PowerPoint PresentationStolen Identity Refund Fraud Uses a taxpayer’s information to apply for...

Dr. Robert K. MinnitiDBA, CPA, CFE, Cr.FA, CVA, CFF, MAFF, CGMA, PI

President, Minniti CPA, LLC

Identity Theft

Dr. Robert K Minniti

DBA – Doctor of Business AdministrationCPA - Certified Public AccountantCFE – Certified Fraud ExaminerCrFA – Certified Forensic AccountantCFF – Certified in Financial ForensicsCVA – Certified Valuation AnalystMAFF – Master Analyst in Financial ForensicsCGMA – Charted Global Management AccountantPI – Licensed Private Investigator

Objectives

Upon completing this class you will be able to:

Recognize the various types of identity theft

Understand how criminals commit acts of tax refund identity fraud

Learn what you can do to help prevent identity theft

Fraud Triangle

Fraud Triangle Theory – Donald Cressey

To Quote William Shakespeare…

Good name, in man and woman, dear my lord / Is the immediate jewel of their souls: / Who steals my purse, steals trash; ’tis something, nothing; / ’Twas mine, ’tis his, and has been slave to thousands: / But he that filches from me my good name / Robs me of that which not enriches him / And makes me poor indeed. (Shakespeare, Othello, Act III, Scene III)

Identity Theft Is…

A crime that has increased in modern times

A crime that has become more profitable in modern times

A crime that is easier to commit because of the Internet

Identity Theft Defined

Identity theft is broadly defined as the use of one person’s identity or personally identifying information by another person without his or her permission. Identity theft is a type of fraud and can be committed against an individual or organization.

The federal criminal definition of identity theft is when someone “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, or in connection with, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.” [18 USC §1028(a)(7)]

Identity Theft Timeline

Until 1996, identity theft was not recognized as a crime at the state level.

Arizona was the first state in the United States to pass laws against identity theft.

On May 10, 2006, President Bush issued Executive Order 13402 that established the Identity Theft Task Force.

In 2008, the Federal Trade Commission adopted the “Red Flag Rules.”

DISCUSSION QUESTION

Has the government done enough to help prevent identity theft? What else could be done?

Polling Question #1

True or False

There are 4 parts to the fraud triangle

Identity Theft &

Fraud Statistics

CYBER FRAUD

Cyber Fraud is a term used for fraud that is committed using computers or over the internet

CYBER FRAUD IS GROWING

https://pdf.ic3.gov/2019_IC3Report.pdf

CYBER FRAUD VICTIMS


Consumer Sentinel Network Data Book – January – December 2019


2019


2018


2019

Consumer Sentinel Network Data Book

– January – December 2019

2019


2019

Consumer Sentinel Network Data Book

– January – December 2019

2019

THE NEW GENERATION OF CYBER FRAUD

Cybercrime has its own social networks with escrow services.

Malware can be licensed and receive tech support.

You can rent botnets by the hour for your own crime spree.

Pay-for-play malware infection services have appeared that quickly create botnets.

A lively market for zero-day exploits (unknown software vulnerabilities) has been established.

https://www.knowbe4.com/

EXAMPLES OF EXPLOITS

"Meltdown" (CVE-2017-5754) is a flaw that lets ordinary applications cross the security boundaries enforced at chip level to protect access to the private contents of kernel memory in Intel chips produced over the last decade.

"Spectre" (CVE-2017-5753 and CVE-2017-5715), are more insidious and widespread, having been found in chips from AMD and ARM as well as Intel. Spectre could enable an attacker to bypass isolation among different applications.


Polling Question #2

True or False

Cyber fraud cases in the US are decreasing

Types of

Identity Theft

Criminal Identity Theft

Occurs when the perpetrator, who is using a stolen identity, is arrested for a crime.

Fraudsters use victim’s identities to open businesses and bank accounts and then process stolen checks and credit cards through these accounts

Most individuals don’t find out about this type of identity theft until they are arrested for crimes they didn’t commit.

Medical Identity Theft

Uses the victim’s medical insurance.

