1 / 62

IDENTITY THEFT

IDENTITY THEFT. Day 1: Background of Identity Theft. SAMPLE ONLY. Background. Legal Definitions of Identity Theft Various Other Definitions Working Definition For Telecoms Classification of Identity Theft Who are the Identity Thieves? Who are the Victims? Informations Needed For ID Theft

jamuna
Télécharger la présentation

IDENTITY THEFT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IDENTITY THEFT Day 1: Background of Identity Theft SAMPLE ONLY

  2. Background • Legal Definitions of Identity Theft • Various Other Definitions • Working Definition For Telecoms • Classification of Identity Theft • Who are the Identity Thieves? • Who are the Victims? • Informations Needed For ID Theft • A Sample ID Theft Methodology SAMPLE ONLY

  3. Classificationsof Identity Theft Objective/Intention • Personal Gain • Vengeance • Provide Anonymity • Challenge • Satisfy Ego SAMPLE ONLY

  4. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • Dumpster Diving: Experian, in early 2002, investigated 400 Trash bins in Nottingham, England • 72% of trash bins contain at least one full name and address • 40% of trash bins contain a credit card number • 32% of trash bins contain a credit card number AND expiration date • 20% of trash bins contain a bank account number and a sort code (similar to a US Bank’s routing number) SAMPLE ONLY

  5. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Businesses or Institutions • HR or Employment Records • Internal Fraud • Bribes to employees • Disgruntled employees • Social Engineering • Through Information Technology Systems • Hacking or other Technological Means. • Simply searching Public Databases On- or Off- line. • Google or other Search Engines SAMPLE ONLY

  6. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Businesses or Institutions Hackers Steal California State Employees Social Security Numbers?Yahoo News/Associated Press - May 24, 2002Hackers Break Into California ComputersDoes it make you feel better to know that not even California Governor Gray Davis is immune from possible identity theft? It appears that on April 7th, hackers broke into a California state computer system that houses the names, social security numbers, and maybe even bank information for 260,000 state employees — including Gov. Gray Davis and his staff. It's not clear if the hackers took anything or have used the information to commit identity theft. The servers have since been patched to keep this from happening again. Right. SAMPLE ONLY

  7. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Businesses or Institutions Bank Loses Card Data of Senators, U.S. Govt Staff Feb 26, 2005 By Joanne Morrison WASHINGTON, Feb 26 (Reuters) - Computer tapes containing credit card records of U.S. Senators and more than a million U.S. government employees are missing, Bank of America said on Friday, putting the customers at increased risk of identity theft. The security breach, which included data on a third of the Pentagon's staff, angered lawmakers... SAMPLE ONLY

  8. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Businesses or Institutions March 18, 2005 Auditors Find IRS Workers Prone to Hackers By MARY DALRYMPLE AP Tax Writer WASHINGTON -- More than one-third of Internal Revenue Service employees and managers who were contacted by Treasury Department inspectors posing as computer technicians provided their computer login and changed their password, a government report said Wednesday SAMPLE ONLY

  9. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Businesses or Institutions March 22, 2005 Personal Data of 59,000 People Stolen By Associated Press CHICO, Calif. — Hackers gained personal information of 59,000 people affiliated with a California university -- the latest in a string of high-profile cases of identity theft. California State University, Chico spokesman Joe Wills said nearly all the current, former and prospective students, faculty and staff who were affected have been notified of the theft, which happened about three weeks ago. Hackers gained access to the victims' names and Social Security numbers. SAMPLE ONLY

  10. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Detective Agencies (both real and fake): Examples: http://www.usatrace.com/ http://www.howtoinvestigate.com/ http://www.merlindata.com/ http://www.publicpeoplefinder.com/ Agencies like these are considered legal and they serve as a source of identity information for the ID Thief. SAMPLE ONLY

  11. Classificationsof Identity Theft SAMPLE ONLY http://www.usatrace.com/

  12. Classificationsof Identity Theft SAMPLE ONLY http://www.howtoinvestigate.com

  13. Classificationsof Identity Theft SAMPLE ONLY http://www.merlindata.com

  14. Classificationsof Identity Theft SAMPLE ONLY http://www.publicpeoplefinder.com/Social-security-number.shtml

  15. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Information Brokers: Examples: http://www.choicepoint.com http://www.lexisnexis.com http://www.acxiom.com Agencies like these provide data that can be used to validate identities, however, they are also sources for ID Thieves. SAMPLE ONLY

