ira wilsker's january 2014 identity theft presentation
TRANSCRIPT
IDENTITY THEFTIDENTITY THEFTJanuary 11, 2014January 11, 2014
By Ira WilskerBy Ira Wilsker
Some slides are from an ORIGINAL Presentation bySome slides are from an ORIGINAL Presentation bySgt. Eric Gilbert and Sgt. Hiland Priddy, Texas Department Sgt. Eric Gilbert and Sgt. Hiland Priddy, Texas Department
of Public Safety (DPS) for mandatory Texas Law of Public Safety (DPS) for mandatory Texas Law Enforcement Officer In Service TrainingEnforcement Officer In Service Training
GREATER CLEVELAND PC USERS’ GROUP
JANUARY 10, 2014: Personal info stolen from 70M customers, company says
The nation's second largest discounter said Friday that hackers stole personal information — including names, phone numbers as well as email and mailing addresses — from as many as 70 million customers as part of a data breach it discovered in December.
Target said in December that customers' names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.
DEBIT AND CREDIT CARD INFORMATION
STOLEN FROM TARGET FOR SALE ONLINE
THE ADDRESS IN THE “COUNTRY” COLUMN IS THE LOCATION OF THE TARGET STORE WHERE THAT CARD WAS USED
FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM TARGET FETCH PREMIUM PRICES – ALSO NOTICE
“MATURITY” OF CARDS vs. PRICE THESE ARE DEBIT CARDS
FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM TARGET FETCH PREMIUM PRICES – ALSO NOTICE THAT “QUALITY” CARDS WITH HIGHER
CREDIT LIMITS FETCH HIGHER PRICES
MANY OF THESE CREDIT CARD SELLING SITES ARE LOCATED IN RUSSIA OR EASTERN EUROPE – ONES ABOVE ARE RUN BY A
RUSSIAN WITH THE HANDLE “HELKERN”
THERE HAS BEEN NO PUBLIC DISCLOSURE
ABOUT THE METHOD USED TO OBTAIN THE TARGET CREDIT
CARD INFORMATION, BUT MANY SECURITY EXPERTS ARE FAIRLY CERTAIN THAT IT WAS
LIKELY “SPEAR PHISHING” DIRECTED TO A TARGET
EMPLOYEE WHO HAD ACCESS
BULLETIN: Dated January 14, 2014 – KREBS ON SECURITY
2011 EXAMPLE THAT LED TO MASSIVE “SPEAR PHISHING” ATTACKS
APRIL 4, 2011 – Millions Exposed to Potential IDENTITY THEFT!
Dallas – The customer lists of about 2500 corporate clients of Dallas based EPSILON, a marketing company, were stolen by a hacker over the weekend. These mailing lists are used to send about 40 billion emails annually to the millions of clients and customers of these 2500 companies. EPSILON has reported that the data stolen consisted of customer names and email addresses, but not personal financial data.
A comprehensive list of companies known to have had their client email list
stolen includes (as of April 6, 2011):
1-800-FLOWERS AbeBook
AIR MILES Rewards Ameriprise Ann Taylor
Barclays Bank of DelawareBarclay's L.L. Bean Visa
Beachbody bebe
Benefit Cosmetics Best Buy
Best Buy Reward ZoneBJ's Visa Borders
Brookstone Capital One Catherine's
Charter Communications Citi
City MarketCollege Board
DellDillons
Disney DestinationsEddie Bauer
FriendsEileen FisherEthan Allen
Eurosport Soccer Express Food 4 LessFred Meyer
Fry's ElectronicsHilton Honors
Home Shoppers Network Jay C
JPMorgan ChaseKing Soopers
KrogerLacoste
Marks & Spence Marriott Rewards
McKinsey Quarterly MoneyGram
New York & Company QFC
RalphsRed Roof Inn
Ritz-Carlton Rewards Robert Half International
Scottrade
Smith BrandsTarget
TD AmeritradeTIAA-CREF
TiVoTripAdvisor.com
US BankVerizon
Victoria's SecretViking River Cruises
VisaWalgreens
World Financial Network
NOTE: Companies in RED have a presence in
this area
The millions of customers of these companies may become the targets of
PHISHING or SPEAR PHISHING.