Victim could find that he or she is uninsurable.

Issues in emergency rooms

Insurance Identity Theft

Auto insurance

Homeowners insurance

Life insurance

Business insurance

Malpractice insurance

E&O insurance

Child Identity Theft

Steals the identity of a person under legal age.

Often, children don’t find out about their identity being stolen until they apply for student loans or attempt to get a job.

Polling Question #3

True or False

Minors cannot be victims of identity theft

Professional Identity Theft

Steals the professional identity of another person.

Because professional licenses and license numbers are a matter of public record, it is relatively easy to commit this type of identity theft.

Business Identity Theft

Use the business name to obtain loans or credit.

Usually committed by insiders or current or former employees who had access to the business’ financial information.

Includes the use of spoofed or fraudulent websites to obtain personal information from victims.

Identity Theft

New Account Fraud

Uses the victim’s personal information to open new financial accounts.

Need to acquire the victim’s Social Security number to perpetrate this type of fraud.

Loan Application Fraud

Identity Theft

Account Takeover Fraud

Identity thief takes over a victim’s existing account.

Checking accounts are the easiest to takeover. All that is needed is the bank routing number and account number, both of which can be found on the front of a victim’s checks.

Polling Question #4

True or False

It is easy to duplicate credit and debit cards

Duplicate Card Fraud

You can also duplicate the new chip cards

RFID Protection

Stolen Balance Transfer Checks

Criminals steal credit card statements from mailboxes. Many of these statements include balance transfer checks from the card issuer. The thieves then use these checks to obtain cash or merchandise. Because these are checks the federal $50 limit on credit cards does not apply and the victim can be responsible for the loss.

Identity Theft

Debit Card Cracking

Criminals deposit fraudulent checks in your bank account and withdraw the funds using a debit card when the bank makes the funds available leaving the account holder on the hook for the NSF checks

Identity Cloning

Includes multiple forms of identity theft.

Individuals who are attempting to evade child support or creditors, running from the law, or otherwise attempting to conceal their true identity, clone the identity of the victim and use it openly in plain sight.

Polling Question #5

True or False

Identity thieves can steal your professional identity

Synthetic Identity Theft

Involves creating a fabricated identity, usually online.

Catfishing

Often involves using a real Social Security number that is then linked to the fabricated identity.

Identity Theft

Government Benefits Fraud

Applies for government benefits, such as Social Security or Medicare, in the name of the victim.

Includes individuals who continue to apply for and receive government benefits for deceased individuals.

Identity Theft

Government Documents Fraud

Obtains government documents, such as a driver’s license, Medicare card, Social Security card, or other document.

Documents have the name of the victim, but usually have the fraudster’s photo.

Identity Theft

Employment Fraud

Uses the victim’s name and Social Security number to obtain employment.

Often done because the perpetrator of the fraud is in the country illegally and needs legitimate documentation to obtain employment.

Identity Theft

Utility Fraud

Uses the victim’s personal information to open accounts with electric, gas, cable, phone, or other utility companies.

Bills are often sent to a fictitious address and left unpaid.

Identity Theft

Bankruptcy Fraud

The perpetrator files for bankruptcy under a stolen identity but includes debts incurred from other stolen identities in the bankruptcy in order to take advantage of the automatic stay.

Also used as a means to forestall a foreclosure.

Identity Theft

Stolen Identity Refund Fraud

Uses a taxpayer’s information to apply for refunds in the name of the victim.

Many times, false returns claim the Earned Income Tax Credit.

The IRS will send a refund based on the first return filed. Victims of this type of fraud usually find out when the IRS rejects their attempt to file their tax return electronically.

Polling Question #6

True or False

Employment fraud is uncommon in the U.S.

