Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

IDENTITY THEFT

VIEWS: 24 PAGES: 62

  • pg 1
									  IDENTITY THEFT

Day 1: Background of Identity
           Theft



  SAMPLE ONLY
Background
 •   Legal Definitions of Identity Theft
 •   Various Other Definitions
 •   Working Definition For Telecoms
 •   Classification of Identity Theft
 •   Who are the Identity Thieves?
 •   Who are the Victims?
 •   Informations Needed For ID Theft
 •   A Sample ID Theft Methodology

         SAMPLE ONLY                       2
Classifications
of Identity Theft



       Objective/Intention
           1.   Personal Gain
           2.   Vengeance
           3.   Provide Anonymity
           4.   Challenge
           5.   Satisfy Ego



            SAMPLE ONLY             3
Classifications
of Identity Theft

  Methods of ID Information Retrieval:
  1. Third Party Sources:
      A. Dumpster Diving:
         Experian, in early 2002, investigated 400 Trash bins
         in Nottingham, England
           •   72% of trash bins contain at least one full name and
               address
           •   40% of trash bins contain a credit card number
           •   32% of trash bins contain a credit card number AND
               expiration date
           •   20% of trash bins contain a bank account number and a
               sort code (similar to a US Bank’s routing number)


               SAMPLE ONLY                                       4
Classifications
of Identity Theft

       Methods of ID Information Retrieval:
       1. Third Party Sources:
           B. From Businesses or Institutions
              •     HR or Employment Records
              •     Internal Fraud
                    –   Bribes to employees
                    –   Disgruntled employees
              •     Social Engineering
              •     Through Information Technology Systems
                    –   Hacking or other Technological Means.
                    –   Simply searching Public Databases On- or Off- line.
                    –   Google or other Search Engines



            SAMPLE ONLY                                                   5
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          B. From Businesses or Institutions

             Hackers Steal California State Employees Social
                Security Numbers?
                Yahoo News/Associated Press - May 24, 2002
                Hackers Break Into California Computers

                Does it make you feel better to know that not even California Governor Gray
                Davis is immune from possible identity theft? It appears that on April 7th,
                hackers broke into a California state computer system that houses the
                names, social security numbers, and maybe even bank information for
                260,000 state employees — including Gov. Gray Davis and his staff. It's not
                clear if the hackers took anything or have used the information to commit
                identity theft. The servers have since been patched to keep this from
                happening again. Right.




            SAMPLE ONLY                                                                6
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      1. Third Party Sources:
          B. From Businesses or Institutions

             Bank Loses Card Data of Senators,
             U.S. Govt Staff
             Feb 26, 2005
             By Joanne Morrison
             WASHINGTON, Feb 26 (Reuters) - Computer tapes containing credit
                 card records of U.S. Senators and more than a million U.S.
                 government employees are missing, Bank of America said on
                 Friday, putting the customers at increased risk of identity theft.
                 The security breach, which included data on a third of the
                 Pentagon's staff, angered lawmakers...




            SAMPLE ONLY                                                          7
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          B. From Businesses or Institutions
             March 18, 2005
             Auditors Find IRS Workers Prone to Hackers
             By MARY DALRYMPLE
             AP Tax Writer
             WASHINGTON -- More than one-third of Internal Revenue Service
                 employees and managers who were contacted by Treasury
                 Department inspectors posing as computer technicians provided
                 their computer login and changed their password, a government
                 report said Wednesday




            SAMPLE ONLY                                                      8
Classifications
of Identity Theft

   Methods of ID Information Retrieval:
   1. Third Party Sources:
      B. From Businesses or Institutions
          March 22, 2005
          Personal Data of 59,000 People Stolen
          By Associated Press CHICO, Calif. — Hackers gained personal information
              of 59,000 people affiliated with a California university -- the latest in a
              string of high-profile cases of identity theft.

              California State University, Chico spokesman Joe Wills said nearly all
              the current, former and prospective students, faculty and staff who
              were affected have been notified of the theft, which happened about
              three weeks ago. Hackers gained access to the victims' names and
              Social Security numbers.




              SAMPLE ONLY                                                             9
Classifications
of Identity Theft

    Methods of ID Information Retrieval:
    1. Third Party Sources:
        C. From Detective Agencies (both real and fake):
           Examples:
                http://www.usatrace.com/

                http://www.howtoinvestigate.com/
                http://www.merlindata.com/

                http://www.publicpeoplefinder.com/

            Agencies like these are considered legal
            and they serve as a source of identity
            information for the ID Thief.

