1. Identity Theft, Nigerian Fraud,
and Cyberbulling. What it is,
How it works, and how to protect
yourself:
A Presentation by Matt Smith. President of Litchfield
County Computer, L.L.C.
4. What is Identity Theft
• Identity theft is when someone uses your
personally identifying information, like your
name, Social Security number, or credit
card number, without your permission, to
commit fraud or other crimes.
• 27.3 million Americans have been victims
of identity theft within the last 5 years.
• Second most reported crime to the federal
government in 2003.
5. How Criminals get your Information
• Business records get stolen
• Shoulder Surfing
• Dumpster Diving
• Theft of mail
• Pretending to be someone of authority
• Internet based attacks (known as online identity theft)
• Social Security Number
• Skimming
• Phishing
• Diversion of bills/records to another location
• Photocopiers
6. How Criminals get your
Information: Internet based attacks
• Credit card and other personal information
is stored in a database by an online
merchant.
• These databases require Internet access
in order to operate.
• The database is broken into, allowing for
large amounts of personal information to
be stolen.
7. How Criminals get your
Information: Not as secure as you
think
• Many people that shop online are familiar with
the lock on their browser that indicates a secure
connection.
• This is a security misconception, the data is only
encrypted while it is being sent to the merchant.
Once it is sent it is stored in plaintext form and
can be stolen.
• It could also be stolen from the shopper via
various means (shoulder surfing or a virus)
8. The TJX Security Breach
• TJX is the parent company of Marshalls,
TJMAXX, and several other retail stores.
• Sometime in the summer of 2005, two attackers
broke into the wireless network of the Marshalls
in St. Paul, MN and Miami, FL.
• Once they were inside the store’s network, they
were able to break into TJX headquarters.
• A confirmed 45.6 million credit and debit card
numbers were stolen. This is the second largest
data breach in U.S. history.
9. The TJX Security Breach
• The mastermind behind the breach was a
man by the name of Albert Gonzales.
• Mr. Gonzales was also one of the heads of
Shadowcrew, an ID theft Internet Mafia that
was broken up by the USSS in 2004
• While he was helping the USSS take down
Shadowcrew, he was plotting his next
attack – TJX
10. TJX/Heartland Security Breach
• Mr. Gonzales also masterminded the
Heartland credit card processor security
breach in which a confirmed 130 million
credit card numbers and the magnetic
stripe data off the cards were stolen – this
is the largest data breach in U.S. History
• Mr. Gonzales has now been indicted for his
parts in the TJX/Heartland security
breaches.
11. How Criminals get your Information:
Social Security Number
• Your Social Security Number is a unique
identifier.
• Because of this it’s often used as the
primary key that identifies individual
records in a database.
• The SSN is a powerful tool. If a criminal
has your SSN it can be used to get other
personal information about you.
12. How Criminals get your
Information: Skimming
• Skimming is the act of running a credit
card though a device that is designed to
capture and store the information on many
credit cards for easy access later by a
computer.
• You can also skim a card by writing down
the card information on a piece of paper
when the card is out of sight.
13. How Criminals get your
Information: Skimming
• Skimming attacks often occur in
restaurants and other places where your
credit card must be taken out of your sight
to be scanned for payment.
14. How Criminals get your
Information: Phishing
• Phishing is when someone tries to get
your information by putting a fake banking
(or other site) on the Internet. Once the
site is online the phisher will send out
spam emails looking for victims.
• These spam emails will look and sound
official. However they are merely traps to
get you to reveal your personal
information.
18. How Criminals get your
Information: Photocopiers
• ID Theft via photocopier is a very new
threat (March, ’07)
• Photocopiers made in the last 5 years
have the same hard drives that computers
do.
• These hard drives are used to store every
document the copier has ever copied.
This data has very little chance of being
overwritten.
19. How Criminals get your
Information: Photocopiers
• These hard drives can be stolen from the
copier, revealing personal information.
• They also become a problem after the
copier is disposed of.
• Sharp and Xerox make security kits.
However, the security kit must be applied
to the copier.
• Be very cautious about what you copy on
a public copier.
20. How Criminals use your Information
• Diversion of your credit card bill.
• Open new credit and/or bank accounts.
• Forge checks and/or debit cards.
• Take out car loans and buy cars (very
common).
• Set up phone or cell service.
• File bankruptcy in your name.
• Commit crimes in your name.
21. Signs of Identity Theft
• You don’t get your normal bills
• Getting credit cards and account
statements that you didn’t apply for
• Creditor tries to repossess a car you don’t
own
• Police contact you after “you” commit a
crime
• Being denied credit for no reason
• Sudden unexplained calls from collection
agencies
22. If Your Identity is Stolen
• 1. Contact your local Police Department
and have them file a police report.