The IRS reported receiving as many as 5 million tax returns resulting from stolen identity refund fraud for the 2013 tax year

The IRS reported that fraudulent returns were filed claiming refunds in excess of $30 billion for the 2013 tax year

Tax Return Identity Theft

In 2013 the IRS prevented $24.2 Billion in fraudulent returns from being paid

The IRS acknowledged it paid $5.8 Billion in fraudulent returns in 2013

http://www.gao.gov/assets/670/667965.pdf

As of February 2016 the IRS identified 42,148 fraudulent tax returns claiming $227 million in fraudulent refunds

In February 2016 the IRS identified an additional 35,000 e-filed returns that could be fraudulent

As of February 29, 2016 the IRS confirmed there were 31,578 fraudulent returns with refunds issued that were a result of tax return identity fraud


https://www.treasury.gov/tigta/auditreports/2016reports/201640034fr.pdf

Uses a taxpayer’s information to apply for refunds in the name of the victim.

Many times, false returns claim the Earned Income Tax Credit.

The IRS will send a refund based on the first return filed. Victims of this type of fraud usually find out when the IRS rejects their attempt to file their tax return electronically.


Case Examples:

Tampa FL - $100 million return fraud

Southern California – victimized multiple times

TurboTax – 2015 shutdown

Timetable to resolve 6 to 12 months


Businesses receive notices about:

•Amended Returns•Fictitious employees•Revised W-2s or 1099s•Notices on closed businesses


New 1099-NEC

Must be filed with the IRS by January 31. No automatic extensions

The victim’s identity is used to obtain employment, usually by someone in the country illegally

The victim usually finds out about this type of fraud when they receive an audit notice from the IRS

Case Example – False W-2


Effects of Business Identity Theft

Criminals go after businesses as well as individuals

According to the IRS fraudulent tax refund fraud for businesses has been increasing $268 million in 2016

$122 million in 2015

Over 10,000 identity theft returns for businesses had been discovered by June 1, 2017 a significant increase over the 4000 cases discovered the previous year

Polling Question #7

True or False

Criminals steal personal information to file false tax returns

How Criminals Steal

Personal Information

Identity Theft

Mail Theft

One of the oldest methods

Variation - File a change of address form with the U.S. Post Office and have the victim’s mail rerouted to another address, usually to a mailbox store.

Identity Theft

Stolen Wallet or Purse

Usually contains a driver’s license, medical insurance cards, credit cards, union cards, business cards, and often Social Security and Medicare cards.

Identity Theft

Phishing

Used to gain personal information, such as usernames, passwords, Social Security numbers, and credit card numbers, for purposes of identity theft.

Often accomplished by using fraudulent e-mail messages that appear to come from legitimate businesses or government agencies.

Phishing Examples

Phishing Example

Phishing Examples

PHISHING EXAMPLES

Phishing Examples

Phishing Example

Polling Question #8

True or False

Phishing is done using email

Identity Theft

Vishing

Personal information obtained over the phone

Call to inform individuals that they have won a prize but that they need to pay taxes or shipping fees to obtain the prize.

Fake a call from a local business where an individual shops to verify credit card information on a transaction.

VISHINGVishing is similar to phishing but it occurs over the phone rather than over the internet.

Criminals try to obtain information or try to load malware on the victim’s computer.

IRS Vishing

Computer generated voice:

Hello. This call is officially a final notice from the IRS, Internal Revenue Service. The reason of this call is to inform you that IRS is filing lawsuit against you. To get more information about this case file, please call immediately on our department number 202-492-8816. I repeat 202-492-8816. Thank you.

VISHING

Mega Millions Jackpot

Human voice (heavily accented)

Yes this is _______, calling you from the Mega Millions limited. My reason to call your residence today is to let you know that you are a lucky recipient of 5.5 Million dollars and also a brand new 2015 Mercedes Benz. For further information, you need to contact the claims department at 1-876-354-53 zero-zero. That is 187635453 zero zero. As soon as you receive this message, I need you to give us a call. G-d bless you now and have a nice day.

VISHING

DISGUISING A VOICE

When criminals want to disguise their voices over the phone it is easy to do because there are numerous “Apps for that”

SMISHING

Smishing is similar to phishing and vishing but it is done using text messages rather than phone calls or email. Criminals try to obtain information or try to load malware on the victim’s computer.

