Jon Allen, CISSP, EnCE Information Security OfficerJon Allen, CISSP, EnCE Information Security...

Jon Allen, CISSP, EnCE Information Security OfficerJon Allen, CISSP, EnCE Information Security Officer

Amy Alexander Technology Training SpecialistAmy Alexander Technology Training Specialist

Kevin Helpert Police LieutenantKevin Helpert Police Lieutenant

Identity TheftIdentity TheftA personal perspectiveA personal perspective

Protect Your Past, Secure Your Future

IntroductionIntroduction Identity crimeIdentity crime is a widespread crime in the United States. is a widespread crime in the United States.

Identity theft was not formally recognized as a specific federal Identity theft was not formally recognized as a specific federal offense until 1998 when Congress passed a law, the offense until 1998 when Congress passed a law, the Identity Identity Theft and Assumption Deterrence ActTheft and Assumption Deterrence Act. .

The Federal Trade Commission (FTC) reported that for 2009 The Federal Trade Commission (FTC) reported that for 2009 ID Theft continued to top the list of consumer complaints and ID Theft continued to top the list of consumer complaints and accounted for over 21% of all complaints.accounted for over 21% of all complaints.

The median value gained by thieves using ID theft is $500.The median value gained by thieves using ID theft is $500.

Source: FTC Sentinel Report


General Facts and ProjectionsGeneral Facts and Projections According to the 2006 FTC Identity Theft Survey According to the 2006 FTC Identity Theft Survey

Report, approx. 8.3 million American consumers Report, approx. 8.3 million American consumers were victimized.were victimized.

Misuse of existing credit cards accounted for 38% of Misuse of existing credit cards accounted for 38% of all casesall cases

Victims of new account fraud spent an average of 10 Victims of new account fraud spent an average of 10 hours to resolve the issue with some spending in hours to resolve the issue with some spending in excess of 100 hoursexcess of 100 hours



General Facts and ProjectionsGeneral Facts and Projections(continued)(continued)

Computers, the internet, and cell phones have made Computers, the internet, and cell phones have made this type of crime quick and easy.this type of crime quick and easy.

Prior to 2003, U.S. Department of Justice studies Prior to 2003, U.S. Department of Justice studies revealed 98% of ID thieves went free.revealed 98% of ID thieves went free.

ID theft victims are usually victimized again… after ID theft victims are usually victimized again… after 90 days because the victim has restored their credit 90 days because the victim has restored their credit and the suspect still has the personal information of and the suspect still has the personal information of the victim.the victim.

Terrorist groups, Terrorist groups, including 9-11-01including 9-11-01, are among those , are among those funded by identity theft.funded by identity theft.


Identity Theft by StateIdentity Theft by State(on per-capita basis)(on per-capita basis)

Rank Rank StateState Victims/100,000 Victims/100,000

11 ArizonaArizona 137.1137.1

22 CaliforniaCalifornia 120.1120.133 NevadaNevada 114.2114.244 TexasTexas 107.9107.9

5 5 Florida Florida 105.6105.666 New YorkNew York 100.1100.177 Georgia Georgia 91.6 91.6 88 ColoradoColorado 89.089.099 New MexicoNew Mexico 87.587.51010 MarylandMaryland 85.885.8



Identity Theft TypesIdentity Theft Types

Credit card fraudCredit card fraud 23%23% Utilities FraudUtilities Fraud 18%18% Bank fraudBank fraud 13%13% Employment- related fraudEmployment- related fraud 14%14% Other (medical/ child support, etc) Other (medical/ child support, etc) 13.4%13.4% Loan fraudLoan fraud 5%5%



ID Theft Victims by AgeID Theft Victims by Age

Under 19 years of ageUnder 19 years of age 2% 2% Ages 20 to 29Ages 20 to 29 19%19% Ages 30 to 39Ages 30 to 39 23%23% Ages 40 to 49Ages 40 to 49 24%24% Ages 50 to 59Ages 50 to 59 20%20% Ages 60 to 69Ages 60 to 69 8% 8% Age 70 and olderAge 70 and older 4% 4%



Other Victim DataOther Victim Data

Race or Ethnicity is not a significant factor.Race or Ethnicity is not a significant factor. Household incomes of more than $75,000 per Household incomes of more than $75,000 per

year are targeted more often.year are targeted more often. Urban vs. RuralUrban vs. Rural: individuals in urban/ : individuals in urban/

suburban settings are almost twice as likely to suburban settings are almost twice as likely to be victimized than rural individuals.be victimized than rural individuals.


ObjectivesObjectives

With this information, you will be better With this information, you will be better informed if you become a victim, able to start informed if you become a victim, able to start the process of recovery after becoming a the process of recovery after becoming a victim, and know who to contact along with victim, and know who to contact along with access to free resources.access to free resources.