            SAMPLE ONLY                                10
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.usatrace.com/
                                               11
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.howtoinvestigate.com   12
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.merlindata.com
                                                13
Classifications
of Identity Theft




             SAMPLE ONLY
           http://www.publicpeoplefinder.com/Social-security-number.shtml   14
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
         D. From Information Brokers:
            Examples:
                    http://www.choicepoint.com

                    http://www.lexisnexis.com

                    http://www.acxiom.com


             Agencies like these provide data that can
             be used to validate identities, however,
             they are also sources for ID Thieves.

            SAMPLE ONLY                                  15
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.choicepoint.com
                                                 16
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          D. From Information Brokers:
           ChoicePoint data theft widens to 145,000
           people
           February 18, 2005
           By Matt Hines
           Staff Writer, CNET News.com

           ChoicePoint has confirmed that scammers culled the personal information of tens of
           thousands of Americans in a recent attack on its consumer database, resulting in 750
           individual cases of identity theft.
           The Atlanta-based company said that it plans to inform approximately 110,000
           consumers outside the state of California whose information may have been accessed
           in the criminal scheme, originally reported on Tuesday. The company has already told
           some 35,000 Californians that their personal data, including their names, addresses,
           Social Security numbers and credit reports, was stolen by scammers. California is the
           only U.S. state with legislation in place that requires companies to notify its residents
           when their personal data has been compromised.



            SAMPLE ONLY                                                                        17
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.lexisnexis.com   18
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          D. From Information Brokers:
           Hackers Hit Lexis Nexis Database
           NEW YORK, March 10, 2005
           (CBS/AP)
           Lexis Nexis says hackers commandeered one of its
           databases, gaining access to the personal files of as many
           as 32,000 people.

           Federal and company investigators are looking into the
           security breach in the Seisint database, which was
           recently acquired by Lexis Nexis and includes millions of
           personal files for use by such customers as police and
           legal professionals.


            SAMPLE ONLY                                           19
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.acxiom.com
                                            20
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          D. From Information Brokers:
           ALLEGED ACXIOM HACKER INDICTED
           July 21, 2004
           KTHV-DT, Little Rock, Arkansas
           It could be one of the largest cyber crimes in U.S. history, and Arkansas based Acxiom
           is the victim.
           Wednesday federal investigators arrested a Florida man, saying he hacked into the
           company's computer system causing seven million dollars worth of damage.

           Federal investigators say 45-year-old Scott Levine from Boca Raton, Florida stole the
           personal information of millions of people. They say he was able to get names,
           addresses, and in some cases even credit card numbers.

           "Acxiom is simply a massive data base of information," Sandra Cherry, Assistant US
           Attorney says.




             SAMPLE ONLY                                                                    21
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      1. Third Party Sources:
          E. From Credit Reporting Agencies:
             Examples:
                     https://www.equifax.com

                     http://www.transunion.com

                     http://www.experian.com


              In addition to selling credit reports, these
              agencies also sell information that can be
              used for identity validation, which makes
              them vulnerable to ID Thieves.

            SAMPLE ONLY                                      22
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          E. From Credit Reporting Agencies:


          Experian credit reports stolen
          Hackers pose as Ford Motor Credit staff to access database from credit
          reporting agency.
          May 17, 2002: 4:36 PM EDT

          NEW YORK (CNN/Money) - Ford Motor Credit Co. is warning 13,000 people to
          be aware of identity theft after the automaker found hackers posed as employees
          to gain access to consumer credit reports from credit reporting agency Experian.




             SAMPLE ONLY                                                            23
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          E. From Credit Reporting Agencies:
          http://www.csus.edu/indiv/b/brownb/csc1/hacker.htm

          TELEPHONE FRAUD
          An international group, dubbed the "Phonemasters" by the FBI, hacked into the networks of a
          number of companies including MCI WorldCom, Sprint, AT&T, and Equifax credit reporters.
          The FBI estimates that the gang accounted for approximately $1.85 million in business
          losses. "They had a menu of activities they could perform," says Richard Power, author of
          Tangled Web, a book chronicling tales of digital crime. "They had Madonna's home phone
          number, they could hack into the FBI's national crime database." The Phonemasters
          reportedly forwarded an FBI phone line to a sex-chat line, racking up $200,000 in bills. They
          snooped in confidential databases to see whose phones the FBI and federal Drug
          Enforcement Agency were tapping. They hacked into the computer systems of several
          companies and downloaded calling card numbers and personal information about customers
          and created telephone numbers for their own use.