SMISHING

Spoofing

Term used to describe fraudulent e-mail activity in which the sender’s address or other parts of the e-mail header are altered to appear as though the e-mail originated from a different source

Commonly used by spammers to hide the origin of an e-mail

SPOOFING EXAMPLE


SPOOFING A PHONE NUMBER

https://www.spoofcard.com/apps

Polling Question #9

True or False

It is easy to spoof a phone number

Identity Theft

Piggy Backing

Fraudster calls you representing there is an issue with your account

Fraudster then transfers you to the fraud department with a three way call

Fraudster then listens in while you provide your personal information to your financial institution

Identity Theft

Pharming

A virus or malicious software is secretly loaded onto the victim’s computer and hijacks the web browser.

When the victim types in the address of a legitimate website, he or she is rerouted to a fictitious copy of the website without realizing it.

Identity Theft

Shoulder Surfing

Individuals access the Internet in public places.

The perpetrator can obtain credit card or other information typed into a laptop or PDA or provided verbally over the phone by standing nearby.

Information sent over public wireless networks can be intercepted.

Identity Theft

Social Media Data Mining

Uses social media websites to gather information on victims.

Considerable amounts of personal information posted on social media sites.

Friends and relatives inadvertently post the victim’s personal information on their social media sites.

Identity Theft

Obituary Surfing

Search the obituaries online and in local papers.

Less risk of being caught because there is often no one monitoring the credit and banking activities of the deceased individual.

Identity Theft

Free Public Wi-Fi

Set up free public Wi-Fi networks in airports, near hotels, and in other public places.

Information on victim’s computers and other electronic devices is hacked.

Can gain control of e-mail accounts, bank accounts, social media accounts, and so on.

Polling Question #10

True or False

Criminals use social media to gather information about victims

Finding Information on the InternetOnce a criminal gets your number, they can find all kinds of interesting information.

Watching WebcamsIt is easy to watch unsecured webcams

Obtaining User Names & Passwords

DISCUSSION QUESTION

What information can be found in a search of public records?

CASE STUDY

This case study has three goals: To provide you with skills and resources for conducting investigations of public records

and information

To make you aware of just how much of your personal information is easily obtainable on the Internet.

To provide an example of how an identity thief can gather enough information to steal your identity.

Identity Theft

Malware in Charging Stations

One of the new methods of stealing information is to load malware into public charging stations. When the victim plugs in to a USB port to charge their mobile devices, malware is loaded onto their device while it is charging.

Identity Theft

Cell Phone Cloning

Devices allow a criminal to clone a smartphone if he or she can get within three feet of a phone that is turned on

Make a copy of all the information contained on the cell phone and use that information to steal the victim’s identity

Identity Theft

Hacking & Data Breaches

Steal personal information from government and business computers.

Employees copy the personal information contained on their employer’s computers and sell the information.


True or False

Vishing is done over the phone

http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html

Identity Theft

Pretexting

The perpetrator poses as a legitimate government official, corporate employee, or member of a legitimate business and calls victims asking for personal information.

Convince the victim that the information is needed to complete a transaction.

Convince the victim that someone is trying to access their account and that he or she needs to verify personal information to prevent a loss.

Identity Theft

Dumpster Diving

Search trash cans for documents that contain personal information.

Bank statements, credit card statements, and other financial information are sometimes found in the trash.

Identity Theft

Fraudulent Recruiter Scam

Retrieve the victims’ contact information from their online resumes and send them e-mails posing as recruiters.

Identity Theft

Fraudulent Employment Scam

Get the victim’s name and contact information from the posted resume and e-mail what appears to be a legitimate offer of employment.

Identity Theft

Internet Dating Scams

The perpetrator preys on lonely individuals by posing as “supermodel” potential boyfriends or girlfriends from outside the United States.

Ask for money to help clear passport issues in his or her home country so he or she can come to America and marry the love of his or her life.


