ID Theft
P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N
According to the National Crime Victimization
Survey (NCVS) , the definition of ID Theft includes
3 general types of incidents:
• Unauthorized use or attempted use of an existing account
• Unauthorized use or attempted use of personal information to open
an account
ID Fraud Facts
• Approximately 7% of all adults have their identities misused annually resulting in billions of dollars in losses.
• GAO states that a little over $5B is lost each year to tax fraud. From 2013-2014 the number of tax fraud victims jumped 36%. (Recent jump due to Intuit, Inc.)
• Criminals are becoming more organized and improving methods such as phishing and vishing fraud, hacking corporate and government networks, and hijacking personal computers (ransomware).
• Credit, debit, checking and savings accounts are not the only targets – cell and landline phone service, cable and satellite TV service, internet services, utilities, medical insurance, home mortgages, other loans, and government benefits.
How do Fraudsters obtain information?
• Stolen physical documentation
• Personal Computer or Work Computer
• Tech Devices
• Online - retail, medical, memberships
• Social Media
• Phishing, Vishing, Spoofing Schemes
Stolen Physical Documentation
• In order to steal money directly: • Checks
• Credit/ATM cards
• PIN numbers
• Bank Account Numbers (needed to print checks)
• In order to steal identity and open new accounts: • ID, Driver’s License
• Social Security Card
• Birth Certificate (Mother’s Maiden Name)
• Tax Statements
How do fraudsters get physical
documentation?
• Your Purse or Wallet
• File Cabinet at Home/Office
• Items in the Trash (this includes company trash)
• Warren County Virtual Community School – SSNs (140 students affected)
• Dr. David Cavallaro – medical files (Hundreds affected)
• Madison Park Apartments – rental applications (Unknown number affected)
• Atlas Collections – collection files (Hundreds affected)
• Hancock Fabrics – payroll records (Unknown number affected)
Computer Use
• Security
• Are users separated by passwords?
• Is your password easy to find or guess?
• Who has physical access?
• Firewalls, Anti-virus
• Other ways to gain access
• Links containing viruses
• Repair tech scams
What is on your personal computer?
• Bank Statements
• Monthly Personal Financials
• Tax Statements
• List of online sites and passwords
• Work information ??
What is on your Work Computer?
• Information YOU are required to protect on behalf of others:
• Trade Secrets
• Classified Information
• Proprietary Information
Tech Devices
• Skimmers
• Gas Pumps
• ATMs
• Radio Frequency Identification
(RFID) Technology
• Credit card printers and
associated equipment (video)
https://www.youtube.com/watch?v=V3 pElQD8UZg
Online Activities
• Credit Card Purchases
• Saving credit card information in the system for future purchases
• Home Depot
• Target
• Health/Medical Records • Personal medical data
• Aetna
• Professional/Social Memberships • Certificate Information
Social Media
What do Fraudsters want to know?
FACE B O O K
• Full Name
• Spouse’s and Kids’ Names
• Birthdate
• Family Pictures
• Personal/Work Updates
• 20 Question Game (Security Questions)
• Religious Affiliation
L INK E DIN
• Work History (Companies,
States, Dates)
• Connections
• Work Successes
Phishing, Vishing, Spoofing Schemes
• Phishing – the attempt to acquire sensitive information such as credit
card information, passwords, and/or usernames by masquerading as a legitimate entity in an electronic communication.
• Vishing – A technique, similar to Phishing, that allows criminals to
maliciously gain access to your personal information for the purposes of ID theft. Generally, criminals will send the victim a notice or leave them a message to verify information.
• Spoofing – a person or program can masquerade as another by
falsifying data
Corporate and Government Hacking
• Corporate Hacks
• Adobe Systems, Ebay, Target, Home Depot
• Government Hacks
• Office of Personnel Management
• US Postal Service
• OR State Employment Office and OR Secretary of State
• US Dept of State and White House
• Weather Service
Other Illegal Use of Your Name
• Criminal Acts in Your Name
• Terrorist Watch List
• Traffic Tickets
Recent Trends
• Tax Fraud
• Committed by tax preparers
• Child ID theft
• File false tax returns
• Turbo Tax
• Credit Card Fraud
Personal ID Theft Prevention
• Sleeves to protect against RFID devices
• Do not carry Social Security Card in your wallet or purse (or any other document that contains your number)
• Do not share personal information with others
• If called for confirmations – let them read info that they have first
• Protect your personal info online – secure sites only
• Check your credit report annually
• Check your Social Security Statement annually
• Use firewalls and anti-virus software on computers
Consider your ID
Theft Protection
Options
Most complete identity theft protection service we reviewed; 3-bureau credit report monitoring; credit report/score updates every quarter; 25% discount & free 30-day trial
Best value, especially for families; full credit report monitoring; monthly Equifax credit reports and scores; 10% discount & free 14-day trial
Comprehensive identity theft protection and credit report monitoring for AARP members and family; monthly Equifax credit reports and scores; special AARP price & free 14-day trial
Thorough identity theft protection and 3-bureau credit report monitoring; annual 3-bureau credit reports and scores; monthly TransUnion credit scores; somewhat costly even with 10% discount; free* 30-day trial
Ask yourself – how much do you spend on your Grande Caramel Macchiato or your trips to the nail salon each month – then ask if you can afford this…..Can you afford not to??
Solid credit protection with monthly credit report/score updates; includes our top-rated Internet security software; 30-day trial for $1
Strong identity monitoring paired with comprehensive, 3-bureau FICO score monitoring; on the pricey side
Reasonably priced identity theft protection for individuals and families; doesn't provide credit report monitoring; 10% discount & free 14-day trial
Valuable identity theft protection and customer support for an affordable price, yet lacks in terms of credit report monitoring; 10% discount & free* 30-day trial
Somewhat pricey when compared to other services; complete restoration assistance; no insurance/guarantee or security software
An expensive option for ID theft protection and lacks in protection; only includes Experian credit report monitoring; 7-day trial for $1 with enrollment in ProtectMyID
Covers individuals and families, but poor customer service, confusing website and lack of comprehensive protection makes it less than appealing
What do I do if I am an ID fraud victim?
• If someone has used your SSN for a tax refund or job, or the IRS has
sent you a notice – Contact the IRS right away.
• Report the fraud to the IRS. Send a copy of your police report or an
IRS ID Theft Affidavit Form 14039 and proof of your identity.
• Other Steps:
• Put a fraud alert on your credit reports.
• Order your credit reports.
• Create an ID theft Report by filing an ID theft complaint with the FTC and filing a police report.
Considerations for Organizations
• Acceptable Use Policy
• Backup and Recovery
• Business Continuity/Disaster Recovery
• Hardware/Software Inventory
• Encryption
• Segregation of Duties
Considerations Continued…..
• Data Breach Detection and Response Plan
• Change Management/Patch
• Network Monitoring
• Risk Assessment
• Password Management (Including vendors)
• Access Restrictions
• Data Retention
Best Organizational Practices
• Up-to-date anti-virus software • Properly configured firewall
• Intrusion detection and prevention software
• Educated employees about risks regarding unknown emails, web sites, and storage devices
• Utilize dual control for ACH and wire transactions
• Restrict functions for PC used for ACH and wire initiation (physical security)
• No removable media, no email, no other internet use
• Perform daily reconciliation of bank account(s)
Potential IT Audits
• Risk Assessment
• Disaster Recovery Plan
• Policies and Procedures (IT)
• Penetration/Vulnerability Test
• Password Management
• Backups
• Encryption