             SAMPLE ONLY                                                                         24
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      1. Third Party Sources:
          F. From Obituaries:
           IDENTITY THEFT CASE
          MAINE WABI TV 5 News Broadcast: March 15, 2005 11:00pm
          JODY HERSEY SPOKE WITH A HOLDEN WOMAN TODAY WHO WAS OUTRAGED
          AFTER SOMEONE STOLE THE IDENTITY OF HER DECEASED DAUGHTER. SHARON
          MILLETT OF HOLDEN SAYS THAT'S HOW HER DAUGHTER TORI'S IDENTITY WAS
          STOLEN.
      •   SHE SAYS VERMONT STATE POLICE PULLED OVER A WOMAN LAST WEEK CLAIMING
          TO BE TORI. POLICE SAY THAT WOMAN IS 41 YEAR OLD KRISTINE LOMBARDI OF
          CALIFORNIA. VERMONT STATE POLICE SAY LOMBARDI WAS DRIVING A STOLEN CAR
          WITH NUMEROUS BIRTH CERTIFICATES AND LICENSES INSIDE. POLICE BELIEVE
          SHE WAS USING CLOSE TO 30 DIFFERENT ALIASES.
      •   MILLETT BELIEVES LOMBARDI GOT THE INFORMATION SHE NEEDED TO ASSUME
          HER DAUGHTER'S IDENTITY FROM TORI'S OBITUARY AND USED IT TO OBTAIN A
          COPY OF TORI'S BIRTH CERTIFICATE. SO WE WENT TO THE HOLDEN TOWN OFFICE
          TO SEE WHAT IT TAKES TO GET A BIRTH CERTIFICATE. THE WOMAN INSIDE SAID IT
          WOULD COST ME 7 DOLLARS AND ALL SHE NEEDED WAS MY NAME AND BIRTH

            SAMPLE ONLY
          DATE.
                                                                              25
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      1. Third Party Sources:
          G. From Public Files:
             Common Databases:
             The Dept of Heath Services has Birth and Death Certificates.
             The City Clerk -- list of business licenses (name, address, date) and building permits (name,
                  address, cost of construction)
             The County Clerk or County Recorder has liens on file (lien holder, payment agreements), a
                  Probate Index (estate settlements), records of lawsuits and judgments, powers of attorney
                  with respect to real estate, records of mortgages on personal property, and bankruptcy
                  papers.
             The City and County Courts have a Civil Index (civil actions, plaintiffs and defendants, and civil
                  files with a description of any disputed property or valuables), a Criminal Index (criminal
                  cases in Superior Court, as well as criminal files), and voter's registration files.
             The County Tax Collector has a description of any property owned, as well as taxes paid on real
                  estate and personal property.
             The County Assessor has maps and photos, or even blueprints showing the location of a
                  person’s property.
             The Secretary of State has corporation files and annual financial reports of a person’s company.
             The Dept of Motor Vehicles (DMV) contains information on the cars owned, insurance, as well
                  as other data such as address and SSN.


            SAMPLE ONLY                                                                                 26
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.birthcertificatesusa.com   27
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.birthcertificatesusa.com
                                                          28
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.nicar.org   29
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.nicar.org
                                           30
Classifications
of Identity Theft

