Identity Theft 1.800
ID Theft: How Identity Thieves Steal Info: #1) Dumpster Diving: what can be gleamed? #2 Discarded Devices: give examples & how to delete. #3) Mail Theft: a) define, b) Only outgoing mail is important? 1.808
#1) can yield bills, cc receipts, bank statements, name, address, phone #, solicitations of preapproved credit cards, dob. F can target personal, businesses, banks, hospitals, ins co #2) ie computers, media drivers, copiers, printers, cell phones, other. May have internal hard drives w data. Data can be perm deleted w specialized software. #3) a) steal mail from public mail boxes or private mail boxes [F will have to circumvent security features]. Mail carriers might be accomplices b) NO, both incoming & outgoing mail are targeted. ie bills, fin statements, ins info, solicitations for preapproved cc, money order, bank info
ID Theft: How Identity Thieves Steal Info: #13) Credit Card Skimming: define, #14) Malware, #15) Computer Hacking & Data Breaches, #16) Malicious Insiders 1.813
#13) F use skimming devices to scan & store cc #s. this info can be sold to ID thieves or commit the ID theft directly. CC # can be used to make online purch or create fake cards for in store transactions. #14) Use to steal persona/ bus info form computers. Most common type: SPYWARE, which is software that collects & reports info about a computer user without user knowing or consent. Spyware is typically hidden & can be diff to detect. #15) CHacking: the use of technology to gain unauthorized access to sensitive info on a computer sys. DBreaches: the personal info that is compromised. Often the data is sold to on illegal trading websites. #16) These are ie ees, bus assoc, relatives, or friends who might have access to sensitive info. Insiders often play a KEY ROLE in ID theft. Either to further their own ID schemes or are paid by criminals to steal the info.
ID Theft: How Identity Thieves Steal Info: #4) Change of Mailing Address: a) define, b) how this is done, #5) Shoulder Surfing: a) define, b) how this is done, #6) Piggybacking: a) define, b) give examples 1.809
#4) a) F CHANGES Vi's mailing and email address so F receives V's mail. b) F completes a gov't form and mails to post office. F lists PO Box as V's new address. The Post office as protocol, mails confirmation letter to original address. However, the F receives all V's mail to the PO BOx. #5) a) the practice of observing another person [ie overlooking their shoulder] to gather personal info b) effective in crowded areas [to get close] with out being noticed, overhear V's conversation, view V's cc #, watch PIN at ATM machines, fill out deposit slips at the bank. #6) a) method used to gain access to restricted area OR computer network where F exploits another's access capability b) FOLLOWING person into a restricted area, convincing person F is authorized [ie but forgot pass], PRETENDING to be member of large crowd into a restriced area, gain access while ee is DISTRACTED, failure to properly LOG OUT of a network, convince to SHARE login info.
ID Theft: How Identity Thieves Steal Info: #7) Social Engineering: a) define, b) how done by exploiting.., c) how the F does this, d) discuss pretexting, e) give examples, f) who does F commonly impersonates g) IF target is a co, who does F commonly impersonates? 1.811
#7) a) the psychological manipulation of peo to trick them into revealing personal / bus inf b) by exploiting the natural tendencies of humans to be cooperative and to trust others c) after F researches the V, social engineers often IMPERSONATE someone the V CAN TRUST, ie authority figure or bus assoc d) is the act of using an invented scenario [pretext] to persuade a V to release info / perform an action e) ie engage in pretexting by impersonating the V's bank for obtaining banking info f) gov't ees, law enforcement / court personnel, reps of V's internet service provider [ISP], strangers in need of help g) high level ees, it professionals, legal dept, customers, vendors
ID Theft: How Identity Thieves Steal Info: #9) Vishing: define, #10) SMiShing: define, #11) Pharming: define, #12) Baiting 1.812
#9) schemes that use PHONE CALLS or voice messages to trick V into revealing personal/ bus info. aka VOICE PHISHING #10) use of text messages [aka SHORT MESSAGE SERVICE or SMS] to trick targets into revealing personal/ bus info #11) where internet users are automatically REDIRECTED from a legit website TO an imitation website. then users unknowningly provide key info #12) F leave malware-infected USB flash drives, CD roms, etc in places where peo will find them [ie parking lots]. The items are labeled to elicit the curiosity/ greed of peo who find them [ie free prize]. Or can be left in workroom labeled ie year end report 2017. WHEN inserted in V's computer, the computer/ network is infected, giving to the F access to info.
