina I. Pacifici

  12. The Good Old Days…Where are the Hackers? Hackers now chase money… not just the thrill of breaking into a website.

  13. What is Phishing?--- listening to music by the band called Phish--- a hobby, sport or recreation involving the ocean, rivers or streams…nope “Fishing for personal information” • Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. • Anti-Phishing Working Group http://www.antiphishing.org/ Barbara J. Fullerton & Sabrina I. Pacifici

  14. Example of Phishing From: Customer Support [mailto:support@citibank.com] Sent: Thursday, October 07, 2004 7:53 PM To: Eilts Subject: NOTE! Citibank account suspend in process Dear Customer: Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow:http://211.158.34.249/citifi/. Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R) Regards, Citibank(R) Card Department (C)2004 Citibank. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.Citibank and Arc Barbara J. Fullerton & Sabrina I. Pacifici

  15. How to Detect Deception • Publish your mail server addresses (to thwart spoofing) • Educate customers (and employees) • Establish online communication protocols • Create a response plan now • Proactively monitor for phishers and fraud • Make yourself a difficult target http://www.cio.com/archive/090104/phish.html Barbara J. Fullerton & Sabrina I. Pacifici

  16. Never click on hyperlinks Use Anti-SPAM filters Use Anti-Virus Software Use personal firewalls Keep all software updated Always look for https and sites that ask for “personal information” Keep computer clean from Spyware Know Fraudulent activity on the Internet Check your credit report immediately for free! If unsure, ask! Prevent Phishingfrom Fraud Watch International Barbara J. Fullerton & Sabrina I. Pacifici

  17. Industry Sponsored Anti-Phishing Efforts • “The Anti-Phishing Working Group (APWG) is an industry association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing.” http://www.antiphishing.org/ • An updated chart of examples of phishing attacks submitted to antiphishing.org are available here: http://www.antiphishing.org/phishing_archive.htm • White Paper, Anti-Spam Technical Alliance, 22 June 2004, http://tinyurl.com/2qaje • Microsoft Anti-Spam Virtual Press Room, http://www.microsoft.com/presspass/events/antispam/material.asp • TECF – Trusted Electronic Communications Forum http://www.tecf.org/ • “The Trusted Electronic Communications Forum (TECF) is a global, cross-industry consortium of industry leaders focused on efforts to eliminate the phishing and spoofing attacks that lead to identity theft and brand distrust.” Barbara J. Fullerton & Sabrina I. Pacifici

  18. Barbara J. Fullerton & Sabrina I. Pacifici

  19. What is ID Theft? “Identity theft is a crime in which an imposter obtains key pieces of information such as Social Security and driver's license numbers and uses it for their own personal gain.” ID Theft Resource Center http://www.idtheftcenter.org/index.shtml Barbara J. Fullerton & Sabrina I. Pacifici

  20. Find out how your information will be used Pay attention to your billing cycles Put passwords on all your accounts Minimize the ID information & number of cards you carry Find out who has access to your PI at work and verify records are kept in a secure location Legitimate organizations with whom you do business have the info needed & should not ask you for it Give your SSN only when absolutely necessary Order a copy of your credit report from the 3 major credit reporting agencies Use one credit card for Internet purchases. Minimum amount. Preventing ID Theft tips from CNN.com & FTC.gov Barbara J. Fullerton & Sabrina I. Pacifici

  21. Barbara J. Fullerton & Sabrina I. Pacifici

  22. http://www.bespacific.com/mt/archives/cat_id_theft.html Barbara J. Fullerton & Sabrina I. Pacifici

  23. Federal Legislation on ID Theft • Identity Theft Penalty Enhancement Act (ITPEA), signed by the President on July 15, 2004 - To amend title 18, United States Code, to establish penalties for aggravated identity theft, and for other purposes. • The President’s remarks upon signing the bill: http://www.whitehouse.gov/news/releases/2004/07/20040715-3.html • The text of the bill: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.01731: For Reference, see also the Fair and Accurate Credit Transactions Act of 2003, H.R.2622, To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes. Became Public Law No: 108-159. http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02622: Barbara J. Fullerton & Sabrina I. Pacifici