  16. Classificationsof Identity Theft SAMPLE ONLY http://www.choicepoint.com

  17. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Information Brokers: ChoicePoint data theft widens to 145,000 people February 18, 2005 By Matt HinesStaff Writer, CNET News.com ChoicePoint has confirmed that scammers culled the personal information of tens of thousands of Americans in a recent attack on its consumer database, resulting in 750 individual cases of identity theft. The Atlanta-based company said that it plans to inform approximately 110,000 consumers outside the state of California whose information may have been accessed in the criminal scheme, originally reported on Tuesday. The company has already told some 35,000 Californians that their personal data, including their names, addresses, Social Security numbers and credit reports, was stolen by scammers. California is the only U.S. state with legislation in place that requires companies to notify its residents when their personal data has been compromised. SAMPLE ONLY

  18. Classificationsof Identity Theft SAMPLE ONLY http://www.lexisnexis.com

  19. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Information Brokers: Hackers Hit Lexis Nexis DatabaseNEW YORK, March 10, 2005(CBS/AP)  Lexis Nexis says hackers commandeered one of its databases, gaining access to the personal files of as many as 32,000 people. Federal and company investigators are looking into the security breach in the Seisint database, which was recently acquired by Lexis Nexis and includes millions of personal files for use by such customers as police and legal professionals. SAMPLE ONLY

  20. Classificationsof Identity Theft SAMPLE ONLY http://www.acxiom.com

  21. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Information Brokers: ALLEGED ACXIOM HACKER INDICTED July 21, 2004 KTHV-DT, Little Rock, Arkansas It could be one of the largest cyber crimes in U.S. history, and Arkansas based Acxiom is the victim. Wednesday federal investigators arrested a Florida man, saying he hacked into the company's computer system causing seven million dollars worth of damage.Federal investigators say 45-year-old Scott Levine from Boca Raton, Florida stole the personal information of millions of people. They say he was able to get names, addresses, and in some cases even credit card numbers."Acxiom is simply a massive data base of information," Sandra Cherry, Assistant US Attorney says. SAMPLE ONLY

  22. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Credit Reporting Agencies: Examples: https://www.equifax.com http://www.transunion.com http://www.experian.com In addition to selling credit reports, these agencies also sell information that can be used for identity validation, which makes them vulnerable to ID Thieves. SAMPLE ONLY

  23. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Credit Reporting Agencies: Experian credit reports stolenHackers pose as Ford Motor Credit staff to access database from credit reporting agency.May 17, 2002: 4:36 PM EDT NEW YORK (CNN/Money) - Ford Motor Credit Co. is warning 13,000 people to be aware of identity theft after the automaker found hackers posed as employees to gain access to consumer credit reports from credit reporting agency Experian. SAMPLE ONLY

  24. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Credit Reporting Agencies: http://www.csus.edu/indiv/b/brownb/csc1/hacker.htm TELEPHONE FRAUDAn international group, dubbed the "Phonemasters" by the FBI, hacked into the networks of a number of companies including MCI WorldCom, Sprint, AT&T, and Equifax credit reporters. The FBI estimates that the gang accounted for approximately $1.85 million in business losses. "They had a menu of activities they could perform," says Richard Power, author of Tangled Web, a book chronicling tales of digital crime. "They had Madonna's home phone number, they could hack into the FBI's national crime database." The Phonemasters reportedly forwarded an FBI phone line to a sex-chat line, racking up $200,000 in bills. They snooped in confidential databases to see whose phones the FBI and federal Drug Enforcement Agency were tapping. They hacked into the computer systems of several companies and downloaded calling card numbers and personal information about customers and created telephone numbers for their own use. SAMPLE ONLY