       Methods of ID Information Retrieval:
       1. Third Party Sources:
          G. From Public Files:
          NICAR PUBLIC FILES AVAILABLE TO MEMBERS:
          Transportation/Air
          • FAA Enforcements: A database of FAA enforcement actions against airlines, pilots, mechanics, and designees
          • FAA Service Difficulty Reports: A database of maintenance incidents collected by the FAA for the purpose of tracking repair problems with commercial, private, and military aircraft, and aircraft components.
          • FAA Accidents and Incidents: A database of mainly U.S. flights where there was an accident or an incident, including crashes, collisions, deaths, injuries, major mechanical problems or costly damages.
          • FAA Aircraft Registry: A listing of all aircraft and aircraft owners registered in the United States. This dataset also includes tables on registered aircraft dealers and individuals/companies that reserved the N-number for their plane.
          • FAA Airmen Directory: The FAA Airmen Directory is a listing of pilots and other airmen, including the type of certificate's) they hold and their ratings. As a result of a new law that allows airmen to have their information withheld from the public, this listing is incomplete.
          • NASA Aviation Safety Reporting System: A database of anonymous reports of airplane safety submitted by pilots, flight attendants, air traffic controllers and passengers.
          Transportation/Roads
          • DOT Fatal Accidents: A nation-wide database of fatal road-vehicle accidents.
          • NHTSA Vehicle Recalls and Complaints: A database of vehicle complaints, recalls, service bulletins and inspections.
          • DOT Truck Accidents: A database of accidents on U.S. roads involving a commercial vehicle weighing more than 10,000 pounds, including semi-tractor trailers, buses. The data of 1988-1999 also has information about hazardous material carriers.
          • Truck Census: This U.S. Department of Transportation database contains records on each company that has commercial interstate vehicles weighing more than 10,000 pounds.
          • Truck Inspections: The Truck Inspections database contains data from state and federal truck inspections involving motor carriers as well as shippers and transporters of hazardous materials operating in the United States.
          Transportation/Waterways
          • Boating Accidents: The database contains information on recreational boating accidents in the United States.
          • Boat Registration: The database contains information on registered recreational and commercial boats.
          Transportation/General
          • Hazardous Materials: A database of information on transportation accidents involving hazardous materials.
          Election Campaigns/Federal
          • FEC Campaign Contributions: A database of all individual and political action group (PAC) contributions to federal election campaigns.
          • Mortality, Multiple Cause-of-Death Database: The Mortality Multiple Cause-of-Death database contains detailed information found in U.S. standard death certificate records from the United States and its territories.
          • National Practitioner Databank: This database contains information about doctors and other health care practitioners who have had medical malpractice suits filed or adverse action taken against them. Although names are not included, some news organizations have been able to use this database with other public records to determine the identity of individual practitioners.
          • Manufacturer and User Facility Device Experience Database: A database listing medical devices which have failed, how they failed and the manufacturer information.
          • CDC AIDS Public Information Dataset: Contains details about AIDS cases reported to state and local health departments since 1981, such as age, race and location. Names are not included.
          • FDA Adverse Event Reporting System: The FDA relies on the Adverse Event Reporting system to flag safety issues and identify pharmaceuticals or therapeutic biological products (such as blood products), for further epidemiological study.
          Public Safety
          • Campus Crime Statistics: 19 tables of crime data reported to the U.S. Department of Education by campus police and local law enforcement
          • Nuclear Materials Events Database: The Nuclear Materials Events Database contains records of all non-commercial power reactor incidents and events, including medical events, involving the use of radioactive byproduct material.
          • National Bridge Inventory Survey: A database of bridge maintenance information collected by the Federal Highway Administration
          • National Inventory of Dams: A database including dam location, condition, maintenance, and inspection reports.
          • FBI Uniform Crime Reports: 6 tables of crime data gathered by the FBI from law enforcement agencies across the country.
          • ATF Federal Firearms: A listing of federally approved gun dealers across the country.
          • Occupational Safety and Health Administration : Ten databases, one listing companies and inspection results, and three subordinate databases listing worker accidents, hazardous substance injuries and workplace violations.
          • Consumer Product Safety Commission : The CPSC dataset includes information about potential injuries, deaths and investigations related to consumer products. Some of the products include children's toys, bicycles, swimming pools, ATV's (three- and four-wheelers), sports equipment, hobby items, lawn mowers, hair dryers, playground equipment and many more.
          • Storm Events: This database is the official record of storm events in the United States, including tornadoes, hurricanes, tropical storms, droughts, snowstorms, flash floods, hail, wild/forest fires, temperature extremes, strong winds, fog, and avalanches.
          Environment
          • CERCLIS: The Comprehensive Environmental Response, Compensation and Liability Information System (CERCLIS) database maintained by the Environmental Protection Agency contains general information on sites across the nation and U.S. territories including location, status, contaminants and actions taken.
          • Toxic Release Inventory: The Toxics Release Inventory (TRI) consists of information about on- and off-site releases of chemicals and other waste management activities reported annually by industries, including federal facilities.
          Business
          • Wage and Hour Enforcement Database: The Wage and Hour Division of the U.S. Department of Labor is responsible for the enforcement of several labor laws. The database contains information about the violations, penalties, and employers.
          • NAFTA/TAA: Databases include records of petitions by workers, companies and unions for assistance for those who have become unemployed because of an increase in imports or shifts in production to foreign countries.
          • SEC Administrative Proceedings: Cases before the Securities and Exchange Commission administrative judges, who can issue cease-and-desist orders, hand out civil penalties, and bar parties to associate with investment advisers, brokers or dealers. Services Agency.
          • Federal Contracts Data: A database of Individual Contract Action Reports (ICARS) created by the Government Services Agency.
          • Home Mortgage Disclosure Act Data : A database of home mortgage loan requests, information about the requesters as well as the financial institutions.
          • IRS Exempt Organizations: A database of information on tax-exempt organizations.
          • SBA 7a Business Loans database: The database includes information about loans guaranteed by the U.S. Small Business Administration under its main lending program, now known as 7a. The data include loans approved by the SBA since 1953, when Congress created the agency to help entrepreneurs form or expand small enterprises.
          • SBA Disaster Loans: The data contains information about loans made to businesses and individuals as disaster assistance.
          • SBA 8(a) Businesses: This is a list of businesses approved for the Small Business Administration's program for small, minority and other disadvantaged businesses. Federal acquisition policies encourage agencies to award a certain percentage of their contracts to these businesses.
          Federal Spending
          • Federal Audit Clearinghouse Database: The Single Audit database is a great tool for journalists to examine local nonprofits and state or local government agencies that receive substantial assistance from the federal government.
          • Federal Award Assistance Data System: The Federal Award Assistance Data System, maintained by the Census Bureau, includes all federal financial assistance award transactions.
          • Consolidated Federal Funds Reports: A database of all federal money that goes to states, counties and local agencies, including Social Security payments, grants and direct loans.
          • National Endowment for the Arts Data: A database of grant receivers, their projects, and the amount they received.
          Other
          • 2000 Census: this data represents three releases from the U.S. Census 2000.
          • IRS Migration: With the IRS migration data, you can track movement in and out of counties. Moreover, financial information in the data allows you to gauge whether your community is gaining or losing wealth.
          • INS Legal Residency: Information on the characteristics of aliens who immigrated and attained legal residency.