True or False

Criminals will pose as recruiters to obtain your personal information

Identity Theft

Nigerian Government Letter

Pose as officials of the Nigerian government, or another government, and ask the victim for help in moving funds out of the country

Claim that they need to move the money to keep it from being confiscated

Identity Theft

Long Lost Relative

Pose as a barrister from England or another country and claim that the victim is the sole surviving relative of their deceased client

Tell the victim that he or she is inheriting a large sum of money as the only surviving heir of a rich relative

Identity Theft

Charity Frauds

Set up fake websites for nonexistent charities and then spam for victims.

Stories of victims of the California wildfires, Hurricane Katrina, and other natural disasters are posted on the website.

Identity Theft

Lottery Frauds

Send the victim an e-mail, which is usually spam or spoofed, informing the victim that he or she has won a large sum of money in a lottery.

The victim is told the lottery commission needs personal information to verify the funds are being sent to the correct winner.

Identity Theft

Corporate Prize Scam

Similar to the lottery scam, with the prize coming from a corporation or source other than a lottery

Claim that the victim’s e-mail address was selected to receive a prize and ask for personal information to verify the identity of the winner or complete tax forms on the prize won

Identity Theft

Spoofing

Term used to describe fraudulent e-mail activity in which the sender’s address or other parts of the e-mail header are altered to appear as though the e-mail originated from a different source

Commonly used by spammers to hide the origin of an e-mail

Identity Theft

Skimming

Attaches a device to a machine that records the information on the card’s magnetic strip.

Information can be imprinted on other cards.

Miniature cameras used to capture the PINs entered by the victims.


True or False

Credit card skimmers copy information from credit cards

Identity Theft

Cell Phone Cameras

The perpetrator uses the camera on his or her cell phone to take photos of credit cards and checks belonging to customers who are standing in line ahead of them in retail establishments.

Can duplicate a check on a laser printer.

American Express cards are the most vulnerable to this type of theft because the 4-digit security code is on the front of the card.

Sockpuppets

COMPUTER GENERATED PHOTOS

https://petapixel.com/2018/12/17/these-portraits-were-made-by-ai-none-of-these-people-exist/


True or False

A sockpuppet is used to create a fake identity on the internet

Identity Theft

Malware in Charging Stations

One of the new methods of stealing information is to load malware into public charging stations. When the victim plugs in to a USB port to charge their mobile devices, malware is loaded onto their device while it is charging.

Identity Theft

Cell Phone Cloning

Devices allow a criminal to clone a smartphone if he or she can get within three feet of a phone that is turned on

Make a copy of all the information contained on the cell phone and use that information to steal the victim’s identity

Identity Theft

Fake Census Workers

Posing as U.S. Census personnel and asking for information that is misrepresented as being necessary for the census

Usually continue to ask questions until the victim starts to be hesitant or questions why the information is needed

Identity Theft

Obituary Surfing

Search the obituaries online and in local papers.

Less risk of being caught because there is often no one monitoring the credit and banking activities of the deceased individual.

Identity Theft

Free Public Wi-Fi

Set up free public Wi-Fi networks in airports, near hotels, and in other public places.

Information on victim’s computers and other electronic devices is hacked.

Can gain control of e-mail accounts, bank accounts, social media accounts, and so on.


True or False

Charging stations are always safe to use

Ransomware

Ransomware is placed on computers to encrypt your data until a ransom is paid for the decryption key

CryptoLocker is one example of ransomware.

CryptoWall 2.0 is one of the newer versions

The FBI estimates that ransomware is a $1 Billion a year fraud

http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/index.html?section=money_technology

RANSOMWARE

Scareware (Pop-ups)

PC Cyborg (1998)

TeslaCrypt (Gamers)

Locky (Email)

Wannacry (Windows flaw)


CryptoLocker

Ransomware

RANSOMWARE ATTACKS EMAIL


Ransomware

Typical ransomware software uses RSA 2048 encryption to encrypt files. Just to give you an idea of how strong this is, an average desktop computer is estimated to take around 6.4 quadrillion years to crack an RSA 2048 key.