ID Theft: Methods of Preventing Identity Theft: List he ways for individuals. 1.814
* don't give out gov't id numbers unless absolutely necessary * don't carry gov't ID cards/ numbers with you * create complex pw & passphrases .. * don't reuse pw. use different pw for every website, account or device * never send personal info via email * when avail, use biometric authentications [fingerprints, voice recognition] * create unique answers for security questions. don't use answers containing personal info * protect computers w strong & reg updated firewall & antivirus software & promptly install all updates & patches * avoid suspicious websites * delete messages from known senders * don't open them * only download software from trusted sites * avoid using unsecured, public wi-fi * limit the amount of personal info that's shared on social media * use software to perm erase all data from hard drives & other equip before disposing * secure all physical mailboxes w a lock, check physical mail regularly, & instruct the post office to suspend mail during vacations * shred all sensitive doc * opt out of all unsolicited offers for pre-approval cc or LOC * pay attn to billing cycles & review all bills & stmts * check credit reports regularly
ID Theft: how to respond to ID theft [victims should do] 1.816
* file a police report w local law agencies & keep a copy of the report. many banks/ credit agencies require a police report before.. * if wallet/ purse stolen, immediately cancel all cc & get replacements * put a stop payment on all lost/ stolen checks * request copies of credits reports & review them for unauthorized account activity * report unauthorized charges & accounts to approp bank, cc co, or credit reporting agency immediately by phone AND in writing * change acct numbers or close accounts * contact all credit reporting agencies to have a security alert or freeze placed on credit reports
ID Theft: Prevention for Businesses 1.815
* limit personal info collected from customers. * restrict ee's access to customer's personal info * use network security tools to monitor WHO HAS ACCESS to personal info of clients. * don't retain personal info for longer than necessary * adopt an info-handling policy [that governs how personal info is stored, protected & disposed]. for the co:strictly enforce this policy & discipline ees who violate it. * conduct reg ee training re co's info handling policies * ensure the security of buildings by using locks, access codes & other security features * keep physical sensitive docs in locked rooms or locked filing cabinets * secure all networks & electronic info * use encryption to protect [stored by the co, sent to 3rd parties, sent over network] * restrict the use of laptops * require ees to complex pw * where permitted by law, do background checks on prospective ees * thoroughly investigate contractors/ vendors before using * do not use SSN for internal ee id or print them on checks * perform regular audits of info handling practices, network security & other internal controls * crate a data breach response plan
ID Theft: Victims of ID Theft: List the 5 common groups & why are they more vulnerable to ID Theft? 1.802
1) CHILDREN [cause have no credit histories, families don't monitor, thieves have time to do this. family members often perpetrate fraud] 2) SENIORS [often have more avail cash, check their reports less frequently, are less aware of ID theft & other fraud, less likely to report fraud than younger victims. Fraudsters can be fam members, caregivers .] 3) MILITARY [more vulnerable to id theft: often deployed overseas for long periods of time, which makes it difficult to monitor their credit, sometimes have special needs [health problems which can be exploited by thieves] 4) COLLEGE STUDENTS [are inexperienced in using & managing credit and aren't concerned about so don't take steps to protect themselves, not check their reports frequently] 5) THE DECEASED [ ha don't monitor their credit, family might forget to inform creditors or close accounts . How thieves get the info: tombstones, obits, calling funeral home & impersonating family]
ID Theft: How Identity Thieves Steal Info: list 16 method 1.807 - 1.8814
1) dumpster diving 2) discarded devices 3) mail theft 4) change of mailing address 5) shoulder surfing 6) piggybacking 7) social engineering 8) phishing 9) vishing 10) SMiShing 11) pharming 12) baiting 13) credit card skimming 14) malware 15) computer hacking & data breaches 16) malicious insiders
ID theft: Types of Identity Theft Schemes: list the 7 schemes 1.804 - 1.808
1) financial identity theft 2) criminal identity theft 3) medial identity theft 4) insurance identity theft 5) tax identity theft 6) employment identity theft 7) business identity theft
ID Theft: a) it's discriminatory in nature, right? b) per 2017 Identity Fraud Study by Javelin Strategy & Research, Identity fraud affters more than xxx adults in the US & loss totals $xxx. c) what's the most common law enforcement def of ID theft? d) How can thieves exploit this info [use]? 1.800
a) NON-discriminatory in nature. anyone can be targeted. b) more than 15 million adults & schemes total $16 BILLION c) Identity Theft & fraud are crimes where one wrongfully obtains & uses another person's PERSONAL DATA in some way that involves fraud or deception, typically for economic gain d) opening bank/ credit card accounts, taking over existing accounts, obtaining loans in victims name all without their knowledge.
