identity by hedongchenchen

VIEWS: 16 PAGES: 25

									  Simple Ways to Protect
Yourself From Identity Theft

               Jay Ferron,
  CISM, CISSP, MCSE, MCDBA, MCT NSA-IAM TCI
             Questions
Use the Internet?
Use on-line banking, pay bills on-line?
Have kids using the internet?
Know anyone who has been a target?
Think you have already been a target?
Does your computer seem possessed?
               Agenda
What Information are the bad guys after
What bad things can happen to you
How they get your information
How to prevent becoming a victim
How to recognize if your information has
been stolen
What to do if you are a victim
  What are they looking for?
Social Security Number
Mother’s maiden name
Birth date
Billing Addresses
Email Addresses
Account Numbers
Passwords
How is your information abused
Physical (offline) theft used for:
    New Account Fraud
    Check Forgery
Information stolen on-line used for:
    Unauthorized checking account transfers
    Stolen credit card purchases
    Illegal credit card advances
    Acquiring other services in your name
    Cyberstalking and Cyberharassment
How they get Your Information
Stealing your mail and dumpster diving
Phishing
Internet scams
Spyware
Public Computers and Networks
Inadequate computer security
You actually give it them
Stealing your mail and Dumpster
             Diving
Get a shredder
Use a post office box
Pay attention to missing mail
Oracle chief defends Microsoft snooping
By Wylie Wong
Staff Writer, CNET News.com
June 28, 2000, 3:10 PM PT

  Oracle chief executive Larry Ellison today defended
  his company's decision to hire detectives to
  investigate two research groups that supported
  Microsoft during the antitrust trial.
  Oracle hired Investigative Group International to
  probe two research organizations, the
  Independence Institute and the National Taxpayers
  Union. The company sought to verify links between
  Microsoft and the organizations during its antitrust
  trial--and even tried to buy trash from another
  research group with close ties to Microsoft.
  Oracle told Bloomberg News today it discovered
  that the two organizations were misrepresenting
  themselves as independent advocacy groups when
  they were in fact funded by Microsoft. Oracle said
  the company hired the detective agency because
  the organizations were releasing studies supporting
  Microsoft during the antitrust trial. The financial ties
  between the organizations were reported by The
  Wall Street Journal and The Washington Post.
              Phishing
Rapidly spreading
Victims are more prone to fraud
Internet scams
             Spyware
Gets in through kids down loading games,
music off the Web.
Peer to Peer sharing networks
Some screensavers
Keyboard loggers
Some “Free software”
                 Spyware
Spyware is software that reports where
you go and what you do on your computer

Software to test for and remove spyware
   Spy Cop
   Ad-Aware – Lavasoft –
   Microsoft Anti-Spam – (Free)
 Phishing & Spyware combines to create problems !

Sample E-mail Below is a sample of a fraudulent e-mail that's been sent to
Citibank customers. It purports to be from Citibank, but it is not. Its intent is
to get you to enter sensitive information about your account and to then use
this information to commit fraud.

This E-mail used spyware to add use name and credit card and last login
date to the e-mail !!!!
Public Computers & Networks
Kiosks
Wireless Hot spots

What did the person before you do ?
What will the person after you do ?
Inadequate Computer Security
Worms and viruses
Does your computer seem possessed?
  Fizzer Worm Is on the Move
The Fizzer worm continued to spread rapidly late
Monday afternoon as anti-virus experts raced to
analyze the code of what they called one of the more
complex worms in recent memory.
The worm is 200kB of code spaghetti, containing
backdoors, code droppers, attack agents, key loggers
and even a small Web server. Fizzer includes an IRC
bot that attempts to connect to a number of different
IRC servers and, once it establishes a connection,
listens passively for further instructions.

The keystroke logger records every typed letter and
saves the log in an encrypted file on the infected
machine. If the infected PC has the Kazaa file-sharing
program installed, Fizzer also has the ability to find the
default download location for Kazaa files and copy itself
to that folder.
         Social Engineering

EULAs
Don’t disclose any personal information
   Passwords
   Your mothers maiden name
How to Know if you’re in Trouble
Review your statements within the your
account’s dispute period.
Periodically check your credit report
through a Credit Bureaus such as Equifax,
Experian, TransUnion
You get a call from a collection agent
What to do if You Are a Victim
Contact all of your banking, credit card,
mortgage, etc.
Contact the police
Report it to the Federal Trade Commission
Prepare an ID Theft Affidavit and
Fraudulent Account Statement
      How to Protect Yourself
Two additional Brown Bag Sessions:
   Securing Your Home Computer
   Configuring Your Home Network
Wipe out the hard drive when disposing of
computers –
   Active KillDisk (Free)
   WipeDisk
   BCwipe
Questions

								
To top