Electronic Intrusion &
Scams To Get Your Money
• Identity Theft is a crime in which an
impostor obtains key pieces of personal
identifying information such as Social
Security numbers and driver's license
numbers and uses them for their own
personal gain. This is called ID Theft.
• It can start with lost or stolen wallets,
pilfered mail, a data breach, computer
virus, phishing, a scam, or paper
documents thrown out by you or a
business (dumpster diving). This crime
varies widely, and can include check
fraud, credit card fraud, financial identity
theft, criminal identity theft, governmental
identity theft, and identity fraud.
• Hundreds of credit and debit card holders
appear to have been victims of a
nationwide data theft carried out against
Heartland Payment Systems, which
processes cards for 250,000 restaurants,
retailers and other businesses.
• The stolen data includes names, credit
and debit card numbers and expiration
• A new cyber attack designed to steal the
login details of users on sites such as
Facebook and Yahoo has been flagged as
potentially more dangerous than the
• The Kneber botnet, a new form of malware
which has so far infected over 74,000
computers worldwide and has attacked
over 2,500 corporate accounts.
• The botnet extracts name, address, social
security number, credit card number and
other sensitive information stored on
• Merck & Co., Paramount Pictures, Juniper
Networks and Cardinal Health are among
some of the companies hit by the botnet.
• A special agent for the FBI announced the
arrest of an employee for AIG who stole a
computer server with the personal
information for over 900,000 policy
• A woman exploited a loophole in D.C. tax
office online systems to gain access to
taxpayer accounts, establish herself as the
owner of dozens of businesses and file
returns on their behalf.
• Within 48 hours she was able to establish
herself as the owner of the 76 businesses
and gain access to their business
• Govtrip.com, which handles travel
reservations for U.S. government agencies
has been infected with a virus. The
departments of Agriculture, Energy,
Health, Interior, Transportation, and
Treasury use the site to book travel
• Govtrip.com also is used to reimburse
workers via direct deposit, which means
that many federal employees' checking
account information is stored there as well.
Who are these thieves?
• Organized Crime in the US and Russia
• Narcotics users - strong link to meth addicts
• Opportunists who see an opening
• Desperate people taking desperate actions
• Family members or someone close to you
• There is no accurate profile for an identity thief.
• They love the challenge, adrenaline rush and
money…..and this may be their full time job.
• Or, it can be a casual one-time event when they are
presented with an opportunity.
• Most thieves recognize there is much less risk in
identity theft than most common crimes, and a
relatively high return on the time invested.
• Of those who know how they were victimized, more
than half of the criminals were family members, or
other close acquaintances.
You are at risk
• Just like you can’t totally protect your
home from burglars, you can’t totally
protect your identity or your finances
• However, there are things you can do
which reduce the likelihood that you will be
a victim of identity theft or hackers or
Why can’t I be totally
• Because a lot of the information which
could be used for electronic theft is not
under your control.
• Information on your name. social security
number, address, maiden name,
birthplace, birthdate, and high school
mascot, can often be found someplace on
the internet or in computers beyond your
Total security isn’t possible
• Your credit card number is stored in the
computers of dozens of businesses,
• When you hand over your credit card to
your waiter, everything needed for credit
card ID theft is out of your sight for several
• Even large corporations with millions of
dollars invested in security cannot keep
hackers out of their computer systems.
Types of vulnerabilities
• Credit card records stored at companies
you do business with.
• Physical security of financial information
• Electronic access to your computer by
virus, worms, trojans, keystroke recorders,
and other types of malware.
Credit card records stored by
companies you do business
• You have no way of determining how
effective security is at Joe’s Online Books
or Aunt Judy’s Fashion Boutique, or
Pottery Barn, or Nordstroms.
• Larger companies probably have better
security, but they are also more lucrative
https versus http for financial
• When you are online and giving out
personal or financial information, check to
see the if the URL (internet address) you
are communicating with starts with the
letters “https” and not the ordinary “http”
• The “S” at the end means you are on a
secure website which encrypts
(scrambles) your information as it is being
transferred via the internet, and
unscrambles it at its destination.
