170 likes | 291 Views
Identity Theft and related topics. Chapter 5. Synopsis. What is identity theft? What is phishing? How does phishing work? What is pharming? Whose identity can be stolen? (ANYBODY's!!) How to avoid getting phished. How to protect and defend your identity. What is identity theft?.
E N D
Identity Theft and related topics Chapter 5
Synopsis • What is identity theft? • What is phishing? • How does phishing work? • What is pharming? • Whose identity can be stolen? (ANYBODY's!!) • How to avoid getting phished. • How to protect and defend your identity.
What is identity theft? • Identity theft is a person pretending to be somebody else in order to obtain some advantage. • Different degrees: • Personal (very difficult) • At the bank (somewhat easier) • On the internet (too easy). Only things needed: • Credit card number • Address • Social Security Number
Techniques Thieves use to steal your identity (I) • They start with easily available information: • Your name, address, phone number. • They start digging for more information: • Birth date, birth place... • Drivers license or social security number. • They can then use that information to apply for credit in your name, or open a bank account, building up a credit score. • THEN, they strike.
Techniques Thieves use to steal your identity (II) • Steal or buy information from business or insiders that keep records on you. • Dumpster diving. • Access credit reports (illicitly) • They skim your credit or debit card when you use it. • Purse/wallet snatching • Mail theft • Burgle information and documents from your home. • Get scammed into filling out a form that reveals personal information. • Steal a dead or young person's identity by applying for replacement birth certificates, social security cards, ....
How to stop the Identity Thieves • Don't provide personal information unnecessarily • Safeguard your id numbers, specially your Social Security Number. • Keep documents with important numbers in a safe place, preferably a safe. • Shred every piece of paper with a number on it. • Keep an eye on your credit report • Use only a couple of credit accounts. • Make copies of all the documents you carry with you (credit cards, Driver's license, passport), so you can provide records of them in case of loss. • Pay your bills electronically. • Never give out your credit card numbers on the phone or email.
How to tell whether you are a victim of Identity Theft • Strange activity in your accounts or strange accounts in your name/credit record. • A call from a collection agency for a debt you know nothing about. • Declined credit applications in spite of a good credit record. • Missing identity documents or records. • A call from the police regarding a crime/traffic offense you know nothing about.
What to do if you are a victim of identity theft • Contact the credit bureaus and place a fraud alert; also ask them for copies of your credit report. • Close/suspend all affected accounts. • Report the crime to the police; provide as much documentation/info a you can. • Have all identity documents reiussed; if the numbers can be changed, do so. • File a complaint with the federal trade commission.. (Relevant websites, phone numbers on next slide)
Phone numbers and websites of the credit bureaus, FTC • EQUIFAX 1-800-685-1111 http://www.equifax.com/ • Experian: 1-888-EXPERIA (397-3742) http://www.experiam.com/ • You can order a free credit report annually at http://annualcreditreport.com/ or by calling 1-877-322-8228. More info at: www.ftc.gov/bcp/conline/edcams/credit/ycr_free_reports.htm • File a complaint with the ftc at: • http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/filing-a-report.html
What is phishing? • A phishing email is an email that looks like it comes from a legitimate entity and is looking to snag some identifying information from you. • Sometimes phishing can also be done through a pop-up (less common). • Common points: • Dire consequences if the information is not provided • Rarely personalized. • May contain grammatical or spelling errors.
How does phishing work? • Email address spoofing: • By changing the “From” line in the header, the email appears as if it came from somebody else (it is THAT simple!) • Link spoofing (see page 143, figure 5.4) • By using <a href=”mysite”>bank's site</a> you think you are clicking on “bank's site”, when you are being directed to “mysite”. • Web address spoofing (IE 6 and before)
What is pharming? • Also called DNS poisoning. • The process of translating names to IP addresses is done by “Dynamic Name Servers”. These servers, in turn, are constantly asking about translations, and, when they get the information, they keep it, for about a minute; bad people may feed bad information to the DNS, sending people astray.
419 Scams • Nigerian 419 Scam: a person gets an email from somebody who claims to have access to lots of cash; they want to get it out of the country they are at, and if you help them, you get to keep a fraction (often millions). • Victims have lost thousands; some have even traveled overseas only to get kidnapped or worse. • Read http://www.419eater.com/html/letters.htm for some people who turned the tables on them
What damage can be done with phishing? • Financial loss • Damaged credit • More severe identity theft
Whose identity can be stolen? (ANYBODY's!!) • Adults • Children • Gender doesn't matter • Dead people too.
How to avoid getting phished. • Banks and other institutions never ask for personal information over email. When in doubt, call and ask. NEVER SEND CONFIDENTAIL INFORMATION OVER EMAIL. • Use caution and cut and paste. • Communicate securely. • Install an Anti-Spam filter • Use NetCraft, WOT or similar technology. • Use spoofstick(or something similar) • Keep your OS, antivirus and antispyware up to date. • In Vista and Windows 7, Windows mail can detect (some) phishing emails, if you turn the option on.
How to protect and defend your identity. • Check your credit reports • Shred all papers with numbers on them. • Read all your statements: watch your accounts