PHISHING uses spoofed or counterfeit duplicates of authentic websites for the
explicit purpose of IDENTITY THEFT. The victim is tricked into entering valuable personal information on the website.
Information solicited is typically credit or debit card numbers, PIN numbers,
security codes, expiration dates, user names, account numbers, and passwords.
SPEAR PHISHING is a similar form of IDENTITY THEFT but the emails are targeted to specific users. Since the
cyber crook has the customer information from these companies, they will likely be
selling that information or using it to send out millions of SPAM emails that look authentic, appearing to be from real
companies where the target victim really has an account. This tends to improve
the success rate, with more victims disclosing their personal information.
AUTHENTIC WARNING ABOUT EPSILON BREACH
7:42PM APRIL 4
THIS IS THE GENUINE WARNING
ALL OF THESE LINKS LOOK REAL, BUT REALLY CONNECT TO A CROOK IN RUSSIA!
A MORE TRADITIONAL PHISHING EMAIL
NOTE THAT THE CROOK IS ASKING FOR THE DEBIT CARD NUMBER,
SECURITY CODE AND PIN NUMBER!THIS WOULD NO LONGER BE YOUR DEBIT CARD, AND YOUR ACCOUNT
WILL BE QUICKLY EMPTIED
NOTE THE SPELLING IN THE URL…
“orangesavLngs.com
Domain Name: ORANGESAVLNGS.COM Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Creation Date: 13-jun-2008 Expiration Date: 13-jun-2009 Domain Name.......... orangesavlngs.com Organisation Name.... John Davis Organisation Address. 49960 Esperanza Organisation Address. Organisation Address. carson Organisation Address. 95350 Organisation Address. CA Organisation Address. UNITED STATES
Admin Email.......... [email protected] Admin Phone.......... +1.5554843948 Admin Fax............
orangesavLngs.com
NOTE THE PHONEY “555” AREA CODE THERE IS NO 555
NOTE CORRECT URL ABOVE
Identity theft is not just an unauthorized charge on a credit
card anymore.
Identity theft, according to the Federal Trade Commission, “occurs
when someone uses your personally identifying information,
like your name, Social Security number or credit card number,
without your permission, to commit fraud or other crimes.”
• Personal:– Name and Date of Birth– Social Security Number– Address and phone numbers– Driver’s license and passport numbers– Mother’s maiden name; pet name; etc.
• Financial:– Credit card numbers (including
security codes)– Bank account numbers– ATM Card and PIN numbers– Insurance policy numbers
Types of IdentifiersTypes of Identifiers
Official US Gov’t ID THEFT WEBSITEOfficial US Gov’t ID THEFT WEBSITE
http://www.ftc.gov/idtheft (redirectshttp://www.ftc.gov/idtheft (redirects))
ftc.gov/idtheft (redirects)
1-877-ID THEFT1-877-ID THEFT
FREE PUBLICATIONS
FROM THE FEDERAL
TRADE COMMISSION
FTC.GOV/idtheft
Identity fraud incidents and amount stolen increased—The number of identity
fraud incidents increased by one million more consumers over the past year, and the dollar
amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud
every 3 seconds.
2013 IDENTITY THEFT REPORT from JAVELIN RESEARCH (2/13)
1 in 4 data breach notification recipients became a victim of identity fraud—This
year, almost 1 in 4 consumers that received a data breach letter became a victim of
identity fraud, which is the highest rate since 2010. This underscores the need for
consumers to take all notifications seriously. Not all breaches are created equal. The
study found consumers who had their Social Security number compromised in a data
breach were 5 times more likely to be a fraud victim than an average consumer.SOURCE: Javelin Research 2/13
DECEMBER 12, 2013 http://www.bjs.gov
16.6 MILLION PEOPLE EXPERIENCED IDENTITY THEFT IN 2012Financial losses totaled $24.7 billion
WASHINGTON – An estimated 16.6 million people, representing 7 percent of all persons age 16 or older in the United States, experienced at least one incident of identity theft in 2012, the Justice Department’s Bureau of Justice Statistics (BJS) announced today.