• Using https for financial transactions is
one of the most basic elements of a
secure business web design
• If you are asked for financial information,
credit card numbers, or anything sensitive
by a site which doesn’t begin with https,
you can assume they do not have any
• Do not do business with them over the
Can I phone my order to them?
• The lack of https is a tip off they don’t have
• If you order by phone, your name and
credit card number are entered into the
businesses sales computer records.
• A business with poor security could be an
easy target for hackers.
• Your information might not be
compromised today, but could be at risk in
What can I do?
• When ordering over the internet or the phone, the
goal is to not leave behind your credit card
number on the merchant’s computer, even if it is a
large well known company.
• Many sites will accept PayPal for payment. You
set up a PayPal account, give them your credit
card number, and after that you will no longer
have to give your credit card number to a
merchant who accepts PayPal.
• Since the merchants never see your credit card
number, they can’t store it.
“One Time Use” Credit Card
• Citibank and some other credit card
issuers have a service that provides a
valid acceptable credit card number which
is linked to your real credit card
number……but can only be used one time
• If this One Time Use” number is left on the
merchants computer, it is of little concern.
• If the comuter is ever hacked and they
attempt to use the card number, the
transaction will not be approved.
One Time Use or Virtual
• Open the credit card program on your
computer, enter your passwords, and get
an image of a credit card on screen.
• The screen credit card has your name, an
expire date, and a 3 digit security code,
just like a physical credit card would have
• This is also very useful for subscriptions
that want to “auto-renew” your
subscriptions if you don’t tell them not to.
Some merchants will give you
• Some merchants will ask if you want your
information retained on their computers
• Or, they will ask if you want your credit
card number retained in their files.
• If you say “NO” you will have to give the
information again next time you purchase
from the site, but your credit card number
is not disclosed if their computer gets
Another alternative – Prepaid
• Generally not recommended because of
the fees incurred, but does provide
protection against ID theft.
• You can only lose the amount in the card
and it is of no use in trying to set up
• Don’t carry every credit card you own. If you lose
your wallet or purse you will have to cancel all that
were lost, leaving you with no credit cards for some
period of time
• Have your spouse carry different credit cards than
the ones you carry. If one of you lose a wallet you
will have to cancel those cards, but your spouses’
cards will still work.
• Notify your credit card company before traveling
overseas and have the phone numbers to cancel
the cards you carry.
Checking Account Debit Cards
• Theft of a debit card can give the thief access to
your checking account, so use extra caution. If
you shop on the Internet, don’t give out your
debit card number online.
• Since purchases made with a stolen debit card
are equivalent to someone taking cash directly
out of your bank account, you may experience
financial difficulties while you are working with
your bank to reverse the charges.
• If your debit card is lost or stolen, report it
immediately by phone then follow up with
notification in writing. Federal law limits
your liability to $50 if you report your loss
promptly. Keep receipts and compare
them with your bank statements, and
immediately report any discrepancies. You
will have to contact your bank to get your
Debit versus Credit
• If a perpetrator does get hold of your bank
card, the damage he can do is limited by
the amount you have sitting in the
bank. Moreover, banks usually credit back
the amount stolen in short order once a
breach has been established.
Debit Versus Credit
• If, on the other hand, a thief gets his hands
on your credit cards, not only can he use
those to the maximum but he can also use
the information on each one to create
multiple new accounts in your name. As
many identity theft victims already know,
the damage that can be done once new
accounts are opened in your name is far
greater and takes far longer to rectify.
• Although locally there is not much identity
theft from people sifting though trash, it
can’t hurt to shred everything containing
– Bank account numbers
– Brokerage account numbers
– Your social security number
– Credit Card offers
• When mailing checks, use a secure
mailbox to mail them.
Reduce the amount of junk
mail and credit card offers
• If you don’t want the three major credit
bureaus selling your name to advertisers
you can call 888-567-8688 and “opt out”
for 2 years.