  25. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Obituaries: IDENTITY THEFT CASE MAINE WABI TV 5 News Broadcast: March 15, 2005 11:00pm JODY HERSEY SPOKE WITH A HOLDEN WOMAN TODAY WHO WAS OUTRAGED AFTER SOMEONE STOLE THE IDENTITY OF HER DECEASED DAUGHTER. SHARON MILLETT OF HOLDEN SAYS THAT'S HOW HER DAUGHTER TORI'S IDENTITY WAS STOLEN. • SHE SAYS VERMONT STATE POLICE PULLED OVER A WOMAN LAST WEEK CLAIMING TO BE TORI. POLICE SAY THAT WOMAN IS 41 YEAR OLD KRISTINE LOMBARDI OF CALIFORNIA. VERMONT STATE POLICE SAY LOMBARDI WAS DRIVING A STOLEN CAR WITH NUMEROUS BIRTH CERTIFICATES AND LICENSES INSIDE. POLICE BELIEVE SHE WAS USING CLOSE TO 30 DIFFERENT ALIASES. • MILLETT BELIEVES LOMBARDI GOT THE INFORMATION SHE NEEDED TO ASSUME HER DAUGHTER'S IDENTITY FROM TORI'S OBITUARY AND USED IT TO OBTAIN A COPY OF TORI'S BIRTH CERTIFICATE. SO WE WENT TO THE HOLDEN TOWN OFFICE TO SEE WHAT IT TAKES TO GET A BIRTH CERTIFICATE. THE WOMAN INSIDE SAID IT WOULD COST ME 7 DOLLARS AND ALL SHE NEEDED WAS MY NAME AND BIRTH DATE. SAMPLE ONLY

  26. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Public Files: Common Databases: The Dept of Heath Services has Birth and Death Certificates. The City Clerk -- list of business licenses (name, address, date) and building permits (name, address, cost of construction) The County Clerk or County Recorder has liens on file (lien holder, payment agreements), a Probate Index (estate settlements), records of lawsuits and judgments, powers of attorney with respect to real estate, records of mortgages on personal property, and bankruptcy papers. The City and County Courts have a Civil Index (civil actions, plaintiffs and defendants, and civil files with a description of any disputed property or valuables), a Criminal Index (criminal cases in Superior Court, as well as criminal files), and voter's registration files. The County Tax Collector has a description of any property owned, as well as taxes paid on real estate and personal property. The County Assessor has maps and photos, or even blueprints showing the location of a person’s property. The Secretary of State has corporation files and annual financial reports of a person’s company. The Dept of Motor Vehicles (DMV) contains information on the cars owned, insurance, as well as other data such as address and SSN. SAMPLE ONLY

