• No results found

ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "ID Theft P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

ID Theft

P E R S O N A L A N D O R G A N I Z AT I O N A L P R E V E N T I O N A N D D E T E C T I O N

(2)

According to the National Crime Victimization

Survey (NCVS) , the definition of ID Theft includes

3 general types of incidents:

• Unauthorized use or attempted use of an existing account

• Unauthorized use or attempted use of personal information to open

an account

(3)

ID Fraud Facts

• Approximately 7% of all adults have their identities misused annually resulting in billions of dollars in losses.

• GAO states that a little over $5B is lost each year to tax fraud. From 2013-2014 the number of tax fraud victims jumped 36%. (Recent jump due to Intuit, Inc.)

• Criminals are becoming more organized and improving methods such as phishing and vishing fraud, hacking corporate and government networks, and hijacking personal computers (ransomware).

• Credit, debit, checking and savings accounts are not the only targets – cell and landline phone service, cable and satellite TV service, internet services, utilities, medical insurance, home mortgages, other loans, and government benefits.

(4)

How do Fraudsters obtain information?

• Stolen physical documentation

• Personal Computer or Work Computer

• Tech Devices

• Online - retail, medical, memberships

• Social Media

• Phishing, Vishing, Spoofing Schemes

(5)

Stolen Physical Documentation

• In order to steal money directly: • Checks

• Credit/ATM cards

• PIN numbers

• Bank Account Numbers (needed to print checks)

• In order to steal identity and open new accounts: • ID, Driver’s License

• Social Security Card

• Birth Certificate (Mother’s Maiden Name)

• Tax Statements

(6)

How do fraudsters get physical

documentation?

• Your Purse or Wallet

• File Cabinet at Home/Office

• Items in the Trash (this includes company trash)

• Warren County Virtual Community School – SSNs (140 students affected)

• Dr. David Cavallaro – medical files (Hundreds affected)

• Madison Park Apartments – rental applications (Unknown number affected)

• Atlas Collections – collection files (Hundreds affected)

• Hancock Fabrics – payroll records (Unknown number affected)

(7)

Computer Use

• Security

• Are users separated by passwords?

• Is your password easy to find or guess?

• Who has physical access?

• Firewalls, Anti-virus

• Other ways to gain access

• Links containing viruses

• Repair tech scams

(8)

What is on your personal computer?

• Bank Statements

• Monthly Personal Financials

• Tax Statements

• List of online sites and passwords

• Work information ??

(9)

What is on your Work Computer?

• Information YOU are required to protect on behalf of others:

• Trade Secrets

• Classified Information

• Proprietary Information

(10)

Tech Devices

• Skimmers

• Gas Pumps

• ATMs

• Radio Frequency Identification

(RFID) Technology

• Credit card printers and

associated equipment (video)

https://www.youtube.com/watch?v=V3 pElQD8UZg

(11)
(12)

Online Activities

• Credit Card Purchases

• Saving credit card information in the system for future purchases

• Home Depot

• Target

• Health/Medical Records • Personal medical data

• Aetna

• Professional/Social Memberships • Certificate Information

(13)

Social Media

(14)

What do Fraudsters want to know?

FACE B O O K

• Full Name

• Spouse’s and Kids’ Names

• Birthdate

• Family Pictures

• Personal/Work Updates

• 20 Question Game (Security Questions)

• Religious Affiliation

L INK E DIN

• Work History (Companies,

States, Dates)

• Connections

• Work Successes

(15)

Phishing, Vishing, Spoofing Schemes

• Phishing – the attempt to acquire sensitive information such as credit

card information, passwords, and/or usernames by masquerading as a legitimate entity in an electronic communication.

• Vishing – A technique, similar to Phishing, that allows criminals to

maliciously gain access to your personal information for the purposes of ID theft. Generally, criminals will send the victim a notice or leave them a message to verify information.

• Spoofing – a person or program can masquerade as another by

falsifying data

(16)

Corporate and Government Hacking

• Corporate Hacks

• Adobe Systems, Ebay, Target, Home Depot

• Government Hacks

• Office of Personnel Management

• US Postal Service

• OR State Employment Office and OR Secretary of State

• US Dept of State and White House

• Weather Service

(17)

Other Illegal Use of Your Name

• Criminal Acts in Your Name

• Terrorist Watch List

• Traffic Tickets

(18)

Recent Trends

• Tax Fraud

• Committed by tax preparers

• Child ID theft

• File false tax returns

• Turbo Tax

• Credit Card Fraud

(19)

Personal ID Theft Prevention

• Sleeves to protect against RFID devices

• Do not carry Social Security Card in your wallet or purse (or any other document that contains your number)

• Do not share personal information with others

• If called for confirmations – let them read info that they have first

• Protect your personal info online – secure sites only

• Check your credit report annually

• Check your Social Security Statement annually

• Use firewalls and anti-virus software on computers

(20)

Consider your ID

Theft Protection

Options

Most complete identity theft protection service we reviewed; 3-bureau credit report monitoring; credit report/score updates every quarter; 25% discount & free 30-day trial

Best value, especially for families; full credit report monitoring; monthly Equifax credit reports and scores; 10% discount & free 14-day trial

Comprehensive identity theft protection and credit report monitoring for AARP members and family; monthly Equifax credit reports and scores; special AARP price & free 14-day trial

Thorough identity theft protection and 3-bureau credit report monitoring; annual 3-bureau credit reports and scores; monthly TransUnion credit scores; somewhat costly even with 10% discount; free* 30-day trial

Ask yourself – how much do you spend on your Grande Caramel Macchiato or your trips to the nail salon each month – then ask if you can afford this…..Can you afford not to??