Points of DiscussionPoints of Discussion

General identity theft informationGeneral identity theft information

How easy it is to become a victimHow easy it is to become a victim

Mistakes we makeMistakes we make

How you can assist during an investigation if How you can assist during an investigation if you become a victim you become a victim


Types of Identity TheftTypes of Identity Theft

Various fraudsVarious frauds ScamsScams Counterfeit ID’sCounterfeit ID’s Altered checksAltered checks Counterfeit checksCounterfeit checks Stolen credit cardsStolen credit cards Stolen ID’sStolen ID’s Fraudulent social security cardsFraudulent social security cards


Sources of informationSources of information BurglariesBurglaries Telephone solicitationsTelephone solicitations Stolen wallets and pursesStolen wallets and purses Property recordsProperty records Court recordsCourt records Marriage and divorce Marriage and divorce

certificatescertificates Hacked computer Hacked computer

informationinformation On-line purchasesOn-line purchases Mailbox Mailbox

(look for flags in up position)(look for flags in up position)


Sources of informationSources of information(Continued)(Continued)

Product warranty cardsProduct warranty cards Change of addressChange of address Dumpster or trash divingDumpster or trash diving Posing as a landlord to obtain credit Posing as a landlord to obtain credit

reportreport Shoulder surfingShoulder surfing Cell phones with picture/video Cell phones with picture/video

capabilitiescapabilities ‘‘Phishing’ through the internet and Phishing’ through the internet and

phonephone Sales Clerks, bank clerks, etc. who Sales Clerks, bank clerks, etc. who

copy personal application informationcopy personal application information


Sources of informationSources of information(Continued)(Continued)

Waiters and other store employees Waiters and other store employees who use ‘skimmers’ and sell who use ‘skimmers’ and sell informationinformation

People searches on the internetPeople searches on the internet Lost or stolen receiptsLost or stolen receipts Written checks Written checks (computer (computer

programs and scanners)programs and scanners) Credit card verification scam Credit card verification scam (e-(e-

mail or phone)mail or phone)


Information from mailInformation from mail Telephone & utility bills Telephone & utility bills

(name, phone #, address, acct #)(name, phone #, address, acct #)

Credit card statement Credit card statement (name, address, card #, limit, exp, type(name, address, card #, limit, exp, type

Bank statement Bank statement (name, address, bank name, account #, checks)(name, address, bank name, account #, checks)

Boxes of checks Boxes of checks (blank checks ready to use)(blank checks ready to use)

Credit card offers Credit card offers (name, address, contact #)(name, address, contact #)

Paychecks and stubs Paychecks and stubs (name, address, employer, acct #, SSN)(name, address, employer, acct #, SSN)

Retirement statements Retirement statements (name, address, acct #, balance, employer (name, address, acct #, balance, employer contact information, SSN)contact information, SSN)

Annual SS statement Annual SS statement (name, address, SSN #’s (spouse & dependants)(name, address, SSN #’s (spouse & dependants)

W-2’s and other tax formsW-2’s and other tax forms(everything needed to assume your ID)(everything needed to assume your ID)


Social NetworksSocial Networks

Exposing security question answersExposing security question answers But my profile is privateBut my profile is private

Location data Location data Including embedded photo dataIncluding embedded photo data

Identity thieves are information minersIdentity thieves are information miners


Tips to protect yourselfTips to protect yourself Write Write “check ID” “check ID” on back side of on back side of

credit card and signcredit card and sign Keep credit card in sightKeep credit card in sight Drop bills off at post office Drop bills off at post office (or pay with cashiers check)(or pay with cashiers check)

Pick up boxes of checks at bank Pick up boxes of checks at bank personallypersonally

Do not respond to e-mails asking Do not respond to e-mails asking for personal information, call for personal information, call your credit card company from a your credit card company from a number listed on the statementnumber listed on the statement


Personal StoryPersonal Story

Amy can you describe for us the events that Amy can you describe for us the events that you believe lead to you becoming a victim of you believe lead to you becoming a victim of identify theftidentify theft


Security FreezeSecurity Freeze

Called anti-identity theft freezeCalled anti-identity theft freeze Allows individuals to block access to their Allows individuals to block access to their

credit reports until they personally unlock the credit reports until they personally unlock the files by contacting the credit bureaus and files by contacting the credit bureaus and providing a PIN numberproviding a PIN number

Without the code, a fraudster cannot open an Without the code, a fraudster cannot open an account in their nameaccount in their name

Cost nothing for victims of ID theft, approx. Cost nothing for victims of ID theft, approx. $10.00 for anyone else$10.00 for anyone else


Security FreezeSecurity Freeze

Write all three credit bureaus with the requestWrite all three credit bureaus with the request For more information… log onto For more information… log onto www.ftc.govwww.ftc.gov Provide… name, address for last 5 years, SSN, Provide… name, address for last 5 years, SSN,

DOB, 2 proofs of address (bills?), and a copy DOB, 2 proofs of address (bills?), and a copy of the police report if a victim, along with of the police report if a victim, along with completing a fraud affidavitcompleting a fraud affidavit


Social EngineeringSocial Engineering

Do you know who worked on your computer?Do you know who worked on your computer? Did the person you sign in for watch you type Did the person you sign in for watch you type

your password?your password? Have you ever walked away from your Have you ever walked away from your

computer and left it unlocked?computer and left it unlocked?


