Identity Theft One of the Fasting Growing Crimes in America and Beyond

Identity Theft One of the Fasting Growing Crimes in America and Beyond

Objectives Ability to define the term “identity theft” Ability to determine if someone has been a victim of identity theft and if so actions to be taken Ability to identify methods to prevent identity theft Ability to identify resources for more information on identity theft

Introduction – What is Identity Theft? According to the Federal Trade Commission, Identity Theft is the fastest growing crime in America Stealing someone’s personal information and using it to assume someone’s identity The fraudulent use of personal information to open new accounts and/or purchase items using existing accounts

Identity Theft – No Little Problem Identity theft is one of the fastest growing crimes in America "Identity theft is a big-ticket item in terms of money and time according to Howard Beales, director of the FTC's Bureau of Consumer Protection.” Cost to consumers in 2002 5 billion in expenses Cost to businesses in 2002 50 million [ 1] http://www.washingtontimes.com/functions/print.php?StoryID 20030903-095305-3951r 06/7/2004

Identity Theft – A Federal Crime The Identity Theft and Assumption Deterrence Act of 1998 made Identity Theft a federal crime. Identity theft occurs when someone knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of the Federal law.

How Personal Information is Gathered Dumpster diving Personal information, when stolen from your property either through dumpster diving or theft, provide a criminal with a wealth of information with which to open new accounts or use existing accounts

Shredder – Necessary Equipment To minimize your risk of identity theft, be sure to shred all unused convenience checks, credit card offers, credit card receipts, bank statements, preapproved loan offers, and canceled checks

How Personal Information is Collected Through Legitimate Business Records Recently personal medical files for hundreds of patients were found discarded outside a medical clinic. Identity thieves could have used these files Businesses are required by law to protect their client's personally identifying information and to discard these files safely Thieves steal valuable personal information from customer files and personnel files

Phishing Creation of a phony web site pretending to be a legitimate company Sending email to the victim impersonating (spoofing) a legitimate company The criminal collects personal and financial information such as credit card and Social Security numbers

Phishing Example One recent phishing ploy spoofed an AOL web page. The perpetrator had used authentic AOL logos and other genuine hyperlinks in the email message sent to the victims. He told the victims that there had been a billing error. It directed the victims to click on an embedded hyperlink, which when clicked took the unsuspecting user to a phony web page, that had been created to look much like the company's authentic web site, and from which the thief collected personal and financial information

The Phony AOL Web Form http://www.millersmiles.co.uk/identitytheft/AOL-email-scam-1115521443a.htm

Federal Laws Concerning Phishing Identity theft - 18 U.S.C. § 1028 (a)(7) Wire fraud - 18 U.S.C. § 1343 Credit card or access device fraud 18 U.S.C. § 1029 Bank fraud 18 U.S.C. § 1344 Computer fraud 18 U.S.C. § 1030 (a)(4) CAN-SPAM Act 18 U.S.C. § 1037

Federal Crime & Punishment Bank and wire fraud - up to 30 years in prison Identity theft and credit card fraud - up to 15 years in prison CAN-SPAM Act violations - up to 5 years in prison According to the U.S. Department of Justice, individuals convicted of these crimes may also face substantial fines and forfeiture of his/her property

Social Engineering Con Game - tricking a person into revealing information Memorizing access codes and passwords by shoulder surfing (looking over someone's shoulder as they log in ) Pretending to be an employer, loan officer or landlord to fraudulently obtain your credit report

How to Prevent Identity Theft Education Coalition on Online Identity Theft Padlock your credit file Check your credit report annually Share personal information only with people and companies you trust Make online purchases only with companies having secure connections Never give out your personal information over the phone unless you initiated the call. Never have your Social Security number printed on your checks

How to Prevent Identity Theft Part Two Never leave personal information on your computer without having a firewall in place. After opening your mail, shred all unused credit card offers, unused convenience checks, and any other pieces of mail that include personally identifying information. Never keep passwords to financial data on your computer. Likewise never keep your ATM or credit card pin numbers in your wallet or your car. If either are stolen, the thieves have instant access to your accounts.

How to Prevent Identity Theft Part Three Never use your mother's maiden name, the last four digits of your Social Security number, your birth date, your pet's name, or any other easily recognized letters and numbers as your pin number or passwords. If the amount of mail you normally receive drops suddenly; contact your post office to make sure no one has fraudulently filed a change of address card for your address.

How to Prevent Identity Theft Part Four Review all credit card transactions each month when you receive your credit card statement. Shred all expired credit cards before putting them in the trash.

How to Prevent Identity Theft Part Five Install a locking mailbox to ensure the security of mail delivered to your home. Mail all payments and other documents with personal or financial information from the post office or at a postal drop box, never from your mailbox. Thieves may take your checks from unsecured mailboxes and bleach them so they may be used again.

Prevention of Identity Theft by Education People must be educated as to the value of information They must be trained to protect information (even if the information they have access to appears to be of relatively low value) People must be made aware of what social engineering is and how social engineers operate.