  24. Selected Pending Federal Legislation • Anti-phishing Act of 2004, S. 2636, introduced July 9, 2004 - http://thomas.loc.gov/cgi-bin/query/z?c108:S.2636.IS: • See also The Anti-Phishing Act of 2004:A Useful Tool Against Identity Theft, http://writ.news.findlaw.com/ramasastry/20040816.html • The SPY BLOCK Act, S. 2145, introduced February 27, 2004 • 11/19/2004 Placed on Senate Legislative Calendar under General Orders. Calendar No. 811. • http://thomas.loc.gov/cgi-bin/query/z?c108:S.2145.RS: • The Safeguard Against Privacy Invasions Act or Spy Act, H.R. 2929 http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02929: • Social Security Number Privacy and Identity Theft Prevention Act of 2003, HR 2971, http://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2971.IH: Barbara J. Fullerton & Sabrina I. Pacifici

  25. Sites Sponsored By Advocacy Groups • National Fraud Information Center/Internet Fraud Watchhttp://www.fraud.org/welcome.htm • The Better Business Bureau Onlinehttp://www.bbbonline.org/idtheft/phishing.asp • Call For Action • http://www.callforaction.org/ • Identity Theft Resource Centerhttp://www.idtheftcenter.org/index.shtml • Privacy Rights Clearinghousehttp://www.privacyrights.org/identity.htm • Center for Democracy and Technology webpage on Spyware - http://www.cdt.org/privacy/spyware/ • Internet Fraud Tips from the National Consumer League’s Internet Fraud Watchhttp://www.fraud.org/tips/internet/phishing.htm Barbara J. Fullerton & Sabrina I. Pacifici

  26. Barbara J. Fullerton & Sabrina I. Pacifici

  27. Federal Trade Commission Resources on ID Theft • The Federal Trade Commission (http://www.ftc.gov) serves as clearinghouse to receive consumer complaints and provide assistance. • National and State Trends in Fraud and Identity Theft, January – December 2003, http://www.consumer.gov/sentinel/pubs/Top10Fraud_2003.pdf • ID Theft: When Bad Things Happen To Your Good Name: “a step-by-step guide to prevent ID theft that also provides useful documentation on services and resources available to those who are already victims of fraud.” http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm • ID Theft Complaint Input Formhttps://rn.ftc.gov/dod/widtpubl$.startup?Z_ORG_CODE=PU03 • ID Theft Alert website reviews how identity thieves work, provides government reports and Congressional testimony, law enforcement updates and links to other identity theft sites. http://www.consumer.gov/idtheft/ Barbara J. Fullerton & Sabrina I. Pacifici

  28. Barbara J. Fullerton & Sabrina I. Pacifici

  29. Barbara J. Fullerton & Sabrina I. Pacifici

  30. Security Freeze to Prevent ID Theft • Your file cannot be shared with potential creditors. Most businesses will not open credit accounts without checking a consumer's credit history first. • Must write to all 3 credit companies; set-up with PIN • You can order a credit report, but no one else can • Only available in 2 states • California and Texas • Louisiana and Vermont make it available July 2005 • See this AP article, Credit bureaus shun identity theft weapon, http://msnbc.msn.com/id/5841962/, for more details • Only you can unfreeze it • Used only in extreme measures • Fee for lifting the freeze: $10-$15 for each transaction Barbara J. Fullerton & Sabrina I. Pacifici

  31. If you are buying a new computer, you need to take the following steps to prevent your information from being stolen from your old computer Clean your disk Destroy that hard drive, or remove it Donate rest of computer to charity or recycle it At Home: Preventing ID Theft Barbara J. Fullerton & Sabrina I. Pacifici

