Identity Theft

One of the Fasting Growing Crimes in

America and Beyond
Objectives
Ability to define the term “identity theft”
Ability to determine if someone has
been a victim of identity theft and if so
actions to be taken
Ability to identify methods to prevent
identity theft
Ability to identify resources for more
information on identity theft
Introduction – What is Identity
Theft?
According to the Federal Trade Commission,
Identity Theft is the fastest growing crime in
America
Stealing someone’s personal information and
using it to assume someone’s identity
The fraudulent use of personal information to
open new accounts and/or purchase items
using existing accounts
Identity Theft – No Little Problem
Identity theft is one of the fastest growing crimes in
America
"Identity theft is a big-ticket item in terms of money
and time according to Howard Beales, director of the
FTC's Bureau of Consumer Protection.”
Cost to consumers in 2002
$5 billion in expenses
Cost to businesses in 2002
$50 million
[ 1] http://www.washingtontimes.com/functions/print.php?StoryID=20030903-095305-3951r 06/7/2004
Identity Theft – A Federal Crime
The Identity Theft and Assumption
Deterrence Act of 1998 made Identity Theft a
federal crime.
Identity theft occurs when someone
knowingly transfers or uses, without lawful
authority, a means of identification of another
person with the intent to commit, or to aid or
abet, any unlawful activity that constitutes a
violation of the Federal law.
How Personal Information is
Gathered
Dumpster diving
Personal information,
when stolen from your
property either through
dumpster diving or
theft, provide a criminal
with a wealth of
information with which
to open new accounts
or use existing
accounts
Shredder – Necessary Equipment
To minimize your risk
of identity theft, be
sure to shred all
unused convenience
checks, credit card
offers, credit card
receipts, bank
statements, pre-
approved loan offers,
and canceled checks
How Personal Information is Collected
Through Legitimate Business Records

Recently personal medical files for hundreds

of patients were found discarded outside a
medical clinic. Identity thieves could have
used these files
Businesses are required by law to protect
their client's personally identifying information
and to discard these files safely
Thieves steal valuable personal information
from customer files and personnel files
Phishing
Creation of a phony web site pretending to
be a legitimate company

Sending email to the victim impersonating

(spoofing) a legitimate company

The criminal collects personal and

financial information such as credit card
and Social Security numbers
Phishing Example
One recent phishing ploy spoofed an AOL web page.
The perpetrator had used authentic AOL logos and
other genuine hyperlinks in the email message sent to
the victims.
He told the victims that there had been a billing error.
It directed the victims to click on an embedded
hyperlink, which when clicked took the unsuspecting
user to a phony web page, that had been created to
look much like the company's authentic web site, and
from which the thief collected personal and financial
information
The Phony AOL Web Form

http://www.millersmiles.co.uk/identitytheft/AOL-email-scam-1115521443a.htm
Federal Laws Concerning
Phishing
Identity theft - 18 U.S.C. § 1028 (a)(7)
Wire fraud - 18 U.S.C. § 1343
Credit card or access device fraud 18
U.S.C. § 1029
Bank fraud 18 U.S.C. § 1344
Computer fraud 18 U.S.C. § 1030 (a)(4)
CAN-SPAM Act 18 U.S.C. § 1037
Federal Crime & Punishment
Bank and wire fraud - up to 30 years in prison

Identity theft and credit card fraud - up to 15 years in

prison

CAN-SPAM Act violations - up to 5 years in prison

According to the U.S. Department of Justice,

individuals convicted of these crimes may also face
substantial fines and
forfeiture of his/her property
Social Engineering
Con Game - tricking a
person into revealing
information
Memorizing access
codes and passwords by
shoulder surfing (looking
over someone's
shoulder as they log in )
Pretending to be an
employer, loan officer or
landlord to fraudulently
obtain your credit report
How to Prevent Identity Theft
Education Make online purchases
only with companies
Coalition on Online
having secure
Identity Theft connections
Padlock your credit file Never give out your
Check your credit report personal information
annually over the phone unless
you initiated the call.
Share personal
information only with Never have your Social
Security number printed
people and companies
on your checks
you trust
How to Prevent Identity Theft
Part Two
Never leave personal Never keep passwords
information on your to financial data on your
computer without having computer.
a firewall in place. Likewise never keep
After opening your mail, your ATM or credit card
shred all unused credit pin numbers in your
card offers, unused wallet or your car. If
convenience checks, and either are stolen, the
any other pieces of mail thieves have instant
that include personally access to your
identifying information. accounts.
How to Prevent Identity Theft
Part Three

Never use your If the amount of mail

mother's maiden name, you normally receive
the last four digits of drops suddenly; contact
your Social Security your post office to make
number, your birth date, sure no one has
your pet's name, or any fraudulently filed a
other easily recognized change of address card
letters and numbers as for your address.
your pin number or
passwords.
How to Prevent Identity Theft
Part Four

Review all credit Shred all expired

card transactions credit cards before
each month when putting them in the
you receive your trash.
credit card
statement.
How to Prevent Identity Theft
Part Five