(21)

Solid credit protection with monthly credit report/score updates; includes our top-rated Internet security software; 30-day trial for $1

Strong identity monitoring paired with comprehensive, 3-bureau FICO score monitoring; on the pricey side

Reasonably priced identity theft protection for individuals and families; doesn't provide credit report monitoring; 10% discount & free 14-day trial

Valuable identity theft protection and customer support for an affordable price, yet lacks in terms of credit report monitoring; 10% discount & free* 30-day trial

Somewhat pricey when compared to other services; complete restoration assistance; no insurance/guarantee or security software

An expensive option for ID theft protection and lacks in protection; only includes Experian credit report monitoring; 7-day trial for $1 with enrollment in ProtectMyID

Covers individuals and families, but poor customer service, confusing website and lack of comprehensive protection makes it less than appealing

(22)

What do I do if I am an ID fraud victim?

• If someone has used your SSN for a tax refund or job, or the IRS has

sent you a notice – Contact the IRS right away.

• Report the fraud to the IRS. Send a copy of your police report or an

IRS ID Theft Affidavit Form 14039 and proof of your identity.

• Other Steps:

• Put a fraud alert on your credit reports.

• Order your credit reports.

• Create an ID theft Report by filing an ID theft complaint with the FTC and filing a police report.

(23)

Considerations for Organizations

• Acceptable Use Policy

• Backup and Recovery

• Business Continuity/Disaster Recovery

• Hardware/Software Inventory

• Encryption

• Segregation of Duties

(24)

Considerations Continued…..

• Data Breach Detection and Response Plan

• Change Management/Patch

• Network Monitoring

• Risk Assessment

• Password Management (Including vendors)

• Access Restrictions

• Data Retention

(25)

Best Organizational Practices

• Up-to-date anti-virus software • Properly configured firewall

• Intrusion detection and prevention software

• Educated employees about risks regarding unknown emails, web sites, and storage devices

• Utilize dual control for ACH and wire transactions

• Restrict functions for PC used for ACH and wire initiation (physical security)

• No removable media, no email, no other internet use

• Perform daily reconciliation of bank account(s)

(26)

Potential IT Audits

• Risk Assessment

• Disaster Recovery Plan

• Policies and Procedures (IT)

• Penetration/Vulnerability Test

• Password Management

• Backups

• Encryption

(27)

References

Download now ( PDF - 27 Page - 501.20 KB )

Related documents

Forecasting the Impact of Connected and Automated Vehicles on Energy Use: A Microeconomic Study of Induced Travel and Energy Rebound

We develop a microeconomic model of vehicle miles traveled (VMT) choice under income and time constraints; then we use it to estimate elasticities of VMT demand

Health Care System Accessibility

ited access to English language-based communication, infre- quent contact with clinicians familiar with their language and culture, and the challenging experience of working with

An ex vivo continuous passive motion model in a porcine knee for assessing primary stability of cell free collagen gel plugs

Our study aimed to establish a novel ex vivo CPM animal model and to evaluate the required motion cycles for testing the mechanical properties of a new cell-free collagen type I

Subtrochanteric shortening osteotomy during cementless total hip arthroplasty in young patients with severe developmental dysplasia of the hip

Table 3 Overview of relevant literature in the treatment of Crowe III or IV dysplasia combined with subtrochanteric femoral shortening osteotomy Study Year Hips (n) DDH type

The impact of time and day on the presentation of acute coronary syndromes

The less intense symptoms associated with NSTEMI or UA may lead some patients to wait during daytime and on weekdays, which could help explain the increased pro- portion with STEMI

The identities of the sericeous leaved species of Stigmaphyllon (Malpighiaceae) in the Amazon region

393.. San Martin, Pasco, Madre de Dios). and also in secondary growth and along roadsides in Guyana.. 15-30 per umbel, these borne in dichasia or compound dichasia. Stamens

Resolution of the Galphimia langlassei complex (Malpighiaceae) from the Pacific slope of Mexico

Laminas of the larg- er leaves 2.5–4.5 cm long, 1–1.5 cm wide, narrowly lan- ceolate to narrowly elliptical, apex acute, base cuneate- decurrent, adaxially glabrous, abaxially

Simon Cymerath interview

This, this you can’t forget because since I started first uh, grade school, we were always… The minute we come… came out from school, they chased us with stones and, you know,