• Or, for an even wider net to remove junk
mail Google for “Stop My Junk Mail Now”
• When people are going to be in your home
– Lock up your wallet and credit cards
– Lock up your financial and bank statements
– Turn off your computer
• Information theft often occurs from
documents laying about in the home.
• Unfortunately it is often someone close to
you who is tempted
Identity Theft By Creating
How can someone get a
credit card in my name?
• All that is needed is your social security
number, your birth date and other
identifying information such as your
address and phone number. With this
information, (and perhaps a false driver’s
license with their own picture), they can
apply in person for instant credit, or
through the mail by posing as you.
Hello Mr. Smith, I’d like to talk
to you about your unpaid bill
with Mellon Bank
• Often this is the first indication you have a
problem….particularly if you don’t have a
credit card or account with Mellon Bank
• Someone may have taken out a credit
card in your name and had the statements
sent to a different address so you won’t
find out about the existence of the card.
Unknown Credit Cards
• Because the statements demanding
payment are mailed to another address
you never receive them.
• When the bank turns over the delinquent
account to a credit collection agency, they
use your name and “former address” to
track you down and call you.
• This type of identity theft is very hard to
protect yourself against.
What you can do
• 3 times a year, get a free credit report from
the 3 major credit rating agencies and look
over the statement closely for any activity
that seems suspicious.
• Enroll in a service that monitors these
three agencies and sends you information
about anything unusual occurring in your
Free Credit Report.com
IS NOT FREE
• Heavily advertised on TV,
FreeCreditReport.com is very misleading
in it’s name and advertising.
• The free credit reports required by law are
found only at AnnualCreditReport.com
• Free Credit Reports.com will send you one
“free credit report” but also signs you up
for a $15 a month reporting service.
Small print disclosure on Free
“When you order your free report here,
you will begin your free trial membership
in Triple Advantage SM Credit
Monitoring. If you don’t cancel your
membership within the 30-day trial
period, you will be billed $14.95 for each
month that you continue your
• There are many companies now offering
Identity Protection Services for a monthly
• These services may be of value but you
need to research the offerings carefully
• One summary of these services can be
protection_services/compare.php (this is a
paid referral site and may be biased)
For Strong Protection
Consider a “Credit Freeze”
• In California you have the right to instruct the
three major credit agencies to not reveal any
information about your credit status to anyone
• If someone tries to open a credit card in your
name, the card company will attempt to run a
credit check, but they will be told they cannot
have your information.
• Usually the car company will not issue a card if
they cannot access your credit history.
• While you have the credit freeze in place you will not
be able to
– Get a new credit card
– Take out a mortgage
– Get a new car loan
– Be hired for a new job
– Open a new brokerage account
• All of these activities require a background credit
check which is blocked.
• To remove the credit freeze usually requires 3 days
• Fees are $10 ($5 for seniors) to freeze or unfreeze
each account for each person.
Identity Theft Insurance
• There are insurance products being offered
which will insure you against monetary loss due
to identity fraud.
• Read the policies carefully. Debit/Credit card
losses due to identity theft are limited to $50
under federal law if reported promptly.
• Check to see whether the policy will cover
diversion of your bank account funds, brokerage
account, and other types of losses which may
not protected under Federal law.
Identity Theft Insurance
• In many instances of identity theft the
personal time and effort required to refute the
bogus claims are substantial (40 + hours)
• Most of the identity theft policies do not
reimburse you for your personal time in
resolving the problems.
• Read some reviews of Identity Theft
Insurance before you decide to sign up.
What is a very common way
for your confidential
information to be
They ask, and you give
them the information
These are know as “Social
• The thieves trick you into believing they
are someone else.
• They could claim to be
– Your bank
– The Internal Revenue Service
– Your credit card company’s fraud dept.
– The Census Bureau
– Any other organization or person
On the phone
• If you receive a phone call from someone
who wants to “confirm” information about
you or your accounts.
• Ask for their name, phone number and
extension and say you will return their call.
Often, if it is a scam they will hang up.
• If you do get a name and number, don’t
call that number back. You still have no
idea who you are talking to.
On the phone
• Instead, get a phone number from your
paper statement, out of the phone book, or
from some other known reliable source.