Install a locking mailbox to ensure the

security of mail delivered to your
home.
Mail all payments and other
documents with personal or financial
information from the post office or at a
postal drop box, never from your
mailbox.
Thieves may take your checks from
unsecured mailboxes and bleach
them so they may be used again.
Prevention of Identity Theft by
Education
People must be educated as to the value of
information
They must be trained to protect information
(even if the information they have access to
appears to be of relatively low value)
People must be made aware of what social
engineering is and how social engineers
operate.
Checking a Web Site’s Security
Certificate
Check the security certificates for web sites from
which you purchase products or do other financial
transactions
Go to the web site and click on the VeriSign Secure
Site link to verify that the security certificate is in the
same name as the company.
If the company name listed there doesn't match the
company owning the site, be wary of submitting
financial information. Security certificates are
sometimes held in the parent company’s name.
Checking for Secure Web Sites
Check the URL (the web address) of the
web site you are doing business with
Whenever you are entering your credit
card information or other financial
information when ordering online, the
address should display https, rather than
http, if you are connecting to a secure
web site; ex. https://amazon.com/cgi-
bin
Checking Security Features When
Using Netscape Navigator
To check the security in
Netscape, look at the padlock in
the lower right corner.
unlocked = not secure
locked = secure
To check the level of encryption,
left click the lock in the lower
right-hand corner of the page. A
pop up window will appear and
tell you whether or not the page
you are viewing is encrypted
and what type of encryption is
being used.
Checking Security Features
When Using Internet Explorer
When using Internet Explorer as your
browser, open the page whose security
you want to check.
Right click on the page and then go to
properties.
When you click properties, a pop up
window will appear with information on
the site's security.
What to Do If You Become a
Victim of Identity Theft
Call the Federal Trade Commission’s Identity
Theft Toll-free Hotline (877 – IDTHEFT)
Call all three of the major credit bureaus
Experian - 1-888-397-3742
EquiFax - 1-800-525-6285
TransUnion - 1-800-680-7289
For identity theft involving student information or
federal education funds, contact U.S. Department
of Education, Office of Inspector General
1-800-647-8733
What to Do If You Become a
Victim of Identity Theft
File a police report as soon as possible
Contact your creditors for all affected
accounts
"A "fraud alert" will be automatically placed on
each of your credit reports within 24 hours. This
alerts creditors to call you for permission before
any new accounts are opened in your name.
Not all creditors pay attention to "fraud alerts." You
need to stay vigilant for any new accounts that
may be opened.“ [1]

[1] http://www.bankrate.com/brm/news/credit-management/identity-theft.asp 6/22/04

What to Do If You Become a
Victim of Identity Theft
Also make your complaints in writing, asking
each creditor to provide you and any law
enforcement agencies investigating the crime(s)
with copies of all documentation that shows
fraudulent activity.

By making your complaint in writing, you are

documenting the time and date when you
became aware of the incident. This may protect
you from responsibility for additional charges.
Fighting Identity Theft
Federal Trade Commission

Internet Fraud Complaint Center

U.S. Department of Justice

Identity Theft Resource Center (ITRC)

Operation E-con
Federal Trade Commission
This federal agency, created in 1914 to eliminate
unfair methods of competition and unfair or
deceptive practices concerning commerce, is now
focused on the growing threat of identity theft
2003 - 42% of the complaints received by the
FTC concerned identity theft.
Training seminars are available for investigators
and prosecutors on how to access the FTC's
Consumer Sentinel database, an identity theft
resource, which can securely access the nearly
200,000 complaints filed before June 2002.
Internet Fraud Complaint Center
A joint effort between the FBI and the
National White Collar Crime Center that
investigates complaints of fraud perpetrated
on the Internet.
This organization acts a hub for complaints
and can analyze data to quickly identify new
Internet crime trends.
The IFCC also can then make referrals to the
appropriate law enforcement agency.
Internet Fraud Complaint Center
Complaints can be made 24/7, directly to the IFCC, using the
online complaint form. Directions on how to file a complaint are
found at: http://www1.ifccfbi.gov/strategy/howtofile.asp
Victims have come forward from 89 countries
Auction fraud accounts for almost two-thirds of all complaints
received by the IFCC
Authentic Ebay addresses
http://cgi3.ebay.com/
http://arribada.ebay.com/
Phony Ebay addresses
http://signin.ebay.com@10.19.32.4/
http://signin-ebay.com/
How to Identify the Source of Email
Identity Theft Resources
U.S. Dept. of Justice - http://www.usdoj.gov/
Fraud Section
Identity Theft Resource Center (ITRC)
http://www.idtheftcenter.org/index.shtml
FAQ's on identity theft
Contains alerts and information on new identity
theft scams
Includes a guide to organizing an identity theft
case
Operation E-Con
A joint effort by the FBI, the U.S. Secret Service,
the Dept. of Justice, the U.S Postal Inspection
Service, the Federal Trade Commission along
with National White Collar Crime Center (NW3C)
and local and state law enforcement agencies
aimed at prosecuting world wide Cyber Crime,
including Identity Theft.
Prosecution of 130 subjects
90 investigations involving 89,000 victims with
estimated losses on nearly $200 million. [1]

[1] http://www.ifccfbi.gov/strategy/ifcc-econbrief.pdf. 6/23/04

New Identity Theft Laws
Fair and Accurate Credit Transactions
Act (FACTA) of 2003
Free annual credit reports for consumers
Businesses are required to hide portions of
credit card and social security numbers on
receipts
Created a national fraud hotline so you only
have to make one call to report identity theft
National Listing of Identify Theft
Citations & Penalties by State

The National Conference of State

Legislatures
(http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm)
A comprehensive listing of citations and
penalties listed alphabetically by state.
California’s Changing View on
Identity Theft
In California, "The law making Identity
Theft a crime was enacted as a
misdemeanor crime in 1998.

In 1999, the law was upgraded to an

alternate felony/misdemeanor crime ."[1]

[1] http://www.infolinkscreening.com/InfoLink/Resources/Articles/IdentityTheft.aspx 6/23/04