IDENTITY THEFTIDENTITY THEFTJanuary 11, 2014January 11, 2014

By Ira WilskerBy Ira Wilsker

Some slides are from an ORIGINAL Presentation bySome slides are from an ORIGINAL Presentation bySgt. Eric Gilbert and Sgt. Hiland Priddy, Texas Department Sgt. Eric Gilbert and Sgt. Hiland Priddy, Texas Department

of Public Safety (DPS) for mandatory Texas Law of Public Safety (DPS) for mandatory Texas Law Enforcement Officer In Service TrainingEnforcement Officer In Service Training

GREATER CLEVELAND PC USERS’ GROUP

JANUARY 10, 2014: Personal info stolen from 70M customers, company says

The nation's second largest discounter said Friday that hackers stole personal information — including names, phone numbers as well as email and mailing addresses — from as many as 70 million customers as part of a data breach it discovered in December.

Target said in December that customers' names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.

DEBIT AND CREDIT CARD INFORMATION

STOLEN FROM TARGET FOR SALE ONLINE

THE ADDRESS IN THE “COUNTRY” COLUMN IS THE LOCATION OF THE TARGET STORE WHERE THAT CARD WAS USED

FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM TARGET FETCH PREMIUM PRICES – ALSO NOTICE

“MATURITY” OF CARDS vs. PRICE THESE ARE DEBIT CARDS

FOREIGN CREDIT AND DEBIT CARDS STOLEN FROM TARGET FETCH PREMIUM PRICES – ALSO NOTICE THAT “QUALITY” CARDS WITH HIGHER

CREDIT LIMITS FETCH HIGHER PRICES

MANY OF THESE CREDIT CARD SELLING SITES ARE LOCATED IN RUSSIA OR EASTERN EUROPE – ONES ABOVE ARE RUN BY A

RUSSIAN WITH THE HANDLE “HELKERN”

THERE HAS BEEN NO PUBLIC DISCLOSURE

ABOUT THE METHOD USED TO OBTAIN THE TARGET CREDIT

CARD INFORMATION, BUT MANY SECURITY EXPERTS ARE FAIRLY CERTAIN THAT IT WAS

LIKELY “SPEAR PHISHING” DIRECTED TO A TARGET

EMPLOYEE WHO HAD ACCESS

BULLETIN: Dated January 14, 2014 – KREBS ON SECURITY

2011 EXAMPLE THAT LED TO MASSIVE “SPEAR PHISHING” ATTACKS

APRIL 4, 2011 – Millions Exposed to Potential IDENTITY THEFT!

Dallas – The customer lists of about 2500 corporate clients of Dallas based EPSILON, a marketing company, were stolen by a hacker over the weekend. These mailing lists are used to send about 40 billion emails annually to the millions of clients and customers of these 2500 companies. EPSILON has reported that the data stolen consisted of customer names and email addresses, but not personal financial data.

A comprehensive list of companies known to have had their client email list

stolen includes (as of April 6, 2011):

1-800-FLOWERS AbeBook

AIR MILES Rewards Ameriprise Ann Taylor

Barclays Bank of DelawareBarclay's L.L. Bean Visa

Beachbody bebe

Benefit Cosmetics Best Buy

Best Buy Reward ZoneBJ's Visa Borders

Brookstone Capital One Catherine's

Charter Communications Citi

City MarketCollege Board

DellDillons

Disney DestinationsEddie Bauer

FriendsEileen FisherEthan Allen

Eurosport Soccer Express Food 4 LessFred Meyer

Fry's ElectronicsHilton Honors

Home Shoppers Network Jay C

JPMorgan ChaseKing Soopers

KrogerLacoste

Marks & Spence Marriott Rewards

McKinsey Quarterly MoneyGram

New York & Company QFC

RalphsRed Roof Inn

Ritz-Carlton Rewards Robert Half International

Scottrade

Smith BrandsTarget

TD AmeritradeTIAA-CREF

TiVoTripAdvisor.com

US BankVerizon

Victoria's SecretViking River Cruises

VisaWalgreens

World Financial Network

NOTE: Companies in RED have a presence in

this area

The millions of customers of these companies may become the targets of

PHISHING or SPEAR PHISHING.

PHISHING uses spoofed or counterfeit duplicates of authentic websites for the

explicit purpose of IDENTITY THEFT. The victim is tricked into entering valuable personal information on the website.

Information solicited is typically credit or debit card numbers, PIN numbers,

security codes, expiration dates, user names, account numbers, and passwords.

SPEAR PHISHING is a similar form of IDENTITY THEFT but the emails are targeted to specific users. Since the

cyber crook has the customer information from these companies, they will likely be

selling that information or using it to send out millions of SPAM emails that look authentic, appearing to be from real

companies where the target victim really has an account. This tends to improve

the success rate, with more victims disclosing their personal information.

