file000159
TRANSCRIPT
Module XLVI - Investigating Identity Theft Cases
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Five from ID Theft Ring Indicted for Using Bogus Credit Cards, Buying Meth
Source: http://www.rockymountainnews.com/
By Hector Gutierrez, Published November 5, 2008 at 7:30 p.m.
Five people have been indicted in an ID theft operation in which they allegedly used bogus credit cards and bought methamphetamines with the cash they got after reselling purchased items, Aurora police announced Wednesday.
The Denver grand jury returned indictments last week against the five charging them with numerous counts, including violating the Colorado Organized Crime Control Act, theft, forgery, identity theft and conspiracy to commit computer crime, forgery, and theft.
The ring's alleged leader, Shadwick Weaver, 35, was in custody in the Douglas County Jail when the indictment was handed down, police said. Weaver is facing 56 criminal counts and was being held on $500,000 bail.
Detectives from the police department's economic crimes unit and a crime analyst began investigating the group in April after the found out that they may have been involved in a variety of white-collar crimes in Aurora and the north Denver metro area, detective Robert Friel, police spokesman, said.
The group members allegedly got hold of victims' identities by burglarizing homes, breaking into cars and vehicle larceny, the detective said. The ring also possessed equipment that they used to manufacture documents such as counterfeit checks, credit cards, Social Security cards, drivers licenses, photo identities and employee badges. Detectives believe the group possessed about 300 such bogus documents, Friel said.
"We executed a search warrant and we believe we took away their tools that they were using to carry out the scheme," the detective said.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Woman Jailed for Stealing Identities
Source: http://www.faxts.com/
Written by FBI Tuesday, 21 October 2008 15:55
PHILADELPHIA - Jocelyn Kirsch, 23, of Novato, California, was sentenced today to five years in prison for her role in an extensive identity theft and fraud scheme, announced Acting United States Attorney Laurie Magid.
Kirsch pleaded guilty in July 2008, to conspiracy, aggravated identity theft, access device fraud, bank fraud, and money laundering. Between November 2006 and November 30, 2007, Kirsch and co-defendant Edward Anderton stole identity information, credit cards, and credit card account information from numerous victims, including friends, co-workers, neighbors, fellow students, bar patrons, and others, and used those stolen materials extensively to buy merchandise and obtain cash. Anderton pleaded guilty in June 2008 and is scheduled for sentencing on November 14, 2008. In addition to the prison terms, United States District Court Judge Eduardo Robreno ordered Kirsch to pay $101,033 restitution, a $600 special assessment, and to complete five years of supervised release.
Over the course of a year, defendants Anderton and Kirsch used the identities of more than 16 victims in numerous illegal transactions to obtain more than $119,000 in cash and merchandise. They also made failed attempts to obtain more than $122,000 in additional cash and merchandise. The defendants used the proceeds of their fraud scheme to help fund their lavish lifestyle that included trips to Florida, Paris, Hawaii, Montreal, and the Turks and Caicos Islands in the Caribbean.
The case was investigated by the Federal Bureau of Investigation, the United States Postal Inspection Service, the Philadelphia Police Department, The University of Pennsylvania Police Department, and the Philadelphia District Attorney’s Office. It was prosecuted by Assistant United States Attorney Louis D. Lappen and Special Assistant United States Attorney Lisa Caulfield.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective
• Identity Theft• Who Commits Identity Theft• How Criminals Get Information• Techniques Used By Criminals• How Does a Criminal Use Information?• Investigating Identity Theft• Identity Theft Laws• Protection From Identity Theft
This module will familiarize you with:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Identity Theft
Who Commits Identity Theft
How Criminals Get Information
Techniques Used By Criminals
How Does a Criminal Use Information?
Investigating Identity Theft
Identity Theft Laws
Protection From Identity Theft
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft
Identity theft is an unauthorized use of others’ personal information for fraudulent or unlawful activities
Identity thieves steal name and reputation and use them for their own financial gain
It causes serious breaches of privacy
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identifying Information
Names (current or former)
Social Security numbers
Driver’s license numbers
Bank account/credit card numbers
Birth dates
Residential and/or work address
Tax identification numbers
Medical identifications
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft Statistics for 2007
FTC received 813,899 consumer fraud and identity theft complaints
Credit card fraud (23%) was the most common form of reported identity theft followed by phone or utilities fraud (18%), employment fraud (14%), and bank fraud (13%)
Other significant categories of identity theft reported by victims were government documents/benefits fraud (11%) and loan fraud (5%)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft Complaints by Age of the Consumer
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Examples of Identity Theft
A person is not able to renew his/her Driving License or register to vote due to crimes committed in his/her name by another person
People have been denied employment or fired when a criminal record showed on the background check which was done by another person
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Who Commits Identity Theft
Professional thieves
Strangers
Family members and relatives
Friends/acquaintances
Co-Employees
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
How Criminals Get Information
Stealing files from work places, shops, medical services, banks, etc.