  32. Other Resources on PC Security, Spam and ID Theft, sponsored by the federal government • FTC-Spam Homepagehttp://www.ftc.gov/bcp/conline/edcams/spam/index.html • FTC ID Theft Homepage - http://www.consumer.gov/idtheft/ • FTC Consumer Information Security website - http://www.ftc.gov/infosecurity/ • United States Postal Service, Pub 280, August 2003, Safeguard your personal information, http://www.usps.com/cpim/ftp/pubs/pub280.pdf Barbara J. Fullerton & Sabrina I. Pacifici

  33. Department of Justice Resources on ID Theft and Online Fraud • Criminal Division, Fraud Sectionhttp://www.usdoj.gov/criminal/fraud.html • Special Report on "Phishing“ http://www.usdoj.gov/criminal/fraud/Phishing.pdf • Foreign Corrupt Practices Act (FCPA)http://www.usdoj.gov/criminal/fraud/fcpa.html • Identity Theft and Identity Fraudhttp://www.usdoj.gov/criminal/fraud/idtheft.html • Internet Fraudhttp://www.usdoj.gov/criminal/fraud/Internet.htm Barbara J. Fullerton & Sabrina I. Pacifici

  34. Federal Deposit Insurance Corp. and Social Security Administration Resources • FDIC • When a Criminal's Cover Is Your Identityhttp://www.fdic.gov/consumers/privacy/criminalscover/index.html • Social Security Administration • Identity Theft And Your Social Security Number, http://www.socialsecurity.gov/pubs/10064.html • Public Fraud Reporting Home Page, http://www.socialsecurity.gov/oig/public_fraud_reporting/index.htm • Enhancing Social Security Number Privacy http://www.socialsecurity.gov/oig/communications/testimony_speeches/06152004testimony.htm • Fact Sheet, Social Security Identity Theft, Committee on Ways & Means http://waysandmeans.house.gov/media/pdf/ss/factsheet.pdf Barbara J. Fullerton & Sabrina I. Pacifici

  35. State Specific Resources on ID Theft: California • California: Financial Information Privacy Acthttp://www.privacy.ca.gov/sb1/sb1.htm • ID Theft: http://www.privacy.ca.gov/cover/identitytheft.htm • California Right to "Freeze" Your Credit Historyhttp://www.privacy.ca.gov/financial/cfreeze.htm • How to put a freeze on your credit file - http://www.privacy.ca.gov/financial/cfreezeon.htm • DMV Information about Fraud and Identity Theft - http://www.dmv.ca.gov/consumer/fraud.htm • Office of the Attorney General, Identity Theft Datahttp://caag.state.ca.us/idtheft/index.htm Barbara J. Fullerton & Sabrina I. Pacifici

  36. More State Resources on ID Theft • Louisiana credit freeze info http://www.ag.state.la.us/calerts/alert0004.aspx • Links to State Attorneys General Websiteshttp://www.findlaw.com/11stategov/indexag.html • ID Theft Statutes as of July 2003http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm • National Conference of State Legislatures (NCSL), Identity Theft Information, http://www.ncsl.org/programs/lis/privacy/idtheft.htm • Identity Theft Legislation updated as of August 20, 2004http://www.ncsl.org/programs/lis/privacy/idt-01legis.htm • 2003 Enacted Identity Theft Legislationhttp://www.ncsl.org/programs/lis/privacy/idt-03enacted.htm Barbara J. Fullerton & Sabrina I. Pacifici

  37. Credit Card Companies • Equifax Phone: 800-685-1111; P.O. Box 105788, Atlanta, GA 30348 • Experian Phone: 888-397-3742; P.O. Box 95554, Allen, TX 75013 • TransUnion Phone: 888-909-8872; P.O. Box 6790, Fullerton, CA 92834 • Consumer Info’s Free Credit Report http://tinyurl.com/49rug Barbara J. Fullerton & Sabrina I. Pacifici

  38. Don’t Like those Nasty Pre-Approved Credit Card Offers? Opt Out! 1-888-5OPTOUT Good for 2 years or permanent

  39. What is Spyware? Any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Defined by searchCRM.com Barbara J. Fullerton & Sabrina I. Pacifici