True or False

Ransomware encrypts the data on your computer

Data Breaches

The release or taking of data from a secure source to an unsecured third-party location (Computer).

Data Breaches

Outsiders – 62% of incidents

Insiders – 11% of incidents

Accidental loss – 25% of incidents

State sponsored – 2% of incidents

Data Breaches

The average cost of a data breach in 2019 was $3.92 million

Smaller data breaches with less than 10,000 records stolen cost an average of $2.2 million

Larger data breaches with more than 50,000 records stolen cost an average of $6.4 million

Note: The study only looked at data breaches where <100,000 records were stolen

2019 Cost of Data Breach Study: Global Analysis, Benchmark research sponsored by IBM, Independently conducted by Ponemon Institute LLC

Data Breaches

2018 Cost of Data Breach Study: Global Analysis, Benchmark research sponsored by IBM, Independently conducted by Ponemon Institute LLC

Data Breaches

Target

• Nov to Dec 2013

• Estimated 70,000,000 stolen debit and credit card numbers

• Including customer’s names, PIN Numbers, CVV codes, etc.

• Cost to Target could be in excess of $3.6 billion

Data Breaches

Home Depot

• September 2014

• Malware installed on computers at 2,200 Home Depot stores

• 56.000.000 records stolen

• Credit and debit card numbers stolen

Data Breaches

Anthem Blue Cross/Blue Shield

• Estimated 80,000,000 records stolen

• Customers’ names, dates of birth, member ID numbers, social security numbers, addresses, phone numbers, and other personal information

Data Breaches

AOL

• April 2014

• Estimated 50,000,000 stolen user IDs and Passwords

• Including customer’s names, birthdates and other personal information

• Information from users address books was also stolen

Data Breaches

Chase Bank

• July 2014


• Customers’ names, addresses, phone numbers, and other personal information

Data Breaches

Adobe

• October 2013

• Estimated 38,000,000 stolen user IDs and Passwords

• Including customer’s names, credit card information and other personal information

Data Breaches

Veterans of Foreign Wars

• April 2014

• The office of The Veterans Of Foreign Wars Of The United States notified members that an unauthorized party accessed VFW's webserver through the use of a trojanand malicious code.

• The hacker, thought to be in China, was able to download tables containing the names, addresses, Social Security numbers of approximately 55,000 VFW members.

Data Breaches

Equifax

September 2017

Estimated 147 million consumers affected

Personal information contained in credit reports

Offering free credit freezes

Chief Information Officer, Jun Ying charged with insider trading for selling $1 million in stock after the breach was discovered but before the information was publicly disclosed

Data Breaches

Ashley Madison

• August 2015


• Stolen data being used for phishing attacks and blackmail

Data Breaches

Green’s Accounting

• The office of Brent Green, CPA was burglarized on April 6, 2014 where the burglars took a network server computer and hard drives containing personal information of their clients. Their server was unencrypted and contained Social Security numbers, names, and addresses of both individuals and their independents.

Other Data Breaches

• StumbleUpon

• American Express

• Kaiser Permanente

• California DMV

• Auburn University

• LinkedIn

• Dropbox

• IRS

• Health Source of Ohio

• DNC & Clinton Campaign

• Office of Personnel Mgmt

• Yahoo

• Capital One

• City of Detroit

• Apple

• Discover Financial Services

• Experian

• California Child Support Service


True or False

Data breaches cost victims money

How Data Breaches Occur

Computer Virus

A computer virus is usually hidden in a computer program and performs functions such as copying or deleting data files. A computer virus creates copies of itself that it inserts in data files or other programs.


Trojan Horse

A Trojan horse is a malware program that is disguised as something else. Users assume it is a beneficial program when it fact it is not. Trojans horses are often used to insert spyware onto computers.


Computer Worms

A computer worm is a type of malware that transmits itself over networks and the internet to infect more computers with the malware.


Rootkits

Rootkits are used to modify the operating system to hide malware from the computer users. Some contain code that prevents the malware from being removed from the computer.


Backdoors

A backdoor is a route into a computer that circumvents the user authentication process and allows hackers open access to the system once it is installed.


