Information Security Office The University of Arizona Security Awareness Brown Bag Series Identity...

Information Security Office

The University of Arizona

Security Awareness Brown Bag Series

Identity Theft and Telephone Fraud


Identity Theft

How to Protect Your Identity

Every 79 seconds a thief steals someone's identity, opens accounts in the victim's name, and goes

shopping


OBJECTIVES

What is Identity Theft How Thieves Do It Preventive Actions Internet and On-Line

Services Credit Reports (who to

contact) Steps for Victims Reporting Identity Theft Consequences


What Is Identity TheftAcquisition of key pieces of someone’s identifying information in order to impersonate them.Identifying Information Includes:

• Name

• Address

• Date of Birth

• Social Security Number

• Mother’s Maiden Name

• Credit Card Number

• ATM PIN’s

• Bank Account Numbers


What Is Identity TheftPurpose

Take over financial accounts

Open new bank accounts

Apply for loans

Apply for credit cards

Apply for social security benefits

Purchase automobiles

Rent apartments

Establish services with utility and phone companies

Write Checks on accounts

Online Purchases and Services


How They Do It• Use low and high tech methods• Shoulder surfing at ATMs and Pay

Phones• Steal your mail• Dumpster diving• Corrupted postal employees (including

Mail Room Personnel)• Check washing

– Mostly in Western U.S.– Related to Meth use (similarly used

chemicals)• Check creation software• Credit Card Checks


Preventive Actions

• Promptly remove mail from your mail box

• Deposit outgoing mail in post office collection mail boxes or at your local post office

– Do not leave in unsecured mail receptacles

• Never give personal information over the telephone unless you initiated the call


Preventive Actions• Shred pre-approved credit card

applications, credit card receipts, bills and other financial information you don’t want

• Empty your wallet/purse of extra credit cards and Ids

• Opt to use an alternate number on Driver’s License

• Memorize your SSN and all your passwords


Preventive Actions• Order your credit report from the three

credit bureaus once a year to check for discrepancies

• Never leave receipts at bank machines, bank windows, trash receptacles, or unattended gasoline pumps

• Sign all new credit cards upon receipt

• Save all credit card receipts and match them against your monthly bills

• Never loan your credit cards to anyone else


Preventive Actions• Be conscious of normal receipt of

financial statements

– Contact sender if they are not received on time

• Notify credit card companies and financial institutions in advance of any change of address or phone number

• Never put account numbers on post cards or on the outside of an envelope

• Report all lost or stolen credit cards immediately


Preventive Actions• If you applied for a new credit card and

it hasn’t arrived in a timely manner, call the bank or credit card company involved

• Know your expiration dates

– Contact issuer if replacements are not received promptly

• Beware of mail or telephone solicitations disguised as promotions offering instant prizes or awards designed solely to obtain your personal information or credit card numbers


Preventive Actions• Never use commonly used

passwords/PINs:

– Dates of Birth

– Last four of SSN

– Last four of phone number

– Series of consecutive numbers

• Don’t carry SSN card with you

• Do not use your SSN as your drivers license number


Internet and On-Line ServicesUse caution when disclosing:

– checking account numbers

– credit card numbers or

– other personal financial data at any web site or on-line service location unless you receive a secured authentication key from your provider.

When you subscribe to an on-line service, you may be asked to give credit card information.– beware of con artists who may ask you to

“confirm” your enrollment service by disclosing passwords or the credit card account number you used to subscribe.


Credit ReportsWho to contact:

Equifax – www.equifax.com

P.O. Box 740241

Atlanta, GA 30374-0241

Telephone:

1-800-685-1111

Experian - www.experian.com

(Formerly TRW)

P.O. Box 949

Allen, TX 75013-0949

Telephone:

1-800-397-3742

TransUnion – www.tuc.com

P.O. Box 1000

Chester, PA 19022

Telephone: 1-800-916-8800


Action Steps For Victims• Contact all creditors, by phone and in

writing, to inform them of the problem• Call your nearest Postal Inspection Service

office and your local police• Contact the Federal Trade Commission to

report the problem• Call one of the three credit bureau’s fraud

units to report identity theft (they will contact other 2 for you)– Ask to have a “Fraud Alert/Victim Impact”

statement placed in your credit file asking that creditors call you before opening any new accounts

• Alert your bank to flag your accounts and to contact you to confirm unusual activity