Although they will not be able to do much
else other than file a report you will NEED
a police report for later steps to help prove
that there has been a crime. Make sure
that you get a copy of the police report.
• 2. Cancel all accounts where the
suspicious activity was seen. This
includes credit and debit cards.
23. If Your Identity is Stolen
• 3. Contact the 3 credit bureaus. They are
http://www.equifax.com, http://
www.experian.com, and http://
www.transunion.com. They will place a fraud
alert on your account(s). If you skip this
step, you run the risk of the identity thief
being able to reopen the accounts you had
closed in step 2.
• 4. Contact the FTC at
http://www.consumer.gov/idtheft and file a
report.
24. If Your Identity is Stolen:
• 5. Contact your creditors and inform them
of the situation. Provide copies of your
police report if requested.
25. How to Protect Yourself
• Make sure no one is looking over your
shoulder when entering sensitive
information.
• Shred your sensitive trash.
• Never allow your credit card out of your
sight when a payment is being made.
• If your mail is stolen, report it immediately
to the post office. Get a locking mailbox if
possible.
26. How to Protect Yourself
• If you are not sure if an official sounding
communication is legitimate, check directly with
your bank, credit card company, etc.
• Shop or bank online as little as possible.
• If you notice that you are not getting your bills
contact your creditors immediately.
• Do not copy sensitive information (tax returns)
on a public copier.
• Be very careful in giving out your SSN. The only
people that should need it are State and Federal
agencies and your employer.
27. How to Protect Yourself
• Use good computer security: Keep your
antivirus and antispyware software updated
and scan your computer regularly.
• Avoid websites that are likely to infect your
computer with malware.
• Use a pop up blocker.
29. What Is Nigerian Fraud
• Nigerian Fraud is a type of scam where
you send the scammer a sum of money in
order to receive something in return
(usually a large sum of money).
• The initial contact is usually made via
email, although other methods (fax, snail
mail) can be used.
• There are many variants of Nigerian
Fraud.
30. Variants of Nigerian Fraud
• The most common form of Nigerian Fraud
involves you being asked to help the
scammer move a large sum of money of
the country in exchange for a portion of
the money. The scammer will ask for
money to help with fees involved in
moving the money.
31. Variants of Nigerian Fraud
• Another form of Nigerian Fraud is the
lottery scam in which the scammer claims
that the victim has won a lottery and
needs to pay “processing fees” in order to
receive the winnings.
• The reshipping scam is also common.
This is where a scammer will ship stolen
goods to a victim so the victim can ship
them to another location in return for
receiving a sum of money.
32. Variants of Nigerian Fraud
• The reshipping scam is especially
hazardous for the victim because as soon
as the victim receives the stolen goods the
victim is an accomplice to a crime.
35. How to Protect Yourself
• If you get a Nigerian scam email in your
inbox, don't respond to it.
• Be careful of any “Work from home” type
job offers. These are often used to hide
reshipping scams.
37. Cyberbulling Statistics
• 33 percent of youth have been victimized by cyber
bullying.
• Among this percentage, being ignored and
disrespected were the most common forms of cyber
bullying.
• The primary cyber bullying location where victimizing
occurs is in chat rooms (56 percent).
• Following chat rooms, 49 percent are victimized via
instant message and 28 percent via e-mail.
• 34 percent of youth who are bullied feel frustrated, 30
percent angry and 22 percent feel sad.
38. Cyberbulling Statistics
• Oddly, because many studies show that females often
deal with harder situations by becoming sad, this
particular study suggests that females feel much angrier
than males about being cyber-bullied.
• 41 percent of victims do not tell anyone in their off-screen
lives about their abuse, but 38 percent did tell an online
friend.
• The situation only improved for 19 percent of victims when
they did tell someone about the bullying.
• 17 percent admitted to bullying another individual online.
• Of the offenders interviewed most considered it fun or
instructive; such as a way to strengthen their victims.
• More than half of study participants feel that cyber bullying
is as bad, or worse, as bullying in real life.
39. Megan Meier Case
• Megan Taylor Meier was a 13 year old
Missouri girl that committed suicide as a
result of cyberbulling.
• Megan’s neighbor has created a fake
MySpace profile of a boy to find out if
Megan had been saying bad things about
her daughter online.
• The comments made turned hateful.
40. Megan Meier Case
• As there was no law against Cyberbulling
at the time an attempt was made to use the
Computer Fraud And Abuse Act to
prosecute the case against Lori Drew. This
attempt failed.
41. Protecting Yourself
• Treat a cyber bully like you would treat a
normal bully – ignore them. Bullies thrive
on attention. If there are any indications
that threats to your offline safety may be
involved contact your local police.