Download presentation
Presentation is loading. Please wait.
1
Protecting Your Identity
2
What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. CIA model –Confidentiality: prevent disclosure from unauthorized individuals or systems –Integrity: Information cannot be modified without authorization –Availability: Information must be accessible when needed –Authentication: establishing information as authentic –Non-repudiation: ensuring that a party cannot refute that information is genuine.
3
What is Identity Theft? Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes The FTC estimates that as many as 9 million Americans have their identities stolen each Typical Identity theft crimes –Rent an apartment –Obtain a credit card or other types of debt –Establish a telephone account –Get various types of identifications in the victim’s name –Steal financial assets
4
What is Identity Theft? Costs of Identity Theft –Legal fees –Exorbitant amount of time –Lost job opportunities –Denial of all types of financial resources –False accusations, and potential arrests for crimes not committed
5
How Does it Occur? In most cases attackers need personally identifiable information (PII) or personal documents in order to impersonate the victim. Name, Address, DOB, Birthplace, License Number, Credit Card Number, SSN Where could an attacker find this information? Could you be an easy target?
6
Generation Stereotype Millennial Generation (Us) –Users of instant communication technology Myspace, Twitter, Facebook, Text, IM, e-mail –Tech savvy Video Games (PC, Xbox, Playstation) MMOs (Second Life, WOW, Lineage, Maple Story) P2P file sharing 90 percent own a computer in US Spend more time online than watching TV How much information about you is stored on somebody else’s servers? What methods of protection are in place?
7
Contemporary High Risk Areas On-line shopping Malware Credit Card Applications –Online incentives –in person incentives –mail applications Physical Assets –Laptops, cellphones, ipods... –Wallet, purse, checkbook... Social Networking Online Gaming File sharing
8
Social Engineering The process of using social skills to convince people to reveal access credentials or other valuable information Common Social Engineering Techniques –Confidence Trick –Pretexting –Baiting –Quid Pro Quo –Phishing Spear Phishing Whaling Phone Phishing
10
Phishing An attempt to obtain personal or financial information by using fraudulent means, usually by posing as a legitimate entity. Targets –PII Methods –Bank Account Credentials –E-mail Login Credentials –Social Networking Login Credentials Why?
11
Phishing Email Example
14
Phishing Logon Example
15
Phishing Phishing can take many forms: –E-mails from websites or services you use frequently –Bogus job offers –They might appear to be from a friend or someone you know (Spear Phishing) –They might ask you to call a number (Phone Phishing) –They usually contain official looking logos –They usually links to phony websites that ask for personal information –Physical Mail
16
Red Flags “ Verify your account” “Click the link for account access” “If you don’t respond, your account will be suspended” “Suspicious activity alert” Pop ups Deceptive URLs –www.mircosoft.comwww.mircosoft.com –www.facesbook.comwww.facesbook.com –www.192.168.XX.XX/citibank.com/code.htmlwww.192.168.XX.XX/citibank.com/code.html Masked URLs
17
Identity Theft What are other method’s of stealing someone’s identity? –Non Technical Dumpster Diving (Storage Media and Documents) Skimming Pickpocketing/Theft Shoulder surfing Changing Mailing Address –Technical Hacking Malware Password Cracking Packet sniffing
18
Prevention Shred all your important information \ Don’t access personal info in public places Use privacy screens when necessary Have your checks delivered to your bank Properly destroy storage media (hard drives,flash drives, cds...)
19
Prevention Drop off payment checks at the post office Note when new credit cards are to be received Cancel old credit cards Use strong passwords Don’t post personally identifiable info on the internet. Install proper anti-malware software
20
Prevention Carry only necessary information with you Do not give out personal information unless necessary Monitor your accounts Order your credit report at least twice a year Know the site you are visiting (pay attention to URLs) Ensure PII info is encrypted (SSL, TLS)
21
Annual Credit Report Request your Credit Report Online –https://www.annualcreditreport.com To Request your Credit Report by Phone –Call 1-877-322-8228 To Request your Credit Report by Mail –Annual Credit Report Request Service P.O. Box 105281 Atlanta, GA 30348-5281
22
Recovering From Identity Theft What are the steps I should take if I'm a victim of identity theft? –Place a fraud alert on your credit reports, and review your credit reports –Close the accounts that you know, or believe, have been tampered with or opened fraudulently –File a complaint with the Federal Trade Commission –File a report with your local police or the police in the community where the identity theft took place
23
Anti-Phishing Phil http://wombatsecurity.com/antiphishing_phil/index.html
24
Questions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.