Action Steps For Victims• Request a change of PIN and new password• Keep a log of all contacts and make copies of all

documents• You may also wish to contact a privacy or

consumer advocacy group regarding illegal activity

• Contact the Social Security Administration’s Fraud

Hotline• Contact the state office of the Department of

Motor Vehicles to see if another license was issued in your

name– If so, request a new license number and fill out

the DMV’s complaint form to begin the fraud investigation process


Report Identity Theft To• Equifax Credit Bureau, Fraud

1-800-525-6285

• Experian Information Solutions

1-888-397-3742

• TransUnion Credit Bureau, Fraud

1-800-680-7289

• Federal Trade Commission

1-877-IDTHEFT (438-4338)

• AFOSI Det 201

DSN 574-7371 or Commercial: (757) 764-7371

• Social Security Administration, Fraud Hotline

1-800-269-0271


Security Awareness Brown Bag Series

Sponsored by CCIT

Telephone Fraud


Phone Fraud

"This is Ernestine from the Phone Company. Have I reached the party to whom I am speaking?"


Phone Fraud Impact

Costs the Telecommunication industry more than $4 billion a year – costs are

ultimately passed on to consumer.


Telephone FraudThe 9-0-# Phone Scam

• Call is made to an office and cons unsuspecting worker to transfer call to outside line

• Caller claims to be a telecommunication service technician “repairing” phone lines

• Convinces recipient of call to “help” by transferring him to an outside line AND hang up

• Once done, the caller starts dialing calls that are charged to owner of PBX


"Compromised Private Branch Exchange (PBX) and Telephone

Voice Mail Systems”• Dated 6/3/2003 from NIPC• Enables unauthorized communication via

compromised US phone systems • Cannot be traced • Used to connect to local access numbers for

ISP’s - free Internet service via a modem• Can redirect repeated calls to a specific

number, such as 911, and cause denial-of-service (DoS) activity.


Telephone Fraud DetectionToll Fraud warning signs:

– Long holding times– Unexplained surges in use– Increase in calls after business hours– Reports of odd calls– Complaints that system is always busy


Telephone Fraud Protection• Memorize calling card number.• Prevent shoulder surfing - Be aware of people

loitering around phones. Stand directly in front of phone when entering number.

• Don’t give your Calling Card numbers to others• Guard your Calling Card number as you would a

credit card number• Report lost or stolen cards immediately• Don’t accept third-party calls from those you

don’t know


PreventionPrimarily targets businesses and universitiesTechnician would never ask customer to helpcheck phone linesBest defense is to be aware of this scam andreview what to do if it happens:

– Ask “technician” for call-back number or for name and number of supervisor. Then

hang up– Report call


809 Area Code Scam

The 809 scam involve a message (phone,email, pager)Request you immediately call or fax an809 area code numberExamples of reason to call include:

– avoiding litigation– receiving info about someone who has died or been

arrested – winning a prize– getting a job– even death in family


Prevention 809 Area Code Scam

809 area code is in the Caribbean. Nointernational code is requiredSome numbers in 809 areas code are “pay-percall” numbersScamsters try and keep you on phone as long aspossibleNot just limited to 809 (284, 876)

AT&T’s Webpage on phone fraud and scamshttp://www.att.com/fraud/home.html#b


Wireless Telephone Fraud Prevention Tips

• Lock phones, remove handsets and wireless antenna when vehicle left with someone

• Protect sensitive documents (subscriber agreement containing electronic serial numbers)

• Immediately report lost or stolen wireless phone carrier

• Don’t leave phone in unattended car or in isolated area for extended period of time


SEC- -Y

If not you, who? If not now, when?

The key to security awareness is embedded in the word security………….


Resources at the University of Arizona

Kerio Firewall https://sitelicense.arizona.edu/kerio/kerio.shtml

Sophos Anti Virushttps://sitelicense.arizona.edu/sophos/sophos.html

VPN client softwarehttps://sitelicense.arizona.edu/vpn/vpn.shtml

Policies, Procedures and Guidelineshttp://security.arizona.edu/guidelinesetc.html

Security Awareness http://security.arizona.edu/awareness.html


University Information Security Office

Bob LancasterUniversity Information Security OfficerCo-Director – CCIT, [email protected]

Security Incident Response Team (SIRT)[email protected]

Kelley BogartInformation Security Office [email protected]

Information Security Office The University of Arizona Security Awareness Brown Bag Series Identity...

Documents

Transcript of Information Security Office The University of Arizona Security Awareness Brown Bag Series Identity...