1 Understanding the Threat and Practical Tips to Protect YourselfIdentity Theft Understanding the Threat and Practical Tips to Protect Yourself

2 WHAT IS IDENTITY THEFT Identity theft is a crime.An impostor obtains key pieces of personal identifying information (PII), such as Social Security numbers and driver's license numbers and uses them for their own personal gain. A broader definition includes the use of an existing credit card or bank account. By including credit card takeover/fraud you increase the victim count considerably. Over 12 MILLION victims of identify theft in 2012. One victim every 3 seconds. Over $21 Billion dollars stolen. If you own a smart phone you are 35% more likely to be an identity theft victim. $725,000 is the largest reported dollar amount of ID fraud committed against a child.

3 TYPES OF IDENTITY THEFTDumpster Diving: This method of identity theft is one of the most traditional—and most effective. Thieves search your trash for documents that contain your personal information and gain access to important numbers that help them commit identity theft. 88% of the information collected by thieves was obtained through dumpster diving! Stolen Wallet: When a thief steals your wallet, they gain instant access to the information they need to take the next step and steal your identity. Change of Address: Thieves change the address where you receive mail and divert your personal information into the wrong hands.

4 TYPES OF IDENTITY THEFTMail Theft: - “Old school” thieves scout for unlocked mailboxes and steal your mail and your identity—right from your front door. Shoulder Surfing: The prevalence of cameras and recorders in today’s mobile phones make this form of identity theft a real threat. Thieves position themselves within sight or earshot of your latest credit application, and record your information to commit future fraud. ATM Skimmers/Handheld Skimmers: Today’s thieves are innovating the way they steal your personal information, by swiping it— literally—when you are in the midst of a legitimate transaction such as paying for dinner bill at a restaurant, pumping gas, or using an ATM.

5 TYPES OF IDENTITY THEFTData Breaches: By the time financial institutions detect that a data breach has occurred, a fraud attempt has already been made in seven out of ten cases Youth at Risk: Children make prime targets for identity thieves specifically because they have no credit history and thus, clean credit reports. The theft can continue unchecked for over a decade. Police agencies are saying children are now the fastest growing segment of identity theft victims. P2P File Sharing: Music sharing sites and other peer-to-peer networks have helped high-tech thieves get all kinds of personal information via accidental disclosure—tax returns, password files, birth dates, and account numbers. Anything stored on the same hard drive as the shared library can inadvertently go public when you connect.

6 TYPES OF IDENTITY THEFTPhishing/SMSishing/Vishing: These days, that , text, instant message, phone call, or voic from your bank could be real—or a phishing attempt. Thieves are busy impersonating legitimate businesses via and websites in order to acquire your personal information like PINs, credit card or bank account numbers, or Social Security info. Online Shopping: Thieves are experts at duplicating legitimate online storefronts. Before you know it, you’ve completed your transaction and inadvertently handed over the personal information they need to commit fraud.

7 TYPES of IDENTITY THEFTMalware, Malicious Software, Viruses, Worms, Trojan Horses, Spyware, and Rootkits: Cyber thieves can install malicious software to exploit weaknesses in features of many popular software titles. Once installed, malware can run executable programs on your computer without your consent, including transmitting personal information via the Internet to remote computers, where it is stored and sold at a later date to counterfeiters. Out of more than 18 million computers scanned during April – June 2010, over half of these computers were infected with malware. Of these infections, more than 17% were Banking Trojans/Password Stealers, software programs designed specifically to steal the passwords and banking related information stored on your computer. Keystroke logging is one of the most advanced forms of malware criminals can use to register your passwords, login IDs, and account information.

8 IDENTITY THEFT EFFECTSCard Fraud: Opening store or bank credit is just one way that thieves can use your identity to illegally reap financial reward. Cloned debit cards obtained using skimmers are becoming more common thanks to high-tech techniques. Loan Fraud/Payday Loan Fraud: With payday loans, you may not know that someone has used your identity to illegally obtain cash. Thieves can open these types of loans in multiple states, racking up a huge debt using your personal information. Government Documents Fraud: From Social Security cards to birth certificates and drivers licenses, illegally obtaining and selling government documents is big business for thieves. Benefits Fraud: In today's healthcare climate, pirated insurance benefits – thieves using your personal information to obtain medical care – can earn a high sale price for industrious thieves. Employment-Related Fraud: New laws are making it difficult for illegal immigrants to gain employment, but entrepreneurial thieves are more than eager to sell your good name for the right price.

9 IDENTITY THEFT EFFECTSBank Fraud: Now-a-days thieves don’t have to hold you up at gun point to take your money. They can pilfer your bank account information and clean out your savings before you know it. Phone Fraud/Utilities Fraud: Service agreements for cellular service or utilities are common means for thieves to profit at your expense–using your personal information. Tax and Wage Fraud: Enterprising thieves will try anything for profit, even forging tax returns in your name to get your refund. Other Identity Fraud: Medical, criminal, and insurance records are not things you typically think to monitor. Opportunistic thieves can exploit your good name for all it's worth.

10 COMMON SENSE STEPS - GENERALWatch your credit score: If a thief got a hold of your personal information, how would you know? One way is to keep a close eye on your credit report and watch for changes in your score. Check for free every year. Don't share your personal information: Before providing any personal information ask why the information is needed. Accidental disclosures on the business end can put you at risk for identity theft. Lock up your government IDs: Lost or stolen identification are increasingly difficult to replace. When not in use, store your government-issued identification (Social Security Card, Passport) in a safe place, preferably not on your person. Shred and destroy your documents: Dumpster diving is a proven method for thieves to gain access to your personal information by stealing discarded information. Shred it and forget it. Guard your mail: Protect your mailbox from thieves by replacing unlocked versions with a secure model. As an added precaution, place your mail on hold while you travel.