ID Theft: Methods of Committing Identity Theft: a) list the 2 general methods of committing ID theft 1.803
a) Traditional ID Theft b) Synthetic ID Theft
ID theft: Types of Identity Theft Schemes: #4 Insurance Identity Theft Scheme: a) define, b) give ex of auto ins 1.806
a) a F impersonates another to obtain insurance coverage/ benefits. If involves medical ins, can be considered med id theft. For example, auto, homeowner's, rental, life insurance, liability ins. b) F uses stolen driver's licen & ssn to get auto ins policy on F's car. the F falsely reports car as stolen & gets ins benefits for value of the car. Victim discovers the fraud when his auto insurer raises his rates.
ID theft: Types of Identity Theft Schemes: #6 Employment Identity Theft Scheme: a) define, b) when do F do this? c) list possible red flags [become known of the fraud] 1.807
a) a F impersonates another to secure a job b) cause they aren't legal citizens or background checks reveal disqualifying info about them [hide criminal activity] c) gov't provides notice ie. of taxes owed for unreported wages, or multiple tax returns filed, OR credit report contains name of unknown employer
ID theft: Types of Identity Theft Schemes: #5 Tax Identity Theft Scheme: a) define, b) when can be found? 1.806
a) a F uses another's personal ID to file a tax return & receive a refund from the gov't [or can reduce taxes by increasing # of dependents, claim strangers as dependents] b) found when victim files his tax return & gov't rejects it cause a return has already been filed.
ID Theft: How Identity Thieves Steal Info: #8) Phishing: a) def & discuss, b) discuss the E-Bay email incident, c) what are SPEAR PHISHING schemes? 1.811
a) a type of SOCIAL ENGINEERING. F use electronic communications to impersonate trusted individuals/ entities. Phishers typically use emails to direct V to websites that look legit [ie online banks, retailers, gov't agencies] where the F controls these sites & use to steal info [bank acct info or passwords]. KEY: em is sent to hundreds/ thousands of individuals indiscriminately. b) in 2003 E-Bay customers rec'd fraudulent email purporting to be from the co. indicating customer's accounts have been compromised. The em instructed to re-register at the E-Bay website provided by the hyperlink [which was the F's site 'clone site']. the clone site was carefully crafted to look authentic. the em directed customers to enter personal info, cc #s, ssn, dob, mother's maiden names. c) KEY: TARGETS SPECIFIC indiv/ bus. [not send out thousands of em indiscriminately]. This scheme requires F to research the target & compose a highly customized email. id in 2016 a German co ' Leonie AG', lost millions when CFO rec'd em from co exe to wire $$$$. this co exe frequently makes this request.... turns out the em address of exe was close to his real em.. the email was a 'clone' to ones sent previously. this scheme is called 'BUSINESS EMAIL COMPROMISE' [BEC]
ID Theft: Perpetrators of ID Theft: a) who are these thieves ? 1.800
a) can be anyone: ees, friends, relatives, organized crime based in China, Ghana, Nigeria, Russa, vendors, bus associates, illegal immigrants, ones trying to hide their criminal records, hoping to stay out of prison, cause it's a less risky crime.