Stealing wallet or purse
Stealing information from home or car
Stealing information from mail ( Bank and credit card statements, checks, loan pre-approvals, tax information )
Scam phone calls where a stranger asks for personal or financial information
Hacking into an organization’s computers
Conning information out of employees
Bribing an employee who has access to records
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
How Personal Information was Stolen: Statistics
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Techniques Used by Criminals
Non technological methods:
• Dumpster diving• Shoulder surfing • Telemarketing scams• Bribing or inserting dishonest employees• Mail theft/interception• Masquerading and Social hacking
Technological methods:
• Credit card skimming• Spy cameras in ATMs• Phishing and Pharming• Wireless communication interception• Software ( Viruses/Hijacking and Spyware)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
How Does a Criminal use Information?
Obtains new credit cards and makes changes to the existing bank accounts
Goes on a spending spree with the stolen credit cards and identification
Changes the credit cards’ mailing address
Obtains personal, student, car, and mortgage loans
Gets job using the victim’s name and social security number
Obtains wireless telephone equipment or services
Files fraudulent tax returns
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
FTC Consumer Sentinel
Consumer Sentinel is an investigative cyber tool which provides members of the Consumer Sentinel Network to access millions of consumer complaints
It includes complaints about:
• Identity theft • Computers, the Internet, and online auctions • Telemarketing scams • Advance-fee loans and credit scams• Sweepstakes, lotteries, and prizes • Business opportunities and work-at-home schemes • Debt collection, credit reports, and financial matters
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
FTC Consumer Sentinel: Screenshot 1
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
FTC Consumer Sentinel: Screenshot 2
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft Movies
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Investigating Identity Theft
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Investigating Identity Theft
Interview the victim
Get the credit reports
Collect information about online activities of the victim
Collect information about the websites where victim has disclosed personal information
Search the FTC consumer sentinel
Collect information from point of sale
Collect information from courier services
Get call records from service providers if stolen identity is used to obtain phone service
Search the suspect’s address
Obtain search and seize warrant
Seize the computer and mobile devices from suspects
Collect the browser’s information from the suspect’s computer
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Interview the Victim
Enquire about how the identity was stolen
Ask when the victim first suspected that the identity was stolen
Ask whether the victim uses his/her identity online
Enquire about victim’s work place security policies
Note all the details collected from the victim
Provide a copy of the incident report to the victim to straighten out credit histories
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Get the Credit Reports
For every consumer transactions, credit reports and credit scores are used
Get the credit report on the victim’s name and check it properly
Credit reports are supplied by:
• Equifax: http://www.equifax.com• Experian: http://www.experian.com/• TransUnion: http://www.transunion.com/
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Sample Credit Report
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Collect Information About Online Activities of Victim
Check the victim’s online activities
Check whether the victim has answered any spam mail
Check whether he/she is an victim of the phishing site
Collect the browsing history, cookies, cache, search history, offline website data, and all the available information from the victim’s computer
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Collect Information About the Websites Where Victim Has Disclosed Personal Information
If the victim has given sensitive information online, check for the websites address
Check the website details using:
• http://www.whois.net/• http://centralops.net/co/
Information regarding any website (currently down) since its launch can be found at:
• http://www.archive.org/
Investigate the website’s security policies
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
http://www.whois.net/
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
http://centralops.net/co/
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
http://www.archive.org/
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Search the FTC Consumer Sentinel
Consumer Sentinel is a secure online database of millions of consumer complaints
Any federal, state, or local law enforcement agency can access the Consumer Sentinel
Search and study similar type of cases (Gives an idea how past cases are solved)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Collect Information from Point of Sale
Check whether the thief has purchased any goods in person
Collect all the details about the thief from the merchant
Collect the photos and video tapes if any from the cameras installed at the merchant’s place
Check for any contact information given to the merchant (mailing address or phone numbers )
Check how the merchandise is delivered
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Collect Information from Courier Services
Check whether the thief has bought any goods online (By checking the credit card bills)
If so, contact the vendors and check how the goods are delivered
Collect the mailing addresses, telephone numbers, and courier service details
Bogus addresses may also be useful as the identity thief uses same bogus address in multiple crimes
Contact the courier services and collect the information from the delivery persons
• Obtain the package delivery history• Get a brief idea about the person to whom the goods are delivered
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Get Call Records from Service Providers if Stolen Identity is Used to Obtain Phone Service
• Contact service providers and check the applications• Get the call records• Trap the most communicated phone numbers
If the stolen identity is used to obtain the phone service:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Search the Suspect’s Address
Check for the suspect’s address
Check the suspect’s criminal history to see if he/she is involved in a similar fraud in the past
Check the suspect’s trash to get any bills, vouchers, covers or envelopes, etc.
