Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wolves of the Internet: Where do fraudsters hunt for data online?

Published byรอง สมิธ Modified over 5 years ago

Similar presentations

Presentation on theme: "Wolves of the Internet: Where do fraudsters hunt for data online?"— Presentation transcript:

1 Wolves of the Internet: Where do fraudsters hunt for data online?
19 June 2018

2 Collaborative research that provides insight as to what personal information is available on the Internet and explore some of the methods used to obtain it. The report aims to: Explore what personal information is available online Show the methods that can be used to obtain personal information Demonstrate how the collation of personal information can be used in impersonation.

3 What did we do?

4 8,646 individuals identified (29% match rate)
Sampling 81,470 records sent to Forensic Pathways Bulk search was carried out using API 30,000 selected from records with a ‘hit’ which provided a 90% confidence level Overall, there was 35% match rate to individuals where we had name, date of birth and both telephone and There was a 22% match rate to individuals those with a name, date of birth and only a telephone number. Both these results had a 90% confidence match with them as to identification of the individual, therefore a sample of 30,000 individuals were selected from these two set of individuals. FP also had a 15% match rate with name, date of birth and neither telephone or , but this only had a 30% confidence level. FP then identified 8,646 individuals from the two sets of individuals – a 29% match. These individuals were also searched on the dark web using a web crawler they had designed to identify if any victims of impersonation appear on the dark web. It was agreed that we would not fund criminal activity by purchasing any data sets, therefore the findings were limited. A random sample was then taken from those which were identified on social media and those that were not to identify if their account had been released via any breaches using the haveibeenpwnd site. 8,646 individuals identified (29% match rate) Sample of 240 s selected from both those found on surface web and those not found to check for data breach

5 Findings

6 Where is personal data sold?
On the dark web, 10,000 posts were found in relation to ‘Fullz’. FP identified 21,000 live sites on the TOR network in May 2018. Various online shops and forums on surface web also sell personal data For one forum designed for telecom advice, 454 of the 465 posts made in April were in relation to selling personal data Personal data sold on surface web is cheaper than that sold on dark web. From 80 ‘Fullz’ profiles found, 13% related to victims of impersonation 90% were posted prior to the victim being filed onto the Cifas database. 80% of profiles had mother’s maiden name, 60% had passwords to s. Mostly used for personal credit card applications and personal current accounts One individual had their details used 22 times.

7 How data from a ‘Fullz’ profile has been used
This chart shows how an individual’s details from a Fullz profile can be used. Victim 1 had his details filed on a forum and his details were used in 22 fraudulent applications over a span of two 2 years. The details had been posted 41 times on forums since 2016 and there were at least 271 URLS that linked back to the data held within that profile. What this chart demonstrates is that there are potential two different individuals using the details for fraudulent applications, as well as targeting the details of other innocent parties to obtain services or products that they would not have been otherwise entitled to.

8 Impersonation and social media
Females under 21 more likely to be found than males. From the age of 31, more men could be commonly identified. 69% of individuals found on Facebook and 38% found on both Facebook and LinkedIn. Younger victims had a higher presence on social media, including recruitment sites. Older victims were more likely to be found on phone directory sites or contact information directory sites for individuals and businesses. Victims aged under 21 more likely to have their details used for mobile phone contracts, mail order, store cards and pay day loans Victims aged over 61 were more likely to have their details used for credit cards and personal current accounts. Some of the websites are old social media sites

9 Company directors 13% of those with an occupation listed were company directors. 96% of these were found on Companies House. 76% had their home address listed as their correspondence address – a large number listed for dissolved directorships. Majority had a Facebook footprint (61%), 31% had a presence on LinkedIn. Of note, a number also had a company page on Facebook. Facebook offers an API to harvest public data posted on Facebook. LinkedIn also produces a wealth of information about an individual, from their employment history and educational history, to their interests and skills. Although The Companies (Disclosure of Address)(Amendments) Regulation states that you can apply to have your home address removed providing you can supply an alternative correspondence address for £55. However you cannot remove your home address if it is your company’s registered address. The dilemma comes where an individual needs to promote themselves for commercial reasons – their digital footprint may be higher than a lot of other victims of impersonation. It is how information can be pieced together from not only social media sites in terms of what the individual has released about themselves, but also what is publicly available. Is this a risk worth taking in the name of self-promotion?

10 Data Breaches 68% of those found on social media could be found within a data breach compared to 54% of those who could not be found on social media. Those aged over 61 years old were more likely to be part of multiple data breaches compared to their younger counter-parts Over recent years, there have been a number of high profile data breaches where organisations have lost large amounts of personal data. For instance, the most recent Carphone Warehouse breach, LinkedIn data breach in 2016 and in August 2017, there was one breach which exposed 711 unique address and passwords.

11 Conclusions

12 Conclusions 65% of individuals could be found on social media or through a data breach. For the 35% that could not be found, their details may have been breached through a phishing attack. Personal data is also sold on surface web, not just the dark web. Forums play a pivotal role in this. Personal data can be obtained not only through social media platforms, but also pieced together with publically available data. APIs are an accessible way to obtain personal information in bulk.

13 Recommendations

14 Recommendation for consumers
Old profiles on social network sites that are no longer used should be deactivated and deleted

15 Recommendation for consumers AND organisations
The monitoring and administration of forums should be enforced to ensure old forums are removed and there are sufficient channels to report abuse

16 Recommendation for discussion
Consideration to be given to the balance between transparency and proportionality of publicly available data

17 Questions?

Download ppt "Wolves of the Internet: Where do fraudsters hunt for data online?"

Similar presentations

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
©2005 Qwest Communications International, Inc. NOTE: Qwest is providing the above information as a customer service for educational purposes only. Qwest.

©2005 Qwest Communications International, Inc. NOTE: Qwest is providing the above information as a customer service for educational purposes only. Qwest.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Social Media Networking Sites Charlotte Jenkins Designing the Social Web 06-10-2011.

Social Media Networking Sites Charlotte Jenkins Designing the Social Web
© 2004 TransUnion LLC. All Rights Reserved. August 10, 2005 Seven Easy Steps to Fraud Prevention Northwestern University Clifton M. O’Neal Director, Corporate.

© 2004 TransUnion LLC. All Rights Reserved. August 10, 2005 Seven Easy Steps to Fraud Prevention Northwestern University Clifton M. O’Neal Director, Corporate.
Uniqueness of user names is enforced Customer information logged to database Require contact information as well as email address Email address will.

Uniqueness of user names is enforced Customer information logged to database Require contact information as well as address address will.
FINANCIAL SOCCER Module 3 Credit, debit and prepaid cards Collect a quiz and worksheet from your teacher.

FINANCIAL SOCCER Module 3 Credit, debit and prepaid cards Collect a quiz and worksheet from your teacher.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
There’s No Place Like Home Shop Local. Concept: Participating retailers provide donation (e.g. $5), to a local charity for every (e.g. $25) gift card.

There’s No Place Like Home Shop Local. Concept: Participating retailers provide donation (e.g. $5), to a local charity for every (e.g. $25) gift card.
How America Shops & Spends 2014

How America Shops & Spends 2014
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.

An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
For Real Estate Agents Farming Equipment Heavy Equipment Real Estate Motor Vehicles.

For Real Estate Agents Farming Equipment Heavy Equipment Real Estate Motor Vehicles.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Apple Inc ISO. Organisation chosen Apple Store The company designs, manufactures and markets personal computers, portable digital.

Apple Inc ISO. Organisation chosen Apple Store The company designs, manufactures and markets personal computers, portable digital.

Similar presentations

Ads by Google