  27. Classificationsof Identity Theft SAMPLE ONLY http://www.birthcertificatesusa.com

  28. Classificationsof Identity Theft SAMPLE ONLY http://www.birthcertificatesusa.com

  29. Classificationsof Identity Theft SAMPLE ONLY http://www.nicar.org

  30. Classificationsof Identity Theft SAMPLE ONLY http://www.nicar.org

  31. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Public Files: NICAR PUBLIC FILES AVAILABLE TO MEMBERS: Transportation/Air • FAA Enforcements: A database of FAA enforcement actions against airlines, pilots, mechanics, and designees • FAA Service Difficulty Reports: A database of maintenance incidents collected by the FAA for the purpose of tracking repair problems with commercial, private, and military aircraft, and aircraft components. • FAA Accidents and Incidents: A database of mainly U.S. flights where there was an accident or an incident, including crashes, collisions, deaths, injuries, major mechanical problems or costly damages. • FAA Aircraft Registry: A listing of all aircraft and aircraft owners registered in the United States. This dataset also includes tables on registered aircraft dealers and individuals/companies that reserved the N-number for their plane. • FAA Airmen Directory: The FAA Airmen Directory is a listing of pilots and other airmen, including the type of certificate's) they hold and their ratings. As a result of a new law that allows airmen to have their information withheld from the public, this listing is incomplete. • NASA Aviation Safety Reporting System: A database of anonymous reports of airplane safety submitted by pilots, flight attendants, air traffic controllers and passengers. Transportation/Roads • DOT Fatal Accidents: A nation-wide database of fatal road-vehicle accidents. • NHTSA Vehicle Recalls and Complaints: A database of vehicle complaints, recalls, service bulletins and inspections. • DOT Truck Accidents: A database of accidents on U.S. roads involving a commercial vehicle weighing more than 10,000 pounds, including semi-tractor trailers, buses. The data of 1988-1999 also has information about hazardous material carriers. • Truck Census: This U.S. Department of Transportation database contains records on each company that has commercial interstate vehicles weighing more than 10,000 pounds. • Truck Inspections: The Truck Inspections database contains data from state and federal truck inspections involving motor carriers as well as shippers and transporters of hazardous materials operating in the United States. Transportation/Waterways • Boating Accidents: The database contains information on recreational boating accidents in the United States. • Boat Registration: The database contains information on registered recreational and commercial boats. Transportation/General • Hazardous Materials: A database of information on transportation accidents involving hazardous materials. Election Campaigns/Federal • FEC Campaign Contributions: A database of all individual and political action group (PAC) contributions to federal election campaigns. • Mortality, Multiple Cause-of-Death Database: The Mortality Multiple Cause-of-Death database contains detailed information found in U.S. standard death certificate records from the United States and its territories. • National Practitioner Databank: This database contains information about doctors and other health care practitioners who have had medical malpractice suits filed or adverse action taken against them. Although names are not included, some news organizations have been able to use this database with other public records to determine the identity of individual practitioners. • Manufacturer and User Facility Device Experience Database: A database listing medical devices which have failed, how they failed and the manufacturer information. • CDC AIDS Public Information Dataset: Contains details about AIDS cases reported to state and local health departments since 1981, such as age, race and location. Names are not included. • FDA Adverse Event Reporting System: The FDA relies on the Adverse Event Reporting system to flag safety issues and identify pharmaceuticals or therapeutic biological products (such as blood products), for further epidemiological study. Public Safety • Campus Crime Statistics: 19 tables of crime data reported to the U.S. Department of Education by campus police and local law enforcement • Nuclear Materials Events Database: The Nuclear Materials Events Database contains records of all non-commercial power reactor incidents and events, including medical events, involving the use of radioactive byproduct material. • National Bridge Inventory Survey: A database of bridge maintenance information collected by the Federal Highway Administration • National Inventory of Dams: A database including dam location, condition, maintenance, and inspection reports. • FBI Uniform Crime Reports: 6 tables of crime data gathered by the FBI from law enforcement agencies across the country. • ATF Federal Firearms: A listing of federally approved gun dealers across the country. • Occupational Safety and Health Administration : Ten databases, one listing companies and inspection results, and three subordinate databases listing worker accidents, hazardous substance injuries and workplace violations. • Consumer Product Safety Commission : The CPSC dataset includes information about potential injuries, deaths and investigations related to consumer products. Some of the products include children's toys, bicycles, swimming pools, ATV's (three- and four-wheelers), sports equipment, hobby items, lawn mowers, hair dryers, playground equipment and many more. • Storm Events: This database is the official record of storm events in the United States, including tornadoes, hurricanes, tropical storms, droughts, snowstorms, flash floods, hail, wild/forest fires, temperature extremes, strong winds, fog, and avalanches. Environment • CERCLIS: The Comprehensive Environmental Response, Compensation and Liability Information System (CERCLIS) database maintained by the Environmental Protection Agency contains general information on sites across the nation and U.S. territories including location, status, contaminants and actions taken. • Toxic Release Inventory: The Toxics Release Inventory (TRI) consists of information about on- and off-site releases of chemicals and other waste management activities reported annually by industries, including federal facilities. Business • Wage and Hour Enforcement Database: The Wage and Hour Division of the U.S. Department of Labor is responsible for the enforcement of several labor laws. The database contains information about the violations, penalties, and employers. • NAFTA/TAA: Databases include records of petitions by workers, companies and unions for assistance for those who have become unemployed because of an increase in imports or shifts in production to foreign countries. • SEC Administrative Proceedings: Cases before the Securities and Exchange Commission administrative judges, who can issue cease-and-desist orders, hand out civil penalties, and bar parties to associate with investment advisers, brokers or dealers. Services Agency. • Federal Contracts Data: A database of Individual Contract Action Reports (ICARS) created by the Government Services Agency. • Home Mortgage Disclosure Act Data : A database of home mortgage loan requests, information about the requesters as well as the financial institutions. • IRS Exempt Organizations: A database of information on tax-exempt organizations. • SBA 7a Business Loans database: The database includes information about loans guaranteed by the U.S. Small Business Administration under its main lending program, now known as 7a. The data include loans approved by the SBA since 1953, when Congress created the agency to help entrepreneurs form or expand small enterprises. • SBA Disaster Loans: The data contains information about loans made to businesses and individuals as disaster assistance. • SBA 8(a) Businesses: This is a list of businesses approved for the Small Business Administration's program for small, minority and other disadvantaged businesses. Federal acquisition policies encourage agencies to award a certain percentage of their contracts to these businesses. Federal Spending • Federal Audit Clearinghouse Database: The Single Audit database is a great tool for journalists to examine local nonprofits and state or local government agencies that receive substantial assistance from the federal government. • Federal Award Assistance Data System: The Federal Award Assistance Data System, maintained by the Census Bureau, includes all federal financial assistance award transactions. • Consolidated Federal Funds Reports: A database of all federal money that goes to states, counties and local agencies, including Social Security payments, grants and direct loans. • National Endowment for the Arts Data: A database of grant receivers, their projects, and the amount they received. Other • 2000 Census: this data represents three releases from the U.S. Census 2000. • IRS Migration: With the IRS migration data, you can track movement in and out of counties. Moreover, financial information in the data allows you to gauge whether your community is gaining or losing wealth. • INS Legal Residency: Information on the characteristics of aliens who immigrated and attained legal residency. 46+ Public Databases with Personal Informations! SAMPLE ONLY