• Call the known good number and ask for
the fraud department. Tell them about the
phone call and ask if this person and
phone number is a representative for the
• Ask them to transfer you to the number
you were given.
On the phone or by email
• Because of all the fraud and identity theft,
no reputable company will ask you to
confirm personal information over the
phone or by email. If you get such a call or
email…you should be not respond.
• Usually information request will include
some kind of threat or deadline…..if you
won’t confirm your EBay account
information your account will be closed.
Typical Scam Email
Dear Bank of America customer:
During our regularly scheduled account maintenance and
Online verification procedures, we detected a slight error in
your account information. This might be due to either of the
1. A recent change in your personal information ( i.e change
2. Submitting invalid information during the initial online
banking enrollment process.
Please update and verify your information by clicking the link
Dear Amazon Customer,
You have received this email because we have
reason to believe that your Amazon account has been
recently compromised. In order to prevent an fraudulent
activity from occurring we are required to open an
investigation in this matter.
Your account is not suspended, but if in 36 hours
after you receive this message your account is not
confirmed we reserve the right to terminate your Amazon
To confirm your identity with us click the link below –
Census Scams in person,
phone or email
• The Census does not utilize emails. Any
email from them is a fake.
• Census workers may contact you in
person, by phone, or by mail
• Census workers may ask for basic
financial information such as a salary
range, but they will never ask for Social
Security numbers, bank account numbers,
or credit card numbers
• One new scheme is an e-mail, purporting to be
from the IRS, accusing the recipient of having
underreported their income. The victim is asked
to download an attachment that the sender
claims is the relevant part of the victim's most
recent tax return. Of course, the attachment is
actually a virus.
• A similar scam relies on people's fear of an audit
to get them to download a bogus information
form. If the victim doesn't complete and return
the form, the e-mailer, posing as an IRS
representative, threatens to levy penalties and
On the internet
• Emails are often used to lure you to a site
that looks like a legitimate site but is not.
• When you click on a link in an email you
have no idea who you are really in contact
with. It may look like your Bank of America
On-line Banking website…but it is an
organized crime site in Russia.
• When you sign in with your name and
password at the fake website, they have all
they need and can now get into your bank
On the internet
• In the past you could sometimes tell that
the site looked crude or had misspelled
words giving you a clue it was false
• Today the fake web sites are perfect
replicas and not even the experts can tell
them from the real web sites.
• Your only safety lies in how you initiate
your contact with the web site. Don’t use
links in emails.
Of Doubtful Value
• Identity Theft is a large enough problem to
attract many programs and services of
• Such things as “Check Fraud Prevention Pens”
are now available.
• Some crooks do steal checks and then use
chemicals to erase the payee and the amount
written. The pens prevent this erasure.
• But the incident rate of chemically erased
checks is so low it makes the pens questionable.
• Buyer beware. Some of the protection from
scams are scams themselves.
Leaving your computer
unprotected is like leaving
your door unlocked in a bad
The Basic Minimums
• An anti-virus program with automatic
updates and scans
• A anti-spyware program with automatic
updates and scans
• Windows set for automatic updates and
• Don’t open (or even preview) emails from
people you don’t know
• Don’t click on links in emails
• Don’t let your grandchildren have access
to your computer. Their music
downloading and file sharing activities are
frequent sources of malware infections.
• As part of its updates - Microsoft provides
the Malicious Software Removal Tool.
However, when it downloads it only runs a
quick scan. Monthly you should launch
the tool and run a full scan and removal.
This may take several hours.
Launch with – “Run MRT”
Why are Microsoft Updates
• To continue with the locked door analogy,
your anti-spyware anti-virus programs
constantly check to see that the front door
is locked and look around the rooms to
see no one is hiding.
• However almost every week Microsoft
finds out that some other door or window
of your house is unlocked and suggests
you go lock it (install the update)
Why are Microsoft Updates
• But MS doesn’t come to your house and
lock the door or window for you. You have
to do it (install the update)
• Microsoft’s announcement of your
unlocked door or window has also been
broadcast to all the crooks in town.