11 COMMON SENSE STEPS - GENERALShop smart: Online shopping provides many conveniences, but be sure to look for a security seal and https in the URL when it comes time to enter any personal information. This quick check can help stop you from being phished and disclosing your identity on a counterfeit website. Strengthen your passwords: Changing your passwords often and using numbers, symbols, and uppercase letters can help protect you and your accounts from being hacked. - Limit the reuse of passwords across sites. Stay alert (Skimming, Shoulder Surfers, Strange ATMs, Phishing, SMSishing, Vishing): High-tech thieves are busy coming up with inventive ways to get at your personal information Ways include skimming your credit card during check out, shoulder surfing to snap a picture of your account, and phishing for your identity via , websites, texting, or phone calls. Protect your children's information: These days, you are not the only person in your family at risk. More and more youth identities are being stolen so that thieves can commit employment or benefit-related fraud and get away with it for years before you even realize it.

12 COMMON SENSE STEPS - YOUR COMPUTERInstall/turn-on a firewall to protect your information. A firewall can be thought of as a traffic cop: it blocks traffic or permits traffic. Install reputable anti-spam / anti-virus software. (http://www.pcmag.com/image_popup/0,1871,iid=415624,00.asp) Keep antivirus/ anti spyware, as well as OS system updated. Do not ignore messages to update software. Be certain of BOTH the source AND content of each file you download! Don't download a program just to "check it out.“ Trojans can be spread in the guise of literally anything people find desirable, such as a free game, picture, MP3 song, etc. Always know from who and what you are downloading. Remember that a virus or Trojan might cause your friend’s computer to automatically send you the questionable files and s. When in doubt, ask them first before opening the attached file. Be cautious when dealing with pop-ups. Beware of hidden file extensions! Windows by default hides the last name extension of a file, so that innocuous-looking picture file, "susie.jpg", might really be "susie.jpg.exe", an executable Trojan! To avoid being tricked, unhide extensions, so you can see them. This is an option selected in Windows Explorer under Tools\Folder Options\View. Make sure to “Apply to all folders.” Backup your system! One of the best ways to protect yourself in the result of a virus attack is to have a clean set of backup disks/CDs that will fully restore your system (without the virus) and the applications you are using. Turn off your computer when not in use. If you are not connected to the Internet, because your computer is off, you cannot be infected, hacked or hijacked.

13 COMMON SENSE STEPS - AT WORKWhat is considered sensitive information? Social Security number (SSN), credit card numbers, driver’s license number (DLN), address, date of birth (DOB), mother’s maiden name, bank account numbers, personal account numbers. Cross-shred all sensitive documents before throwing them away, especially those with personal Identifying information. Keep wallets and purses in locked cabinets while at work. Make sure that conversations cannot be overheard when exchanging sensitive information. Avoid providing sensitive information over the telephone or by . Use a secure method such as SFTP or a secure HTTPS web site. Password protect your computer, enable the password when the screen saver turns on. Avoid placing personal mail with checks, SSN or account information in the unlocked outgoing mailbox (i.e. at the receptionist’s desk).

14 COMMON SENSE STEPS -MOBILELock the device. Lost and stolen devices continue to be the most serious threat for businesses and consumers. Install a comprehensive antivirus/anti-spyware software package on your phone. One with remote wipe ability, so if your phone is lost or stolen you can wipe it. Avoid questionable apps. Users should download apps only from trusted app stores and stick with the more popular apps. Accept the patches. Similar to PCs, mobile phones need to be patched often to eliminate vulnerabilities found since the phone's release. Back up your data. Mobile devices are easy to back up. Users who back up regularly are less likely to lose data. Do not use your mobile device to store sensitive personal information or bank account numbers. Stay safely behind bars. Although some reasons exist for consumers to jailbreak their phones, security experts advise users to just say ‘no’.

15 COMMON SENSE STEPS - SOCIAL MEDIATo avoid clickjacking attacks and other scams: Be careful clicking on links that use unusual, URL-shortening services, or those that promise to display shocking or embarrassing videos. Don’t download any tools or software updates when prompted to do so after clicking a link you obtained from a social networking site. This could be an attempt to propagate malware. Don’t use public social networking sites to discuss sensitive company matters. You might be communicating with impostors. You might be potentially broadcasting to the whole world. When sending private messages using a social networking site: Assume that some day they may become public. The data might be revealed due to your own error or because the service provider may end up leaking the information inadvertently or through dubious practices. Use social networking services in a manner consistent with your employer’s policies. When encountering a suspicious situation on a social networking site that may involve your employer’s data or computer systems, let your IT or security staff know.

16 COMMON SENSE STEPS - SOCIAL MEDIABe weary of links embedded in messages that appear to come from a social networking service. Instead, connect to the site directly by typing its URL or using a bookmark to avoid phishing-style incidents. Use HTTPS for as many interactions with the social networking site as possible (can be enabled on Twitter and on Facebook). Review the list of apps and sites that you granted access to your social networking accounts and deauthorize the services you no longer use. Don’t include in your social networking communications potentially sensitive information about other people. Be skeptical of job postings on social networking sites until you confirm that you’re interacting with an official representative of the company where you’d be applying. Avoid responding to offers that sound too good to be true, such as high-paying work-from-home gigs. If a friend asks you for money using chat or messaging functionality of a social networking site, confirm that you’re interacting with the person you know, rather than an impostor or a bot that compromised the account.

17 Sources http://www.idtheftcenter.org http://www.lifelock.comsecurity-tips/ online-and-mobile-security-tips-from-bank-of-america.html