                       SAMPLE ONLY                                                                                                                                                                                                                                                                                                                                   31
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      1. Third Party Sources:
          H. From Genealogical Databases:




            SAMPLE ONLY
                     http://www.rootsweb.com   32
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      1. Third Party Sources:
          H. From Online Resumes:




            SAMPLE ONLY
                    http://www.joblink-usa.com   33
Classifications
of Identity Theft




            SAMPLE ONLY
                    http://www.joblink-usa.com
                                                 34
Classifications
of Identity Theft


      Methods of ID Information Retrieval:
      1. Third Party Sources:
          H. From Other Sources Online:
             •   Sex Offender Lists
             •   Most Wanted Lists
             •   Bail Jumper Lists




            SAMPLE ONLY                      35
Classifications
of Identity Theft




            SAMPLE ONLY
               http://www.mostwanted.com/IN/bounty.html   36
Classifications
of Identity Theft




            SAMPLE ONLY
              http://www.mostwanted.com/IN/bounty.html   37
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          A. Purchasing ID Information from “street people”
             This is a common problem in third world countries where
             there is a large class of people in poverty. Many of these
             people have no hope of ever obtaining a bank loan,
             purchasing a car, or even a nice home. For a few $$ they
             are willing to sell the use of their name, address, and SSN.
             And in the end, if they are ever questioned about crimes
             committed, they can claim their IDs were stolen.




            SAMPLE ONLY                                            38
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          B. Mail Theft
             An ID Thief’s dream is to find in a mailbox a Credit Card
             statement or a Bank Statement. Generally, with the
             information alone on the statement they can perform an
             account takeover. Javelin Strategy & Research claims that
             8 percent of identity theft incidents start because of stolen
             mail.
          C. Move-In Account Takeovers
             A person who moves into a new apartment and receives
             mail from the previous occupant can be easily tempted to
             perform an Account Takeover.



             SAMPLE ONLY                                            39
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          B. Mail Theft
           Identity Theft: Kauai People Too Trusting
           By Pamela V. Brown - Special to The Garden Island
           Posted: Saturday, Sep 11, 2004
           Within the last year there was a rash of residential mailbox theft, including pilferage
           from more than 100 mailboxes in the Kapaa area, Kapua said. Typically mail thieves are
           attracted to outgoing mail, advertised by the little red flags on the sides of mailboxes
           erected to alert letter carriers to take the envelopes to the post office.
           Appropriately enough, thieves call it "red flagging," explained Kathryn Derwey, a 19-
           year postal inspector in Honolulu. "They know the outgoing mail is a payment of some
           type, and probably will contain a check, a name, a signature, account number or Social
           Security number, " she said. "That's how they get the information."
           Thieves use that information to produce new IDs and also to wash the checks - wash
           the ink off to change the payee - or to make counterfeit checks, Derwey said.
           Simply selling newly created identification cards is profitable. "The going rate is $1,500
           for a 'good ID,' an ID card with a good name and mailing address," said Mel Rapozo, a
           Kauai county councilman and co-owner of M & P Legal Support Services, a private
           investigative agency. "With that, they can get a new credit card with a $15,000 credit
           line in no time."