ID theft: Types of Identity Theft Schemes: # 2 Criminal Identity Theft Scheme: a) define, b) give ex of DWI c) what are the risks of the innocent party when this happens? 1.805
a) occurs when F falsely identity themselves as other peo to LAW ENFORCEMENT WHILE being arrested or investigated for a crime. SO the crime in INCORRECTLY ATTRIBUTED to the innocent party b) GH purchases fake ID while living in Canada illegally, which contains LB [another person's} photograph, name & dob of a real CA citizen]. GH is arrested for DWI. SO LB is mistakenly charged for DWI. LB does not discover the criminal id theft until later when is stopped for minor traffic offense & then LB is arrested for an outstanding warrant. c) risk of arrest [until criminal record is corrected], being terminated from job [cause of outsanding warrants] & not hired for jobs [cause of background checks]
ID theft: Types of Identity Theft Schemes: #1 Financial Identity Theft Scheme: a) define, b) give examples & indicate the name of "traditional" method of ID fraud, c) t/f: most ID theft if 'financial' id thef 1.804
a) occurs when F uses the indiv's personal info for fraudulent financial transactions b) 1) using stolen cc or cc # to purch g/s [account take over] 2) impersonating an indiv to gain access to bank account [account takeover] 3) using indiv's personal info to open NEW cc account [true name fraud] c) True, since most id thefts involve accessing existing financial accounts or creating new fin accounts
ID theft: Types of Identity Theft Schemes: #7 Business Identity Theft Scheme: a) define, b) give example regarding amendment to bus filings c) what kind of schemes? d) why do thieves target a bus [rather than an indiv]? e) why are SMALL bus particularly at risk for bus id theft? 1.807
a) occurs when a F impersonates a bus to commit FINANCIAL FRAUD. b) F pays small fee to gov't to file amendment to co's business filings with the state & changes new bus address & changing name of owner [along w a fake id}. TO conduct a # of transactions: obtain LOC, purch expensive machinery, filing fraudulent tax returns. The victim co is unaware since all relevant correspondence goes to new bus address c) reinstate a closed or dissolved business, trick 3rd parties by creating a new bus name similar to an existing bus d) 1) potential rewards are greater [bus have larger bank account, easier to access credit, higher credit limits than peo] 2) bus are less likely to notice new/ unusual fin trans bc they engage in more fin trans than peo 3) info needed to commit bus id theft [bus tax id #] are publicly avail online or in gov't records] e) bc small bus have LOC, capital & other info while lacking resources & tech to properly defend itself id theft. Rely heavily on owner's personal credit [making bus id theft more destructive]. Small bus owners are wary of revealing id theft out of fear consumers will take their bus to larger companies that offer increased level of data security.
ID theft: Types of Identity Theft Schemes: #3 Medical Identity Theft Scheme: a) define, b) give examples, c) list some consequences for the victim, d) t/f: hard to detect 1.805
a) occurs when a F uses another's identity to obtain medical care, prescription drugs, or payments form the gov't b) 1) F uses stolen driver's license & health ins card to obtain prescription painkillers from multiple RXs 2) a pregnant F uses stolen health ins info to obtain maternity care from hospital 3) F uses personal info to file claims for gov't disability benefits c) since V's med records are mixed w F's, can result in increased cost for med ins, denial of med benefits, misdiagnosis, delayed or improper med treatments, death d) yes, can be very hard to detect, until ie need emergency care, or billed for services, or notices of unpaid medical bills on their credit reports, or denied medical ins benefits
ID Theft: Methods of Committing Identity Theft: "Traditional" ID Theft: a) define, b) discuss the mechanics of ACCOUNT TAKEOVER c) discuss the mechanics of TRUE NAME FRAUD 1.803
a) steals person's personal info & PRETENDS to be that individual b) F uses peo's name, gov't id, ssn, dob to impersonate & gain access to ie bank account. THEN changes the address so peo does not receive immediate notice of new activity c) F uses peo's personal info to open NEW account in peo's name.
ID Theft: Methods of Committing Identity Theft: "Synthetic" ID Theft: a) define, b) give example, c) which group is this commonly used on? d) t/f: easy to detect this fraud scheme 1.803
a) uses fictitious identity. F might entire fabricate all the info OR use a combo of real & fabricated info b) example: F creates fictitious id by combining SSN with Fabricated name & dob. F applies w cc at a bank. the bank DENIES the application after a credit reporting agency informs of the ficitious identity has NOT CREDIT HISTORY. THEN as part of their SOP, the credit reporting agency NEW CREATES A FILE, so now the F has SUCCESSFULLY created a credit history for the fictitious identity & can OPEN NEW ACCOUNTS. F can obtain loan.... c) F often use children's ssn to commit synthetic id theft cause not likely to monitor the child's credit d) F, can be difficult to detect cause the fraud might not appear on the credit report or appear in a SUB file.