• The crooks now know where to try to enter
your house if you don’t take action and
lock the door or window…..by installing the
Which Internet Browser are
NSS Labs Testing
Which Internet Browser are
NSS Labs Testing
Use Protected Search Providers
• Internet search providers who take you to
sites which will install malware on your
computer are not very helpful
• Google and Bing have features to help
protect you from visiting malware
downloading web sites
• Just seeing a web page is enough to
become infected. You don’t have to click
• There are know as “drive-by downloads”
Searches using the new Bing
Search Engine from Microsoft
• "Bing's malware detection consists of two
things," a Microsoft spokesperson said.
"The first is Drive-by-Download detection
where Bing warns the end-user that the
site is hacked and won't take them directly
to the site when they click, instead
providing a warning. Secondly, for social
engineering malware sites, Bing manually
blocks such sites from showing up in the
Which Security Software?
• Microsoft now offers the free “Microsoft
Security Essentials” for basic protection. It
has won recent awards for the best FREE
software security protection
• PAID providers such as McAfee, Norton,
Kasperski and others receive high marks
in comparison tests.
• NONE OF THEM WILL STOP 100% OF
THE ATTEMPTS MADE ON YOUR
• Some business security analysts are now
suggesting that the only way to keep your
small business on-line banking totally safe is
– Have an isolated computer which is used for
nothing but banking transactions
– Which is physically disconnected from the
internet except when in use for banking.
– Your risks at home for internet banking and
buying are lower, but they still exist.
• I find the convenience worth the risk, but I
still check my statements very carefully as
soon as they arrive each month. Checking
them frequently online is even better.
Fake Security Alerts –
Antivirus 2009 Can Hijack
Your Google Home Page
• Looks Official
• Supposedly performs a scan of your
computer and finds numerous infections
• It is entirely fake – just an attempt to get
you to send them money
• If this shows up on your screen, don’t click
on anything or attempt to close the
window, just shut off your computer
• Some malware reveals itself. If you are seeing
suspicious pop-ups, unwanted toolbars,
redirects, strange search results, inability to
access your security provider, computer
suddenly running very slow, or other unexpected
behavior – you may have been tricked into
installing malicious software on your computer
• Some malware doesn’t reveal itself. It quietly
steals information with letting you know
• Be sure your computer is automatically scanning
whether you have symptoms or not.
What to do if you get infected
• If you have been doing backups of your
personal information you have several
• The surest method to eliminate infections is
to wipe your hard drive clean and reinstall
windows, your application software, and
your data. This fixes 100% of infections
• If you don’t have backups for your important
data, you have fewer options.
Best Automated Backup
• Carbonite – on line
• Seagate Replica
external hard drive
with built in
of your entire
computer all the
Without personal data backups you
must try to fix your computer
• Turn off System Restore (prevents reinfection)
• Run the scan and repair activities in your
• Run the malicious software removal tool
supplied by Microsoft
• Look online for repair fixes under the name of
the bug you are infected with
• Run other analysis programs such as
Spyware Doctor with Anti-Virus which is
available as a part of Google Pack
• If malware is preventing your computer
from starting properly, use a bootable anti-
virus CD to scan and clean your files. This
sometimes works when other solutions fail
• If these steps will not fix your computer,
get professional help.
• If your computer is several years old, and
• If you have backups of your important data
• Consider whether you want to invest $100 to
$200+ to get your computer virus fixed.
• You can buy some excellent computers now for
under $500 which have all the latest operating
systems and probably run faster than your
• A new computer may be a smarter alternative
than investing money in fixing an old computer.
• At the least, put a limit on how much you will pay
to have your old computer repaired.
• Be careful revealing information
• Freeze your credit reporting
• Keep your credit card numbers out of as many
computers as you can
• Minimize your wallet contents and don’t lose it
• Keep your computer protected and updated
• Back up your computer data so you have
alternatives if you become infected with malware.
• Check your statements carefully when they arrive
Best Sources For Information
on Identity Theft
• The Identity Theft Resource Center
• Federal Trade Commission -
Fighting Back Against Identity Theft