             SAMPLE ONLY                                                                       40
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          D. Stealing Wallets, Purses, Laptops, etc.
             Identity Theft Soars, Remains Lower Tech Crime, Gartner
             Says
             July 21, 2003

             By Keith Ferrell, TechWeb.com
             "The bulk of identity crimes are committed through decidedly old-
             fashioned means," Gartner analyst Avivah Litan said. "Information
             stolen in pre-existing relationships, pickpockets taking wallets and
             purses, mail interception where the thief opens financial mail,
             copies the information and re-seals the envelope all play a large
             part."


            SAMPLE ONLY                                                   41
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          E. Kidnapping
             Grab a victim, collect ransom at ATM: In
             Mexico, small-time kidnapping is big business
             February 2, 2002
             By Lisa J. Adams, ASSOCIATED PRESS MEXICO CITY Miguel Soriano sat in
             darkness, wondering whether he would live or die. Bound and blindfolded, his
             mind was the only thing allowed to run free, flashing memories of his life and
             worst-case scenarios of what could happen to him, his wife and his children.
             "The days became eternal," Soriano said. "I kept thinking the worst, and 'Why
             me?'"Why indeed? This was no millionaire, just the humble owner of five small
             graphic arts businesses. But as Mexico endures an epidemic of kidnaps-for-
             ransom, no one is safe - neither politicians and business moguls nor ordinary
             housewives or even their maids.Grabbed in the middle of the day just two
             blocks from his house in Mexico state, Soriano was held for five days, forced
             to withdraw $2,630 worth of pesos from automatic teller machines and finally
             released after he agreed to pay an additional $14,250 or else his family would

            SAMPLE ONLY
             be killed.
                                                                                   42
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      2. First Party Sources:
          F. Internet Porn Scams
             $650M Porn Scam
             BY JOHN MARZULLI
             DAILY NEWS STAFF WRITER
             Tuesday, February 15th, 2005

             A half-dozen Gambino mobsters copped pleas yesterday to the biggest consumer fraud in
             U.S. history - preying on hapless porn Web site users and phone sex customers in a huge
             $650 million scam.
             Brooklyn U.S. Attorney Roslynn Mauskopf said thousands of customers in the U.S.,
             Europe and Asia were victimized by the vast operation - which pelted dupes with bogus
             credit card and phone bill charges - between 1996 and 2002.
             Operating behind a maze of 64 companies, they lured suckers to X-rated Web sites
             promising "free tours" of the lurid content. The viewers were required to give their credit or
             debit card numbers as proof of age. Then the unwitting victims were hit with charges of up
             to $90 on their card.
             The phone scam did not even require conning the consumer out of their card number.
             Martino and Chanes solicited dupes to call an 800 number for "free" samples of phone
             sex, horoscopes and phone dating.
             Merely dialing the 800 number "trapped" the callers' phone numbers in a computer - and

            SAMPLE ONLY
             they got billed at least $40 a month for unwanted voice mail service.                43
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          G. Social Engineering, i.e., “Pretexting”
             According to the FTC, “Pretexting” is:
             “Pretexting is the practice of getting your personal information
             under false pretenses. Pretexters sell your information to people
             who may use it to get credit in your name, steal your assets, or
             to investigate or sue you. Pretexting is against the law.”

             It should be duly noted that “Pretexting” is a technique often
             employed by Bad Debt Collection Agencies, Lawyers, and
             HeadHunters (Employment Agencies) in order to retrieve information.
             It is important for a Telecom Service Provider to insure that a
             contracted Bad Debt Collection agency is not practicing “Pretexting”.



            SAMPLE ONLY                                                    44
Classifications
of Identity Theft
      Methods of ID Information Retrieval:
      2. First Party Sources:
          H. Email Scams: “Phishing”
                According to the FTC, “Phishing” is:
                “a high-tech scam that uses spam or pop-up messages to deceive you into disclosing
                your credit card numbers, bank account information, Social Security number,
                passwords, or other sensitive information. According to the Federal Trade
                Commission (FTC), phishers send an email or pop-up message that claims to be from
                a business or organization that you deal with – for example, your Internet service
                provider (ISP), bank, online payment service, or even a government agency. The
                message usually says that you need to “update” or “validate” your account
                information. It might threaten some dire consequence if you don’t respond. The
                message directs you to a Web site that looks just like a legitimate organization’s site,
                but it isn’t. The purpose of the bogus site? To trick you into divulging your personal
                information so the operators can steal your identity and run up bills or commit crimes
                in your name.”

               “Phishers” have success rates up to 5% according to the Florida Division of
               Consumer Services.