If the suspect is from other jurisdiction or operating in other jurisdiction, contact other law enforcement agencies where he/she lives
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Obtain Search and Seize Warrant
If any person is susceptible, provide all the clues in the court
Obtain search and seize warrant for further investigation
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Seize the Computer and Mobile Devices from Suspects
Seize the computer, cell phones, and other electronic equipment from suspect’s home
Search the suspect’s home and surroundings
Seize all the credit cards, bank notes, check books, etc. which is on the victim’s name
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Collect the Browser Information from Suspect’s Computer
• Browsing information• Search history• Cache• Cookies• Offline website data• Authentication sessions
After seizing the suspect’s computer, check for:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Identity Theft Laws
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
United States: Federal Identity Theft and Assumption Deterrence Act of 1998
18 U.S.C. § 1028(a)(7) Federal law was passed in 1998
Prohibits “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law”
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Unites States Federal Laws
18 U.S.C. § 1028 – Identification Fraud
18 U.S.C. § 1029 – Credit Card Fraud
18 U.S.C. § 1030 – Computer Fraud
18 U.S.C. § 1341 – Mail Fraud
18 U.S.C. § 1343 – Wire Fraud
18 U.S.C. § 1344 – Financial Institution Fraud
18 U.S.C. § 1708 – Mail Theft
18 U.S.C. § 1546 – Immigration Document Fraud
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Australia
According to Commonwealth level, under the Criminal Code Amendment Act 2000 which amended certain provisions within the Criminal Code Act 1995,
135.1 General dishonesty
Obtaining a gain
(1) A person is guilty of an offense if:
(a) the person does anything with the intention of dishonestly obtaining benefit from another person; and
(b) the other person is a Commonwealth entity
Penalty: Imprisonment for 5 years
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Canada
Under the section 403 of the Criminal Code of Canada,every one who fraudulently personates any person, living or dead,
(a) with intent to gain advantage for himself or another person,(b) with intent to obtain any property or an interest in any property, or(c) with intent to cause disadvantage to the person whom he personates or another person, is guilty of an indictable offense and liable to imprisonment for a term not exceeding ten years or an offense punishable on summary conviction
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hong Kong
THEFT ORDINANCE - CHAPTER 210SEC 16AIf any person by any deceit (whether or not the deceit is the sole or main inducement) and with intent to defraud induces another person to commit an act or make an omission, which results either-
(a) in benefit to any person other than the second-mentioned person; or (b) in prejudice or a substantial risk of prejudice to any person other than the first-mentioned person, the first-mentioned person commits the offense of fraud and is liable on conviction upon indictment to imprisonment for 14 years
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
United Kingdom
Data Protection Act protects the personal data in United Kingdom
It covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Protection From Identity Theft
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Protection from ID Theft
Check bank account balances regularly
Order the credit reports and review carefully
Check SSA Annual Earnings Statement
Secure all the personal information
Never leave sensitive information in vehicles
Use strong passwords for logging into bank accounts and computers
Enquire about security policies at workplace
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Protection from ID Theft (cont’d)
Never use public computers for accessing sensitive information
Do not provide personal information over the phone, Internet, or through the mail
Guard mails and trashcans from theft
Pay attention to billing cycles
Keep virus protection and security suite software updated
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
What Should Victims Do?
Report to local police and get a copy of report
Call fraud departments of CRAs and get fraud alerts and victim statements placed on credit reports
Contact creditors fraud departments, report fraudulent accounts, and charges
Notify each creditor in writing about the identity fraud
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Resources for Victims
www.consumer.gov/idtheft or www.ftc.gov
1-877-ID-THEFT or 1-877-438-4338
www.identitytheft.org
www.idtheftcenter.org
www.privacyrights.org
US Trustees – for bankruptcy (http://www.usdoj.gov/ust/)
Social Security Office of Inspector General (http://www.ssa.gov/oig/)
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
Identity theft is the theft or unauthorized use of others’ personal identifying information for fraudulent or unlawful activities
Criminals steal files from work places, shops, medical services, banks, etc.
Obtain new credit cards and make changes to the existing bank accounts
Check whether the victim has answered any spam mail redirecting him/her to the phishing sites
If the victim has given sensitive information online, investigate such website’s address
Collect the photos and video tapes if any from the cameras installed at the merchant’s place
Obtain search and seize warrant for further investigation
Never use public computers for accessing sensitive information
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited