This document provides information on various types of identity theft and fraud, including how they work and how to protect yourself. It discusses how criminals obtain personal information through business records, mail theft, phishing, and other means. Specific examples are given of large data breaches at TJX and Heartland Payment Systems that exposed millions of credit card numbers. The document also covers Nigerian fraud scams, cross-border telephone fraud, and recommends precautions like shredding documents, using strong passwords, and being wary of unsolicited calls or emails requesting personal information or money transfers.
1. Identity Theft, Nigerian Fraud,
and Cross Border Fraud. What it
is, How it works, and how to
protect yourself:
A Presentation by Matt Smith. President of Litchfield
County Computer, L.L.C.
3. What is Identity Theft
• Identity theft is when someone uses your
personally identifying information, like your
name, Social Security number, or credit card
number, without your permission, to commit
fraud or other crimes.
• 9.3 million Americans were victims of identity
theft in 2005 alone. This totalled to 52.6 billion
dollars in losses.
• Only 1 in 700 identity thieves ever get caught.
4. How Criminals get your Information
• Business records get stolen
• Shoulder Surfing
• Dumpster Diving
• Theft of mail
• Pretending to be someone of authority
• Internet based attacks (known as online identity theft)
• Social Security Number
• Skimming
• Phishing
• Diversion of bills/records to another location
• Photocopiers
6. How Criminals get your
Information: Internet based attacks
• Credit card and other personal information
is stored in a database by an online
merchant.
• These databases require Internet access
in order to operate.
• The database is broken into, allowing for
large amounts of personal information to
be stolen.
7. How Criminals get your
Information: Not as secure as you
think
• Many people that shop online are familiar with
the lock on their browser that indicates a secure
connection.
• This is a security misconception, the data is only
encrypted while it is being sent to the merchant.
Once it is sent it is stored in plaintext form and
can be stolen.
• It could also be stolen from the shopper via
various means (shoulder surfing or a virus)
8. The TJX Security Breach
• TJX is the parent company of Marshalls,
TJMAXX, and several other retail stores.
• Sometime in the summer of 2005, two attackers
broke into the wireless network of the Marshalls
in St. Paul, MN and Miami, FL.
• Once they were inside the store’s network, they
were able to break into TJX headquarters.
• A confirmed 94 million credit and debit card
numbers were stolen. This is the second largest
data breach in U.S. history.
9. The TJX Security Breach
• The mastermind behind the breach was a
man by the name of Albert Gonzales.
• Mr. Gonzales was also one of the heads of
Shadowcrew, an ID theft Internet Mafia that
was broken up by the USSS in 2004
• While he was helping the USSS take down
Shadowcrew, he was plotting his next
attack – TJX
10. TJX/Heartland Security Breach
• Mr. Gonzales also masterminded the
Heartland credit card processor security
breach in which a confirmed 130 million
credit card numbers and the magnetic
stripe data off the cards were stolen – this
is the largest data breach in U.S. History
• Mr. Gonzales has now been sentenced for
his parts in the TJX/Heartland security
breaches.
11. How Criminals get your Information:
Social Security Number
• Your Social Security Number is a unique
identifier.
• Because of this it’s often used as the
primary key that identifies individual
records in a database.
• The SSN is a powerful tool. If a criminal
has your SSN it can be used to get other
personal information about you.
12. How Criminals get your Information:
Social Security Number
• Your Social Security Number is a unique
identifier.
• Because of this it’s often used as the
primary key that identifies individual
records in a database.
• The SSN is a powerful tool. If a criminal
has your SSN it can be used to get other
personal information about you.
13. How Criminals get your
Information: Skimming
• Skimming is the act of running a credit
card though a device that is designed to
capture and store the information on many
credit cards for easy access later by a
computer.
• You can also skim a card by writing down
the card information on a piece of paper
when the card is out of sight.
14. How Criminals get your
Information: Skimming
• Skimming attacks often occur in
restaurants and other places where your
credit card must be taken out of your sight
to be scanned for payment.
15. How Criminals get your
Information: Phishing
• Phishing is when someone tries to get
your information by putting a fake banking
(or other site) on the Internet. Once the
site is online the phisher will send out
spam emails looking for victims.
• These spam emails will look and sound
official. However they are merely traps to
get you to reveal your personal
information.
19. How Criminals get your
Information: Photocopiers
• ID Theft via photocopier is a very new
threat (March, ’07)
• Photocopiers made in the last 5 years
have the same hard drives that computers
do.
• These hard drives are used to store every
document the copier has ever copied.
This data has very little chance of being
overwritten.
20. How Criminals get your
Information: Photocopiers
• These hard drives can be stolen from the
copier, revealing personal information.
• They also become a problem after the
copier is disposed of.
• Sharp and Xerox make security kits.
However, the security kit must be applied
to the copier.
• Be very cautious about what you copy on
a public copier.
21. How Criminals get your Information:
Prank calls
• Criminals will sometimes call you asking
you to give them the very information that
they need to steal your identity.
• They will pretend to be someone of
authority.
• Should you receive a suspicious call, locate
a known good number for the calling
institution and call them back.
22. How Criminals use your Information
• Diversion of your credit card bill.
• Open new credit and/or bank accounts.
• Forge checks and/or debit cards.
• Take out car loans and buy cars (very
common).
• Set up phone or cell service.
• File bankruptcy in your name.
• Commit crimes in your name.
23. Signs of Identity Theft
• You don’t get your normal bills
• Getting credit cards and account
statements that you didn’t apply for
• Creditor tries to repossess a car you don’t
own
• Police contact you after “you” commit a
crime
• Being denied credit for no reason
• Sudden unexplained calls from collection
agencies
24. If Your Identity is Stolen
• 1. Contact your local Police Department
and have them file a police report.
Although they will not be able to do much
else other than file a report you will NEED
a police report for later steps to help prove
that there has been a crime. Make sure
that you get a copy of the police report.
• 2. Cancel all accounts where the
suspicious activity was seen. This
includes credit and debit cards.
25. If Your Identity is Stolen
• 3. Contact the 3 credit bureaus. They are
http://www.equifax.com, http://
www.experian.com, and http://
www.transunion.com. They will place a fraud
alert on your account(s). If you skip this
step, you run the risk of the identity thief
being able to reopen the accounts you had
closed in step 2.
• 4. Contact the FTC at
http://www.consumer.gov/idtheft and file a
report.
26. If Your Identity is Stolen:
• 5. Contact your creditors and inform them
of the situation. Provide copies of your
police report if requested.
27. How to Protect Yourself
• Make sure no one is looking over your
shoulder when entering sensitive
information.
• Shred your sensitive trash.
• Never allow your credit card out of your
sight when a payment is being made.
• If your mail is stolen, report it immediately
to the post office. Get a locking mailbox if
possible.
28. How to Protect Yourself
• If you are not sure if an official sounding
communication is legitimate, check directly with
your bank, credit card company, etc.
• Shop or bank online as little as possible.
• If you notice that you are not getting your bills
contact your creditors immediately.
• Do not copy sensitive information (tax returns)
on a public copier.
• Be very careful in giving out your SSN. The only
people that should need it are State and Federal
agencies and your employer.
29. How to Protect Yourself
• Use good computer security: Keep your
antivirus and antispyware software updated
and scan your computer regularly.
• Avoid websites that are likely to infect your
computer with malware.
• Use a pop up blocker.
• Use strong passwords and change them
frequently.
30. How to Protect Yourself
• You can opt not to receive unsolicited credit
offers in the mail by calling (888)5-
OPTOUT
32. What Is Nigerian Fraud
• Nigerian Fraud is a type of scam where
you send the scammer a sum of money in
order to receive something in return
(usually a large sum of money).
• The initial contact is usually made via
email, although other methods (fax, snail
mail) can be used.
• There are many variants of Nigerian
Fraud.
33. Variants of Nigerian Fraud
• The most common form of Nigerian Fraud
involves you being asked to help the
scammer move a large sum of money out
of the country in exchange for a portion of
the money. The scammer will ask for
money to help with fees involved in
moving the money.
34. Variants of Nigerian Fraud
• Another form of Nigerian Fraud is the
lottery scam in which the scammer claims
that the victim has won a lottery and
needs to pay “processing fees” in order to
receive the winnings.
• The reshipping scam is also common.
This is where a scammer will ship stolen
goods to a victim so the victim can ship
them to another location in return for
receiving a sum of money.
35. Variants of Nigerian Fraud
• The reshipping scam is especially
hazardous for the victim because as soon
as the victim receives the stolen goods the
victim is an accomplice to a crime.
37. How to Protect Yourself
• If you get a Nigerian scam email in your
inbox, don't respond to it.
• Be careful of any “Work from home” type
job offers. These are often used to hide
reshipping scams.
39. What is Cross Border Fraud
• Cross Border Fraud is a fairly new type of
fraud that takes place across the borders of
neighboring countries.
• It usually involves telephone and
telemarketing scams.
• What happens is a scammer or group of
scammers will set up a “boiler room” in one
country and use it to launch scams against
victims in the neighbor country.
40. A Real Example of Cross Border
Fraud
• Case occurred here in Woodbury.
• Scammer in Canada called an elderly
resident.
• Said that her granddaughter was stuck at
the border for having contraband and
needed $3000 to cross the border
• Scammer knew names of the family
• You can guess the outcome
41. A Real Example of Cross Border
Fraud
• Since this case occurred, other cases have
happened in Connecticut.
• It's believed that the scammers get their
information on their victims through identity
theft.
42. How to protect yourself
• Watch out for the example scam described
here. It's a very hot item with boiler rooms
right now. If you are unsure contact your
family members and check up on them.
• Be wary of any unsolicited telephone offer.
It could be a scam, JUST SAY NO