              SAMPLE ONLY
          See Microsoft Video on Phishing:
                                                                                                    45
                            Day1\Background\Phishing.exe
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          I.   Technological Means: “Pharming”
               Definition of “Pharming” according to Webopedia:
               “Similar in nature to e-mail phishing, pharming seeks to obtain personal or private
               (usually financial related) information through domain spoofing. Rather than being
               spammed with malicious and mischievous e-mail requests for you to visit spoof Web
               sites which appear legitimate, pharming 'poisons' a DNS server by infusing false
               information into the DNS server, resulting in a user's request being redirected
               elsewhere. Your browser, however will show you are at the correct Web site, which
               makes pharming a bit more serious and more difficult to detect. Phishing attempts to
               scam people one at a time with an e-mail while pharming allows the scammers to
               target large groups of people at one time through domain spoofing.”




               SAMPLE ONLY                                                                      46
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          J. Technological Means: “Skimming”
             Skimming is defined as stealing the data off the magnetic strip of a
             card or out of the memory of a “Smart Card”.
             The same technology that reads the information recorded on credit
             and debit cards at the store checkout lane is what the fraudsters use
             to steal the same information off the cards. These fraudsters can then
             steal money and/or steal the Identity associated with the card.




            SAMPLE ONLY                                                         47
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          J. Technological Means: “Skimming”
             This is a Pocket Skimmer that can
             fit inside the pocket of any
             fraudster working at a store or a
             restaurant. With your card in one
             hand and the skimmer concealed
             in the other hand, the fraudster
             swipes the card and all the
             information on the magnetic strip
             is recorded in the memory of the
             skimmer. Skimmers can hold up
             to many hundred card
             informations.
             The cable connects to a computer    Coin for size reference.
             for downloading the information.



            SAMPLE ONLY                                                48
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          J. Technological Means: “Skimming”


           This is a Skimmer installed in an
           ATM in Brazil. It appears to be
           part of the ATM.




            SAMPLE ONLY                        49
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          J. Technological Means: “Skimming”


           Here the Skimmer is now
           identifiable. It was created
           specifically for this model of
           ATM.




             SAMPLE ONLY                       50
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          J. Technological Means: “Skimming”
             In addition to the Skimmer, there was a hidden camera in order to
             record the PIN number entered by the victim. This is especially
             needed for DEBIT cards.




            SAMPLE ONLY                                                      51
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          J. Technological Means: “Skimming”

           Installed was a
           wireless camera with
           a strong long lasting
           battery pack. The
           fraudster can pickup
           and record the
           images remotely from
           a car across the
           street.




            SAMPLE ONLY                        52
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          K. Technological Means: “Sniffing”
             Sniffing is a generic term that means finding information
             by “listening” on a line or monitoring bytes either in
             transit or somewhere between the data entry and data
             reception.
             For example:
             •   Listening for DTMF tones on a standard phone line.
             •   Looking for credit card numbers/passwords in the network packet data in transit
                 in a network.
             •   Spyware recording the keystrokes of a user on a computer.
             •   Spyware looking for key words or phrases in email servers.




            SAMPLE ONLY                                                                      53
Classifications
of Identity Theft
       Methods of ID Information Retrieval:
       2. First Party Sources:
          L. Technological Means: “Trojan Horses,
             Worms, and Viruses”
              Definitions according to Microsoft:
             •      Virus (n.) Code written with the express intention of
                    replicating itself. A virus attempts to spread from computer
                    to computer by attaching itself to a host program. It may
                    damage hardware, software, or information.
             •      Worm (n.) A subclass of virus. A worm generally spreads
                    without user action and distributes complete copies
                    (possibly modified) of itself across networks. A worm can
                    consume memory or network bandwidth, thus causing a
                    computer to stop responding.
             •      Trojan (n.) A computer program that appears to be useful
                    but that actually does damage.



            SAMPLE ONLY                                                            54
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
         L. Technological Means: “Trojan Horses,
            Worms, and Viruses”
             Definitions in relation to Identity Theft:
             •   Virus (n.) Viruses can be used to replicate themselves quickly
                 across a network, but in addition to causing hardware or software
                 problems, they can be coded to look for informations and then
                 send whatever information found to the fraudster.
             •   Worm (n.) Same as a virus.
             •   Trojan (n.) A computer program that someone sends you via
                 email, Instant Messaging, or even SMS that appears to be useful
                 but that actually can either look for information to send to a
                 fraudster, or actually give a remote fraudster control over you PC,
                 thus exposing all your files to him.




