National Webcast Initiative Identity Theft The crime that keeps on taking!
advertisement
National Webcast Initiative Identity Theft The crime that keeps on taking! Thursday, February 16, 2006 3:00pm – 4:00pm Eastern National Webcast Initiative William F. Pelgrin Joint Partnership between MS-ISAC and DHS US-CERT Coordinated through the New York State Office of Cyber Security and Critical Infrastructure Coordination and the New York State Forum Provides timely and practical information regarding cyber security topics Webcast documents: http://www.cscic.state.ny.us/msisac/webcasts/02_06/index.htm Current Listing of Vendors Interested In Participation Accenture Aon AT&T Cisco Computer Associates CDW-G CGI CMA D&D Consulting Ernst & Young Foundstone/McAfee Gartner HP IIC ISS, Inc. Jay Dee Systems Keane MCI Microsoft Nortel Novell NYSTEC Oracle R&H Security Consulting LLC SAIC SAS SRA International, Inc. Sybase Symantec Veritas This listing will continue to evolve over time Identity Theft Introduction Between January and December 2005, Consumer Sentinel, the complaint database developed and maintained by the FTC, received over 685,000 consumer fraud and identity theft complaints. Consumers reported losses from fraud of more than $680 million. Today’s presentation will focus on: What Identity Theft Is What you can do to Protect Yourself against Identity Theft What to do if you are, or think you may be, a victim of identity theft Identity Theft and the Online World Resources on Identity Theft National Cyber Security Division U.S. Department of Homeland Security • US-CERT – established in September 2003 and is the operational arm of the National Cyber Security Division at the Department of Homeland Security • Nation’s focal point for preventing, protecting against, and responding to cyber security threats and vulnerabilities • US-CERT also hosts a public website, at www.uscert.gov, which provides a wealth of information regarding cyber security Presenters Howard Schmidt, CISSP, CISM President & CEO R & H Security Consulting LLC ____________ D. Scott Parsons Deputy Assistant Secretary Office of Critical Infrastructure Protection and Compliance Policy U.S. Department of the Treasury ____________ Joseph Martucci Senior Security Engineer Symantec Consulting Services What is Identity Theft? We All Have a Role to Play In Combating Identity Theft The fight against Identity Theft involves cooperation by: Federal and State government Law enforcement Financial institutions and businesses Technology innovators Consumers A Legal Definition Under the Fair and Accurate Credit Transactions Act of 2003, Identity Theft means: “A fraud committed or attempted using the identifying information of another person without authority.” 16 CFR § 603.2 There is an important difference between credit card fraud, which is now included in the definition, and someone actually assuming an identity to commit fraud. Poll: What type(s) of personal information need to be safegu... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Account numbers Address Security codes from the back of credit and debit cards Driver's license number Mother's maiden Name Internet passwords All of the Above Identity Thieves Look For: Name Address Date of birth Social Security number Driver’s license number Mother’s maiden name Account numbers Card expiration dates Internet passwords Personal identification numbers User IDs for online account access Security codes from the back of credit and debit cards Other identifying information How Your Identity Can Be Stolen Loss or theft of your wallet, purse, or credit card Mail theft Skimming information from the magnetic strip on credit or debit cards “Dumpster diving” through the trash “Shoulder surfing,” looking over your shoulder when you are entering a PIN or password Common Types of Identity Theft or Financial Fraud Unauthorized transactions on existing accounts (e.g., unauthorized charges on a credit card or checks on a checking account) – often more easily corrected than the others Takeover of existing accounts (e.g., prolonged use or emptying of a financial account) Creation of new accounts Businesses and Identity Theft Why be concerned Businesses are prime targets for identity theft. Identity theft often happens from the inside. Identity theft is bad for business. Potential legal liability. Businesses and Identity Theft Steps to reduce the risk Establish privacy policies. If you don’t need it, don’t collect it. Record retention and disposal schedule. Personnel – Background checks. Data and network security. Restrict access to sensitive data, on a “need to know” basis. Training and awareness. Accountability for compliance. What You Can Do To Protect Yourself Minimizing the Risks of Becoming a Victim Do not leave a lot of financial records lying around your house for prying eyes to see Do not keep information that you don’t need in your purse or wallet Do not carry your Social Security Number with you Do not leave credit or debit card receipts at the ATM, gas pump, or anywhere else Do not keep personal identification numbers attached to credit, debit, or ATM cards Minimizing the Risks of Becoming a Victim Shred personal records or get rid of them as effectively as possible Beware of giving information to anyone over the phone or Internet unless you initiate the contact Remember that your bank or credit card issuers already have your account numbers, PINs, access codes, passwords, Social Security numbers and other information they need. They won’t phone or e-mail you to ask for it. Protect your mail – send and receive it safely Poll: How long has it been since you reviewed your credit re... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Recently (within the last month) Between 1-6 months ago Over a year ago Never I don't know where to get my credit report Minimizing the Risks of Becoming a Victim Check your credit report at least once a year To see whether accounts have been opened in your name without your knowledge To spot unexpected delinquency on established accounts To review your credit report before making a major purchase These reports can be free and are easy to get Contact: www.AnnualCreditReport.com for a free credit report once every 12 months from each of the three nationwide consumer reporting agencies (i.e., “credit bureaus”): Equifax, Experian, TransUnion Poll: Have you ever been a victime of Identity Theft? [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Yes No I'm not sure What To Do If You Are, Or Think You May Be, A Victim of Identity Theft Warning Signs A financial institution may call if a transaction seems out of the ordinary You may see unauthorized charges on a credit card or checking account statement You may see an account that you did not open on your credit report You may get a call from a collection agency asking why you have not paid a bill Poll: Do you know what to do if you have or may have become ... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Yes No I'm not sure “Must Do” List – Act Quickly! 1. Contact the financial institutions or the companies where the information about you has been misused and let them know that you’re a victim of Identity Theft 2. Contact the credit reporting agencies (Equifax, Experian, TransUnion) to report your suspicions about Identity Theft, and request a fraud alert “Must Do” List – Act Quickly! 3. Contact your local police department to report the crime, and get a copy of your police report 4. Contact the Federal Trade Commission for helpful information and because the FTC tracks incidents of Identity Theft Identity Theft and the Online World Phishing Uses spam or junk e-mails that: Seek to obtain the same kind of information that any ID thief wants May mimic: Financial institutions Government agencies Computer software companies e-Commerce sites Other legitimate businesses Phishing May ask you to go to a Web site to verify and enter your personal information May contain a link that takes you to a Web site that looks just like your bank’s At the fake Web site, crooks copy, or “spoof,” graphics from real Web sites The message may include an excuse (e.g., the bank is undergoing a computer upgrade), or sound urgent or intimidating (e.g., you will lose access to your account if you don’t provide the information promptly) Spyware Spyware software: Monitors your online activity and diverts information while you are using legitimate Web sites May be installed on your computer when you visit deceptive Web sites, download seemingly innocent games or other software, or open e-mails that may have spyware attached Poll: What type of security is used on your personal/home co... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Anti-Virus Spyware Firewall Nothing Protect Yourself from Phishing Update your browsers, spam filters, anti-virus and anti-spyware software regularly Use parental controls Visit a Web site by typing the Web address - or URL – into your Web browser yourself, not by clicking a link Look for the “s” in “https” when engaging in financial transactions because it indicates scrambling or encryption of the communication (don’t just copy a link that appears to have an “s” in “https”) Look for the lock icon in the lower right corner of the screen when engaging in financial or other sensitive transactions because the lock signifies an encrypted session (Spoofed phishing sites may have fake locks, so beware) Protect Yourself from Phishing More information on Phishing is available at: www.SecretService.gov www.Antiphishing.org www.FTC.gov Poll: Do you think you have been tricked into responding to ... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Yes No I don't know Online Safety Generally, you can operate safely on the Internet, but you need to use common sense Protect your computer like you would protect your personal financial information. Turn it off when you walk away from the computer so that no one else can gain access while you are not there Use a firewall Make sure that your operating system and software are updated on a frequent basis (keep patches current) Online Safety Make sure that you have anti-spam software—many phishing attacks come as a result of spam Use strong passwords Words or numbers that are not easy to guess Use a combination of numbers, letters, and other characters Do not use the same password for every account. Consider changing your passwords periodically. Online Safety Know the Web address—or “URL”—of the Web site that you are going to visit Read and learn how the Web site is going to protect and use your personal information Clean your hard drive before you dispose of an old computer Summary Minimizing the Risk of Identity Theft Minimize the amount of information that can be stolen. Monitor your credit report and account statements. Be sensitive about disclosing your personal information to others on and offline. Answer the questions Who, Why and How. Protect your computer and online experience Summary: What to Do if you become a Victim of Identity Theft Immediately notify any one of the nationwide reporting agencies (Experian, Equifax, Transunion) and place a fraud alert on your credit report. Contact the company where you believe the fraudulent account was opened or where the fraudulent transaction was made. File a complaint with your local police department or the police department where the identity theft took place. Don’t wait to get help, there are organizations that are aware of this issue and are set up to help victims like the FTC. Keep records of all your communications and follow up in writing by certified mail return receipt. Identity Theft Resources Identity Theft: Outsmarting the Crooks DVD Order your DVD by visiting: http://www.treas.gov/offices/domestic-finance/financialinstitution/cip/identity-theft.shtml Identity Theft Resources Federal Trade Commission: http://www.consumer.gov/idtheft/ US Department of the Treasury: http://www.treas.gov/offices/domestic-finance/financialinstitution/cip/identity-theft.shtml (BBBOnline: http://www.bbbonline.org/IDTheft/ Privacy Rights Clearinghouse: http://www.privacyrights.org/identity.htm Identity Theft Resource Center: http://www.idtheftcenter.org/index.shtml Fight Identity Theft: http://www.fightidentitytheft.com/ Anti-Phishing Working Group: http://www.antiphishing.org/consumer_recs.html CarnegieMellon: http://www.cert.org/homeusers/HomeComputerSecurity/ Questions and Answers ? Thank you for participating The archive of today’s session will be available at: http://www.cscic.state.ny.us/msisac/webcasts/02_06/index.htm Mark Your Calendar! The next National Webcast Initiative is scheduled for April 13, 2006! Poll: What cyber security topic would you be interested in f... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Remote Access Identity Management and Access Control VoIP Instant Messaging and How to Protect Your Home Computer Insider Threat Other (please enter your response in the Q&A tool) Poll: How are you participating in today's webcast? [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Individually In a group setting In a group setting In a group setting In a group setting In a group setting with with with with with < 5 people 6 - 10 people 11 - 20 people 21 - 40 people > 40 people Poll: Did you find today's webcast useful in helping to adva... [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] Yes No- Please explain using the Questions and Answers Tool Poll: How did you learn about today's webcast? [Live Meeting Multiple Choice Poll. Use Live Meeting > Edit Slide Properties... to edit.] From the MS-ISAC From US-CERT/DHS From the US Treasury From NCSA From NYS CSCIC From NYS FORUM Other - please explain using the Questions and Answers Tool National Webcast Initiative ~ Identity Theft ~ The crime that keeps taking! February 16, 2006 Thank You!