  40. What is Adware? Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. Defined by searchSmallBizIT.com, http://searchsmallbizit.techtarget.com/ Barbara J. Fullerton & Sabrina I. Pacifici

  41. Resources on Spyware • Who Downloaded the Spyware? Not Me! by Chris Hayes, May 24, 2004, http://www.llrx.com/features/spyware.htm • Spyware: What You Don't Know Can Hurt You, Hearing by the Subcommittee on Commerce, Trade, and Consumer Protection, April 29, 2004, Link to Witness List & Prepared Testimony, Related Documents and Bills, http://energycommerce.house.gov/108/Hearings/04292004hearing1255/hearing.htm • Spyware Warrior, Waging the war against spyware http://www.netrn.net/spywareblog/ • Spyware vs. spyware“Lawmakers are preparing to attack spyware, but efforts could criminalize common tools and techniques currently in use.”http://www.infoworld.com/article/04/08/30/HNspyware_1.html • McAfee releases VirusScan with intrusion preventionhttp://www.infoworld.com/article/04/08/30/HNmcafeevirusscan_1.html Barbara J. Fullerton & Sabrina I. Pacifici

  42. Blog devoted to fighting spyware – Spyware Warrior Barbara J. Fullerton & Sabrina I. Pacifici

  43. Additional Resources on Spyware • From Lehigh University Library & Technical Services, Guide to Spybot Search & Destroy 1.3: Downloading, Installing, and Using Spybot - http://www.lehigh.edu/~inlts/help/spyware/spybotinstall.html • beSpacific.com, the blog on law and technology news: postings on spyware http://www.bespacific.com/mt/mtsearch.cgi?IncludeBlogs=1&search=spyware • And for broadband users, this article, http://www.thebusinessledger.com/Articles.asp?artId=573&isuID=25 recommends free applications and software. • Fraud Watch International http://www.fraudwatchinternational.com • Techweb http://www.techweb.com • 2004's Most Popular Viruses, and Hacking Tools, Douglas Chick http://www.thenetworkadministrator.com/top2004hackertools.htm Barbara J. Fullerton & Sabrina I. Pacifici

  44. http://www.lehigh.edu/~inlts/help/spyware/spybotinstall.html Barbara J. Fullerton & Sabrina I. Pacifici

  45. Spyware Warrior – links to spyware help forums and free anti-spyware software Barbara J. Fullerton & Sabrina I. Pacifici

  46. Selected Anti-Spyware Articles & Resources • Spy Stoppers by Cade Metz, March 2, 2004, http://www.pcmag.com/article2/0,4149,1525474,00.asp • Compare Top Spyware Removers, http://www.spywareremoversreview.com/ • Spyware - It's lurking on your machine, by Cade Metz, http://www.pcmag.com/article2/0,1759,978170,00.asp • Your PC May Be A Haven for Spies, by Dan Tynan, http://www.pcworld.com/news/article/0,aid,116526,00.asp • Poor Defenders – “Some anti-spyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors.” http://www.pcworld.com/news/article/0,aid,118362,00.asp • http://www.pcworld.com/resource/printable/article/0,aid,116302,00.asp • Special Report: Readers Take The Offensive Against Spyware, Aug. 9, 2004,http://tinyurl.com/3jadn • The Soft Invasion, by Walter S. Mossberg, August 2004, WSJ, http://ptech.wsj.com/archive/report-200408.html • Microsoft’s Protect Your PC site http://www.microsoft.com/athome/security/protect/ Barbara J. Fullerton & Sabrina I. Pacifici

  47. Selected Software Ad-Aware http://www.lavasoftusa.com/software/adaware/ Spybot Search and Destroy http://www.spybot.info/en/index.html PAL Emergency Response http://www.winxpfix.com/PAL-Emergency-Response.htm AVG Anti-Virus free edition http://free.grisoft.com/freeweb.php/doc/1/ Barbara J. Fullerton & Sabrina I. Pacifici

More Related