Checking a Web Site’s Security Certificate Check the security certificates for web sites from which you purchase products or do other financial transactions Go to the web site and click on the VeriSign Secure Site link to verify that the security certificate is in the same name as the company. If the company name listed there doesn't match the company owning the site, be wary of submitting financial information. Security certificates are sometimes held in the parent company’s name.

Checking for Secure Web Sites Check the URL (the web address) of the web site you are doing business with Whenever you are entering your credit card information or other financial information when ordering online, the address should display https, rather than http, if you are connecting to a secure web site; ex. https://amazon.com/cgibin

Checking Security Features When Using Netscape Navigator To check the security in Netscape, look at the padlock in the lower right corner. unlocked not secure locked secure To check the level of encryption, left click the lock in the lower right-hand corner of the page. A pop up window will appear and tell you whether or not the page you are viewing is encrypted and what type of encryption is being used.

Checking Security Features When Using Internet Explorer When using Internet Explorer as your browser, open the page whose security you want to check. Right click on the page and then go to properties. When you click properties, a pop up window will appear with information on the site's security.

What to Do If You Become a Victim of Identity Theft Call the Federal Trade Commission’s Identity Theft Toll-free Hotline (877 – IDTHEFT) Call all three of the major credit bureaus Experian - 1-888-397-3742 EquiFax - 1-800-525-6285 TransUnion - 1-800-680-7289 For identity theft involving student information or federal education funds, contact U.S. Department of Education, Office of Inspector General 1-800-647-8733

What to Do If You Become a Victim of Identity Theft File a police report as soon as possible Contact your creditors for all affected accounts "A "fraud alert" will be automatically placed on each of your credit reports within 24 hours. This alerts creditors to call you for permission before any new accounts are opened in your name. Not all creditors pay attention to "fraud alerts." You need to stay vigilant for any new accounts that may be opened.“ [1] [1] http://www.bankrate.com/brm/news/credit-management/identity-theft.asp 6/22/04

What to Do If You Become a Victim of Identity Theft Also make your complaints in writing, asking each creditor to provide you and any law enforcement agencies investigating the crime(s) with copies of all documentation that shows fraudulent activity. By making your complaint in writing, you are documenting the time and date when you became aware of the incident. This may protect you from responsibility for additional charges.

Fighting Identity Theft Federal Trade Commission Internet Fraud Complaint Center U.S. Department of Justice Identity Theft Resource Center (ITRC) Operation E-con

Federal Trade Commission This federal agency, created in 1914 to eliminate unfair methods of competition and unfair or deceptive practices concerning commerce, is now focused on the growing threat of identity theft 2003 - 42% of the complaints received by the FTC concerned identity theft. Training seminars are available for investigators and prosecutors on how to access the FTC's Consumer Sentinel database, an identity theft resource, which can securely access the nearly 200,000 complaints filed before June 2002.

Internet Fraud Complaint Center A joint effort between the FBI and the National White Collar Crime Center that investigates complaints of fraud perpetrated on the Internet. This organization acts a hub for complaints and can analyze data to quickly identify new Internet crime trends. The IFCC also can then make referrals to the appropriate law enforcement agency.

Internet Fraud Complaint Center Complaints can be made 24/7, directly to the IFCC, using the online complaint form. Directions on how to file a complaint are found at: http://www1.ifccfbi.gov/strategy/howtofile.asp Victims have come forward from 89 countries Auction fraud accounts for almost two-thirds of all complaints received by the IFCC Authentic Ebay addresses http://cgi3.ebay.com/ http://arribada.ebay.com/ Phony Ebay addresses http://[email protected]/ http://signin-ebay.com/

How to Identify the Source of Email

Identity Theft Resources U.S. Dept. of Justice http://www.usdoj.gov/ Fraud Section Identity Theft Resource Center (ITRC) http://www.idtheftcenter.org/index.shtml FAQ's on identity theft Contains alerts and information on new identity theft scams Includes a guide to organizing an identity theft case

Operation E-Con A joint effort by the FBI, the U.S. Secret Service, the Dept. of Justice, the U.S Postal Inspection Service, the Federal Trade Commission along with National White Collar Crime Center (NW3C) and local and state law enforcement agencies aimed at prosecuting world wide Cyber Crime, including Identity Theft. Prosecution of 130 subjects 90 investigations involving 89,000 victims with estimated losses on nearly 200 million. [1] [1] http://www.ifccfbi.gov/strategy/ifcc-econbrief.pdf. 6/23/04

New Identity Theft Laws Fair and Accurate Credit Transactions Act (FACTA) of 2003 Free annual credit reports for consumers Businesses are required to hide portions of credit card and social security numbers on receipts Created a national fraud hotline so you only have to make one call to report identity theft

National Listing of Identify Theft Citations & Penalties by State The National Conference of State Legislatures (http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm) A comprehensive listing of citations and penalties listed alphabetically by state.

California’s Changing View on Identity Theft In California, "The law making Identity Theft a crime was enacted as a misdemeanor crime in 1998. In 1999, the law was upgraded to an alternate felony/misdemeanor crime ."[1] [1] http://www.infolinkscreening.com/InfoLink/Resources/Articles/IdentityTheft.aspx 6/23/04