  32. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Genealogical Databases: SAMPLE ONLY http://www.rootsweb.com

  33. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Online Resumes: SAMPLE ONLY http://www.joblink-usa.com

  34. Classificationsof Identity Theft Person with experience working with ID Theft as Fraud Analyst! SAMPLE ONLY http://www.joblink-usa.com

  35. Classificationsof Identity Theft Methods of ID Information Retrieval: • Third Party Sources: • From Other Sources Online: • Sex Offender Lists • Most Wanted Lists • Bail Jumper Lists SAMPLE ONLY

  36. Classificationsof Identity Theft SAMPLE ONLY http://www.mostwanted.com/IN/bounty.html

  37. Classificationsof Identity Theft SAMPLE ONLY http://www.mostwanted.com/IN/bounty.html

  38. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Purchasing ID Information from “street people” This is a common problem in third world countries where there is a large class of people in poverty. Many of these people have no hope of ever obtaining a bank loan, purchasing a car, or even a nice home. For a few $$ they are willing to sell the use of their name, address, and SSN. And in the end, if they are ever questioned about crimes committed, they can claim their IDs were stolen. SAMPLE ONLY

  39. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Mail Theft An ID Thief’s dream is to find in a mailbox a Credit Card statement or a Bank Statement. Generally, with the information alone on the statement they can perform an account takeover. Javelin Strategy & Research claims that 8 percent of identity theft incidents start because of stolen mail. • Move-In Account Takeovers A person who moves into a new apartment and receives mail from the previous occupant can be easily tempted to perform an Account Takeover. SAMPLE ONLY

  40. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Mail Theft Identity Theft: Kauai People Too Trusting By Pamela V. Brown - Special to The Garden Island Posted: Saturday, Sep 11, 2004  Within the last year there was a rash of residential mailbox theft, including pilferage from more than 100 mailboxes in the Kapaa area, Kapua said. Typically mail thieves are attracted to outgoing mail, advertised by the little red flags on the sides of mailboxes erected to alert letter carriers to take the envelopes to the post office. Appropriately enough, thieves call it "red flagging," explained Kathryn Derwey, a 19-year postal inspector in Honolulu. "They know the outgoing mail is a payment of some type, and probably will contain a check, a name, a signature, account number or Social Security number, " she said. "That's how they get the information." Thieves use that information to produce new IDs and also to wash the checks - wash the ink off to change the payee - or to make counterfeit checks, Derwey said. Simply selling newly created identification cards is profitable. "The going rate is $1,500 for a 'good ID,' an ID card with a good name and mailing address," said Mel Rapozo, a Kauai county councilman and co-owner of M & P Legal Support Services, a private investigative agency. "With that, they can get a new credit card with a $15,000 credit line in no time." SAMPLE ONLY

  41. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Stealing Wallets, Purses, Laptops, etc. Identity Theft Soars, Remains Lower Tech Crime, Gartner Says July 21, 2003 By Keith Ferrell, TechWeb.com "The bulk of identity crimes are committed through decidedly old-fashioned means," Gartner analyst Avivah Litan said. "Information stolen in pre-existing relationships, pickpockets taking wallets and purses, mail interception where the thief opens financial mail, copies the information and re-seals the envelope all play a large part." SAMPLE ONLY