            SAMPLE ONLY                                                          55
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          M. Technological Means: “Spyware”
              Definition by Webopedia.com:
              •   Spyware (n.) Any software that covertly gathers user
                  information through the user's Internet connection without
                  his or her knowledge, usually for advertising purposes.
                  Spyware applications are typically bundled as a hidden
                  component of freeware or shareware programs that can
                  be downloaded from the Internet; however, it should be
                  noted that the majority of shareware and freeware
                  applications do not come with spyware. Once installed,
                  the spyware monitors user activity on the Internet and
                  transmits that information in the background to someone
                  else. Spyware can also gather information about e-mail
                  addresses and even passwords and credit card numbers.

          See Microsoft Video on Phishing: Day1\Background\Spyware.exe
             SAMPLE ONLY                                                  56
Classifications
of Identity Theft

      Methods of ID Information Retrieval:
      2. First Party Sources:
          N. Technological Means: “Hacking”
             With the plethora of other ways of getting Identity Information why
             would anyone resort to hacking?
             Answer: It may be the only way to get information from you! And
             there are experts who have the expertise to hack into your system.




            SAMPLE ONLY                                                            57
Classifications
of Identity Theft
       Methods of ID Information Retrieval:
       2. Other Sources:
          A. International IDs
              Now many states are accepting Mexican “matricula consular”
              cards as proof of identity. This has many people worried because
              it is believed that these cards are easy to falsify. The question
              about the validity of the “matricula consular” cards as a proof of ID
              is currently “HOTLY” debated in the US.
              Passports and Visas to the US can be falsified. Belo Horizante,
              Brazil is known for falsifying documents such as passports and
              visas. However, chances are very small that they would work
              going through an Immigration Checkpoint. Instead, these false
              documents serve to help the user to obtain services in the US.
              Using a fake foreign passport and visa would be the author’s
              method of choice.




            SAMPLE ONLY                                                               58
Classifications
of Identity Theft
        Methods of ID Information Retrieval:
        2. Other Sources:
            A. International IDs
                    The required documentation needed for a Mexican
                    Citizen to obtain a “Matricula Consular” Card:
            (taken directly from the Mexican Consulate in San Diego Website. http://www.sre.gob.mx/sandiego/ )


                    One of the following documents:
                    •      Mexican Birth Certificate
                    •      National ID Card
                    •      National Mexican Official Declaration
                    •      Mexican Passport
                    •      A High Security Matrícula Consular Card

                    Prove identity with a photo-ID such as:
                    •      Voter registration card with photo
                    •      Mexican Driver’s License
                    •      California Driver’s License
                    •      Mexican School ID with Photo
                    •      Mexican Passport with Photo


             SAMPLE ONLY
                    •      Whatever “official” document with photo either from Mexico or California
                                                                                                                 59
Classifications
of Identity Theft
        Methods of ID Information Retrieval:
        2. Other Sources:
            A. International IDs
                    The required documentation needed for a Mexican
                    Citizen to obtain a “Matricula Consular" Card:
            (taken directly from the Mexican Consulate in San Diego Website. http://www.sre.gob.mx/sandiego/ )


                    Prove local residence with:
                    •      Utilities receipts (gas, electricity, telephone, water, etc.)
                    •      Rent Payment Receipt
                    •      Medical document
                    •      A letter with name and address.
                    •      Other documents that show name and address.


                    Cost: $27.00




             SAMPLE ONLY                                                                                         60
Classifications
of Identity Theft
        Methods of ID Information Retrieval:
        2. Other Sources:
            A. International IDs
               The Matricula: Good for Everything
               and for Everybody?
               March 18, 2005
               Jorge Mújica Murias – La Raza
               The Executive Committee of the Illinois Senate this week approved
               with minor discussion SB 1623 introduced by Martín Sandoval. This
               bill would oblige state authorities at all levels to accept consular
               matriculas as official identification documents.
               The bill defines the matricula as official identification issued by a
               foreign government through its consulates to its citizens living abroad.
               SB 1623 directs all offices and local authorities in the state to accept
               matriculas as valid identification, although it does not forbid their
               requesting other documents to confirm the information. This includes,
               for example, all police departments in Illinois. The senator says this
               law will help immigrants identify themselves while at the same time
               benefiting the police and financial institutions, improving their relations
               with immigrants.


            SAMPLE ONLY                                                                      61
Classifications
of Identity Theft

         Methods of ID Information Retrieval:
         2. Other Sources:
             Q: Is it possible to Steal an Identity without having
                 access to Identity Information?
             A: Consider the case of Clip-on Telephone Fraud.
             A: Consider the case of Cellular Cloning.
             If we assume that just because the originating
                 number is associated with an identity, then we
                 can make the mistake of providing credit to
                 someone other than the True Identity.




            SAMPLE ONLY                                          62

								
To top