Common ways to access a computer

Hacking

Social Networking

Lost Jump Drives

Charging Stations

Phishing

Data Breach Legal Issues

ARS 44-7501Applies to all businesses operating in Arizona

Applies to personal information

Notice must be made without unreasonable delay

Written

Telephonic

Electronic

ARS 13-1373Bars employers and others from using or printing more than five numbers that are reasonably identifiable as being part of a Social Security number.


Fair and Accurate Credit Transactions ActDisposal Rule

All employers regardless of size, must effectively destroy all documents or other media that contains personal information obtained from a consumer report before disposing of it

This includes names, phone numbers, addresses, account numbers, SSNs,

Other Federal LawsGramm-Leach-Bliley

HIPAA


Civil Liability

Courts have ruled that a plaintiff need not prove their personal information was used, the fact that they would need to pay monitor their credit/accounts and take proactive actions such as obtaining new cards is sufficient grounds for damages.

Additional damages could be awarded if the information is used for identity theft (Average $22,346 per identity stolen)


Businesses Must

Use reasonable procedures to secure data

Procedures must be documented in writing

All processes – collection, use, storage, etc.

Should be audited

Cannot delegate this responsibility

Are 100% liable for actions of employees

Stolen Data

Stolen user IDs and passwords can sell for $5 to $20 on the darknet.

Stolen credit and debit card numbers can sell from $5 to $100 on the darknet.

Card numbers and user IDs are purchased with BitCoins to make it difficult to trace the funds.

Identity thieves also purchase insurance ID information, driver’s license numbers, and other personal information.


True or False

Companies must protect personal information

Purchasing Credit Card Numbers

http://validshop.su

Purchase Credit Card Numbers

http://www.freshtools.su

Purchase IDs & Passwords

Credential Stuffing

Obtaining Fake IDs

https://www.zdnet.com/article/cybercrime-market-selling-full-digital-fingerprints-of-over-60000-users/

CRIMINALS SELL FINGERPRINTS ON THE DARKNET

PASSWORD SPRAYING

Most commonly used passwords 2019

https://techviral.net/common-passwords-might-surprise/

Credential Stuffing


True or False

Password stuffing is one way to hack a computer

INTERNET STRUCTURE

www.cybertraining365.com

SURFACE NET

Searchable websites

Publicly available sites

News websites

Media websites

Government information sites

THE DEEP NET

Corporate portals

Online banking websites

Health care websites

Utility websites

Basically, any website requiring authorization to enter the site.

THE DARK NET

Hidden websites

https://thehiddenwiki.org/

https://darkwebnews.com/deep-web-links/

Peer-to-peer networks

Illegal websites

Black Market

Drugs

Weapons

User IDs and passwords

Credit card numbers

Fake IDs

https://thehiddenwiki.org/

https://darkwebnews.com/deep-web-links/

THE HIDDEN WIKI

The Feds go after darknet sites

How to hide online activity

Using an anonymous network for sending e-mail and surfing the web

The Onion Router Network (TOR)

The Invisible Internet Project (I2P)

The Amnesic Incognito Live System (TAILS)

Freenet

How TOR works


True or False

It is safe to surf the darknet

LEARNING OBJECTIVE

Identify the agencies and organizations where you should report identity theft.

REPORTING IDENTITY THEFT

File a police report.

If the victim has identity theft insurance, notify the insurance company of the claim.

Contact banks and financial institutions and have all credit and debit cards reissued with new numbers.