Financial losses due to personal identity theft totaled $24.7 billion, over $10 billion more than the losses attributed to all other property crimes measured in the National Crime Victimization Survey. About 14 percent of victims suffered an out-of-pocket financial loss due to the most recent incident of identity theft. Of the victims who experienced an out-of-pocket loss, about half lost $99 or less.
In 2012, the misuse or attempted misuse of an existing account was the most common type of
identity theft — experienced by 15.3 million people. An estimated 7.7 million people reported
the fraudulent use of a credit card and 7.5 million reported the fraudulent use of a bank account such as a debit, checking or savings account. Another 1.1 million persons had their information misused to open a new account,
and about 833,600 persons had their information misused for other fraudulent purposes.
SOURCE: Victims of Identity Theft, 2012 (NCJ 243779)
SOURCE: http://www.bjs.gov/content/pub/pdf/vit12.pdf
SOURCE: FTC
SOURCE: BJS
SOURCE: FTC
Arizona, California, Florida, Texas, and Nevada are the top 5 states for Identity Theft
Why are THESE states in RED? The answer is “Politically Incorrect”
OHIO IS RANKED 29th IN IDENTITY THEFT
PHISHINGPHISHINGNote the warning in the subject Note the warning in the subject
line of the email belowline of the email below
LINK ABOVE LOOKS AUTHENTIC
NOTE INTERNET ADDRESS IN THE ADDRESS BAR IT IS NOTE INTERNET ADDRESS IN THE ADDRESS BAR IT IS LOCATED IN KOREALOCATED IN KOREA
WHOSE CREDIT CARD IS IT NOW? WHAT HAPPENS NEXT?
FORWARD TO: [email protected]
EBAY PHISHING TO STEAL PASSWORDSEBAY PHISHING TO STEAL PASSWORDS
LINK ABOVE LOOKS AUTHENTIC
NOTE INTERNET ADDRESS IN THE ADDRESS BAR – IT IS IN INDIANOTE INTERNET ADDRESS IN THE ADDRESS BAR – IT IS IN INDIA
Forward to: [email protected]
PHISHING
COMPARE THE LINKS; DOES IT LOOK SUSPICIOUS?
Now who can access the victims’ information?
This site was registered in Missouri, but hosted in TAIWAN!
Others were hosted in Germany, Mexico, India, Czechoslovakia, and the Netherlands
There are only 5 questions that you must answer before you receive your $250 reward. Once you click to submit your answers you are taken to a page that requests your
personal information along with your credit card number so that they can “credit your account” the $250 reward.
LINK ABOVE LOOKS AUTHENTIC
NOW THE CYBER CROOK
HAS ALL OF YOUR
INFORMATION INCLUDING
CREDIT CARD, DL, AND
MOTHER’S MAIDEN NAME.WHAT CAN HE DO WITH THIS
INFORMATION?
http://www.kotlovka.ru/picnews/help/www.irs.gov
INCOME TAX PHISHING IS MOST COMMON AROUND
TAX TIME.NOTE THAT THIS RUSSIAN
CROOK WOULD HAVE CREDIT CARD AND PIN
NUMBER
Credit Report ExampleCredit Report Examplehttp://www.annualcreditreport.comhttp://www.annualcreditreport.com
• Do not give out personal identifier information over the phone or Internet.
• Stay informed about your personal financial records with frequent checks of credit history, bank records, i.e., extra or unknown transactions.
• Limit personal information on necessary public distribution items (checks, business cards).
• Purchase a home shredder.• Consider Identity Theft Insurance (controversial).• PRACTICE “SAFE HEX”
Prevention – Personal AwarenessPrevention – Personal Awareness
Ira Wilsker