Prevent Social EngineeringPrevent Social Engineering

Lock your computer when you are away from Lock your computer when you are away from the deskthe desk

Verify that anyone working on your computer Verify that anyone working on your computer has an picture ITS badge or is authenticated has an picture ITS badge or is authenticated through the helplinethrough the helpline

Never share any account passwordsNever share any account passwords


Phishing the new SPAMPhishing the new SPAM

A combination of attacks to yield personal A combination of attacks to yield personal informationinformation

Hard to tell a legitimate emailHard to tell a legitimate email Will not go awayWill not go away



SpearingSpearing

Account SecurityAccount Security

Pick a good passwordPick a good password Minimum of 8 characters in lengthMinimum of 8 characters in length Must contain 3 out of 4 categoriesMust contain 3 out of 4 categories Upper case, lower case, number and symbolUpper case, lower case, number and symbol

Never share your passwordNever share your password Lock or logout of a computer when you leave Lock or logout of a computer when you leave

it.it.


Protect Your DataProtect Your Data

Verify that Windows/Mac Updates are being Verify that Windows/Mac Updates are being applied to your computerapplied to your computer

Check that Symantec Antivirus is up to dateCheck that Symantec Antivirus is up to date


Social Security NumberSocial Security Number

The Social Security Number policy governs The Social Security Number policy governs the use of SSN on campusthe use of SSN on campus

Any new retention of SSN electronic or on Any new retention of SSN electronic or on paper must be approved by the CIOpaper must be approved by the CIO

Old stores of SSN should be protected or Old stores of SSN should be protected or deleted.deleted.



Amy can you talk about how you realized you Amy can you talk about how you realized you were a victim of identity theft?were a victim of identity theft?


If you become a victim…If you become a victim…(Continued)(Continued)

Organize a file of all related paperwork for easy Organize a file of all related paperwork for easy accessaccess

Follow up in writing with all contacts made by phone Follow up in writing with all contacts made by phone or in personor in persona. Use certified mail, with return receipt requesteda. Use certified mail, with return receipt requestedb. Keep copies of all correspondence or forms usedb. Keep copies of all correspondence or forms usedc. Keep all originals if possiblec. Keep all originals if possible

File a complaint with the FTC (File a complaint with the FTC (ask for any ask for any information or paperworkinformation or paperwork))


If you become a victimIf you become a victim

Place a fraud alert on credit reports, then Place a fraud alert on credit reports, then review reportsreview reports

a. Once one credit bureau is contacted, a. Once one credit bureau is contacted, the other two should automatically be the other two should automatically be notified to place alerts… notified to place alerts… *but check for *but check for yourself !yourself !

b. All three bureaus should send the victimb. All three bureaus should send the victim informationinformation

c. Get copies for law enforcementc. Get copies for law enforcement


If you become a victim…If you become a victim… Contact any credit card companiesContact any credit card companies Contact the local law enforcement agencyContact the local law enforcement agency Close any accounts that have been tampered or opened fraudulentlyClose any accounts that have been tampered or opened fraudulently Close all checking and savings accounts that could be affectedClose all checking and savings accounts that could be affected Retrieve copies of bank and credit card statements, and note Retrieve copies of bank and credit card statements, and note

fraudulent itemsfraudulent items


If you become a victim…If you become a victim…(Continued)(Continued)

Contact the check verification companiesContact the check verification companies Contact the major credit reporting bureausContact the major credit reporting bureaus Contact the Social Security Administrative Contact the Social Security Administrative

offices if Social Security number used (800-offices if Social Security number used (800-269-0271)269-0271)


RememberRemember

If your Baylor University ID card is lost or stolen… If your Baylor University ID card is lost or stolen… deactivate your card on-line immediately deactivate your card on-line immediately (DO NOT (DO NOT

WAIT!!!!!!!!)WAIT!!!!!!!!). . By doing so, you lessen the chances of a potential By doing so, you lessen the chances of a potential

suspect to gain unauthorized access to a building or suspect to gain unauthorized access to a building or dorm. This also prevents the card from being used dorm. This also prevents the card from being used like a credit card like a credit card (Example: BearBucks and the BU Bookstore)(Example: BearBucks and the BU Bookstore)..

**Go to Cashier’s office webpage… click on “ID Card”… click on “Lost/ **Go to Cashier’s office webpage… click on “ID Card”… click on “Lost/ Stolen ID Card Link”Stolen ID Card Link”



Amy where is your case of identity theft today?Amy where is your case of identity theft today?


Baylor Police DepartmentBaylor Police Department(254)710-2222(254)710-2222


Questions???Questions???


Jon Allen, CISSP, EnCE Information Security OfficerJon Allen, CISSP, EnCE Information Security...

Documents

Transcript of Jon Allen, CISSP, EnCE Information Security OfficerJon Allen, CISSP, EnCE Information Security...