REPORTING IDENTITY THEFT (CONTINUED)

File an Identity Theft Affidavit with the FTC

www.consumer.ftc.gov/articles/pdf-0094-identity-theft-affidavit.pdf

Or call 1-877-ID-Theft

http://www.consumer.ftc.gov/articles/pdf-0094-identity-theft-affidavit.pdf


Contact the credit bureaus and place a fraud alert on the credit report. TransUnion: www.transunion.com, 1.800.680.7289

Experian: www.experian.com, 1.888.EXPERIAN (397.3742)

Equifax: www.equifax.com, 1.800.525.6285

http://www.transunion.com/

http://www.experian.com/

http://www.equifax.com/


If the theft involved the Internet, file a complaint with the Internet Crime Complaint Center at www.ic3.gov/default.aspx

Call the Social Security hotline at 800.269.0271 to report a stolen Social Security number.

http://www.ic3.gov/default.aspx


Order a background check: Instant Checkmate

Been Verified

Intelius

People Finders

Truth Finder

US Search

REPORTING TAX RETURN IDENTITY THEFT

File Form 14039: Identity Theft Affidavit with the IRS.


File Form 14039: Identity Theft Affidavit with the IRS.

By Mail: Internal Revenue Service

P.O. Box 9039

Andover, MA 01810-0939

By Fax: (855) 807-5720

Include copies of any IRS notices or letters and real return


Report it to the State.

Remember to file a report with the state department of revenue

Sometimes criminals file fraudulent returns with other states as new residents, part year residents or as non-residents

If you live in an area such as New York City with local income taxes remember to report to the local taxing authority


States with no income tax:1. Alaska

2. Florida

3. Nevada

4. South Dakota

5. Texas

6. Washington

7. Wyoming


States with tax on dividends and investments:1. New Hampshire

2. Tennessee

See reference manual for how to report on a state by state basis.


True or False

You should report all instances of identity theft

DISCUSSION QUESTION

Are there other resources you know of to report identity theft?

Preventing Identity Theft: Individuals

Encrypt phone calls Ostel

Open Whisper Systems

Create burner phone #s to hide real # Burner (www.burnerapp.com)

Ready Sim

http://www.burnerapp.com/


Encrypt emails and text messages W-3 Anonymous Remailer

BITSMS

Ultimate Privacy

Counter Mail

Proton Mail

Lelantos


Never give out personal information to someone you do not know.

Beware of deals that are “too good to be true.”

Beware of any sales pitch in which you have to “act now.”

Beware of employment offers from companies to which you have not applied.

Beware of work-at-home job offers promising large incomes.


Beware of any job opportunity that requires you to pay an upfront fee.

Beware of investments promising unrealistic returns.

Before sending a payment to a company, check them out with the Better Business Bureau.

Do not reply to emails or click on links in emails from unknown sources.

Never clink on a link to a bank or financial institution from a website or email. Use your “favorites” link or enter the website address manually.


Remember that the IRS will never ask for personal information in an email or over the phone.

Beware of “winning” something that requires an upfront fee to receive your prize.

Shred all bank, credit card, brokerage, and loan statements.

Shred all applications for credit cards and loans received in the mail.

Never provide your PIN—legitimate companies will not ask for this.


Do not carry your Social Security card in your wallet.

Review EOB statements received from insurance companies and call regarding any unrecognized services.

Cover the keypad with your hand when entering your PIN.

Order a credit report quarterly and review all new accounts, balances, and inquiries—this can be done online at www.annualcreditreport.com or by calling 1.877.322.8228.

http://www.annualcreditreport.com/


Google your name to see what is on the Internet.

Install a firewall on your computer.

Install a good anti-virus program on your computer and keep it up-to-date.

Don’t enter personal information in pop-up windows.

Encrypt your home and office wireless networks using WPA2.

Do not send personal information over public WiFi networks.


Password protect your smartphone.

Consider using a secure phone such as Blackphone2.

Check URLs before providing credit card information to ensure the site is secure (https://).

Enroll in a back-up or wiping program that backs up your smartphone and will allow you to remotely erase the information on a lost or stolen phone.

DISCUSSION QUESTION

What are some precautions an individual can take to help prevent identity theft?


True or False

Keeping your personal information secure is one way to prevent identity theft

Cyber Security Internal Controls

Any Questions?

PowerPoint PresentationStolen Identity Refund Fraud Uses a taxpayer’s information to apply for...

Documents

Transcript of PowerPoint PresentationStolen Identity Refund Fraud Uses a taxpayer’s information to apply for...