  42. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Kidnapping Grab a victim, collect ransom at ATM: In Mexico, small-time kidnapping is big businessFebruary 2, 2002 By Lisa J. Adams, ASSOCIATED PRESS MEXICO CITY Miguel Soriano sat in darkness, wondering whether he would live or die. Bound and blindfolded, his mind was the only thing allowed to run free, flashing memories of his life and worst-case scenarios of what could happen to him, his wife and his children. "The days became eternal," Soriano said. "I kept thinking the worst, and 'Why me?'"Why indeed? This was no millionaire, just the humble owner of five small graphic arts businesses. But as Mexico endures an epidemic of kidnaps-for-ransom, no one is safe - neither politicians and business moguls nor ordinary housewives or even their maids.Grabbed in the middle of the day just two blocks from his house in Mexico state, Soriano was held for five days, forced to withdraw $2,630 worth of pesos from automatic teller machines and finally released after he agreed to pay an additional $14,250 or else his family would be killed. SAMPLE ONLY

  43. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Internet Porn Scams $650M Porn ScamBY JOHN MARZULLIDAILY NEWS STAFF WRITER Tuesday, February 15th, 2005 A half-dozen Gambino mobsters copped pleas yesterday to the biggest consumer fraud in U.S. history - preying on hapless porn Web site users and phone sex customers in a huge $650 million scam. Brooklyn U.S. Attorney Roslynn Mauskopf said thousands of customers in the U.S., Europe and Asia were victimized by the vast operation - which pelted dupes with bogus credit card and phone bill charges - between 1996 and 2002. Operating behind a maze of 64 companies, they lured suckers to X-rated Web sites promising "free tours" of the lurid content. The viewers were required to give their credit or debit card numbers as proof of age. Then the unwitting victims were hit with charges of up to $90 on their card. The phone scam did not even require conning the consumer out of their card number. Martino and Chanes solicited dupes to call an 800 number for "free" samples of phone sex, horoscopes and phone dating. Merely dialing the 800 number "trapped" the callers' phone numbers in a computer - and they got billed at least $40 a month for unwanted voice mail service. SAMPLE ONLY

  44. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Social Engineering, i.e., “Pretexting” According to the FTC, “Pretexting” is: “Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law.” It should be duly noted that “Pretexting” is a technique often employed by Bad Debt Collection Agencies, Lawyers, and HeadHunters (Employment Agencies) in order to retrieve information. It is important for a Telecom Service Provider to insure that a contracted Bad Debt Collection agency is not practicing “Pretexting”. SAMPLE ONLY

  45. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Email Scams: “Phishing” According to the FTC, “Phishing” is: “a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.” “Phishers” have success rates up to 5% according to the Florida Division of Consumer Services. See Microsoft Video on Phishing: Day1\Background\Phishing.exe SAMPLE ONLY

  46. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Technological Means: “Pharming” Definition of “Pharming” according to Webopedia: “Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.” SAMPLE ONLY

  47. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Technological Means: “Skimming” Skimming is defined as stealing the data off the magnetic strip of a card or out of the memory of a “Smart Card”. The same technology that reads the information recorded on credit and debit cards at the store checkout lane is what the fraudsters use to steal the same information off the cards. These fraudsters can then steal money and/or steal the Identity associated with the card. SAMPLE ONLY

  48. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Technological Means: “Skimming” This is a Pocket Skimmer that can fit inside the pocket of any fraudster working at a store or a restaurant. With your card in one hand and the skimmer concealed in the other hand, the fraudster swipes the card and all the information on the magnetic strip is recorded in the memory of the skimmer. Skimmers can hold up to many hundred card informations. The cable connects to a computer for downloading the information. Coin for size reference. SAMPLE ONLY

  49. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Technological Means: “Skimming” This is a Skimmer installed in an ATM in Brazil. It appears to be part of the ATM. SAMPLE ONLY

  50. Classificationsof Identity Theft Methods of ID Information Retrieval: • First Party Sources: • Technological Means: “Skimming” Here the Skimmer is now identifiable. It was created specifically for this model of ATM. SAMPLE ONLY

More Related