AUTHENTIC WARNING ABOUT EPSILON BREACH

7:42PM APRIL 4

THIS IS THE GENUINE WARNING

ALL OF THESE LINKS LOOK REAL, BUT REALLY CONNECT TO A CROOK IN RUSSIA!

A MORE TRADITIONAL PHISHING EMAIL

NOTE THAT THE CROOK IS ASKING FOR THE DEBIT CARD NUMBER,

SECURITY CODE AND PIN NUMBER!THIS WOULD NO LONGER BE YOUR DEBIT CARD, AND YOUR ACCOUNT

WILL BE QUICKLY EMPTIED

NOTE THE SPELLING IN THE URL…

“orangesavLngs.com

Domain Name: ORANGESAVLNGS.COM Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Creation Date: 13-jun-2008 Expiration Date: 13-jun-2009 Domain Name.......... orangesavlngs.com Organisation Name.... John Davis Organisation Address. 49960 Esperanza Organisation Address. Organisation Address. carson Organisation Address. 95350 Organisation Address. CA Organisation Address. UNITED STATES

Admin Email.......... johndaviiis88@yahoo.com Admin Phone.......... +1.5554843948 Admin Fax............

orangesavLngs.com

NOTE THE PHONEY “555” AREA CODE THERE IS NO 555

NOTE CORRECT URL ABOVE

Identity theft is not just an unauthorized charge on a credit

card anymore.

Identity theft, according to the Federal Trade Commission, “occurs

when someone uses your personally identifying information,

like your name, Social Security number or credit card number,

without your permission, to commit fraud or other crimes.”

• Personal:– Name and Date of Birth– Social Security Number– Address and phone numbers– Driver’s license and passport numbers– Mother’s maiden name; pet name; etc.

• Financial:– Credit card numbers (including

security codes)– Bank account numbers– ATM Card and PIN numbers– Insurance policy numbers

Types of IdentifiersTypes of Identifiers

Official US Gov’t ID THEFT WEBSITEOfficial US Gov’t ID THEFT WEBSITE

http://www.ftc.gov/idtheft (redirectshttp://www.ftc.gov/idtheft (redirects))

ftc.gov/idtheft (redirects)

1-877-ID THEFT1-877-ID THEFT

FREE PUBLICATIONS

FROM THE FEDERAL

TRADE COMMISSION

FTC.GOV/idtheft

Identity fraud incidents and amount stolen increased—The number of identity

fraud incidents increased by one million more consumers over the past year, and the dollar

amount stolen increased to $21 billion, a three-year high but still significantly lower than the all-time high of $47 billion in 2004. This equates to 1 incident of identity fraud

every 3 seconds.

2013 IDENTITY THEFT REPORT from JAVELIN RESEARCH (2/13)

1 in 4 data breach notification recipients became a victim of identity fraud—This

year, almost 1 in 4 consumers that received a data breach letter became a victim of

identity fraud, which is the highest rate since 2010. This underscores the need for

consumers to take all notifications seriously. Not all breaches are created equal. The

study found consumers who had their Social Security number compromised in a data

breach were 5 times more likely to be a fraud victim than an average consumer.SOURCE: Javelin Research 2/13

DECEMBER 12, 2013 http://www.bjs.gov

16.6 MILLION PEOPLE EXPERIENCED IDENTITY THEFT IN 2012Financial losses totaled $24.7 billion

WASHINGTON – An estimated 16.6 million people, representing 7 percent of all persons age 16 or older in the United States, experienced at least one incident of identity theft in 2012, the Justice Department’s Bureau of Justice Statistics (BJS) announced today.

Financial losses due to personal identity theft totaled $24.7 billion, over $10 billion more than the losses attributed to all other property crimes measured in the National Crime Victimization Survey. About 14 percent of victims suffered an out-of-pocket financial loss due to the most recent incident of identity theft. Of the victims who experienced an out-of-pocket loss, about half lost $99 or less.

In 2012, the misuse or attempted misuse of an existing account was the most common type of

identity theft — experienced by 15.3 million people. An estimated 7.7 million people reported

the fraudulent use of a credit card and 7.5 million reported the fraudulent use of a bank account such as a debit, checking or savings account. Another 1.1 million persons had their information misused to open a new account,

and about 833,600 persons had their information misused for other fraudulent purposes.

SOURCE: Victims of Identity Theft, 2012 (NCJ 243779)

SOURCE: http://www.bjs.gov/content/pub/pdf/vit12.pdf

SOURCE: FTC

SOURCE: BJS

SOURCE: FTC

Arizona, California, Florida, Texas, and Nevada are the top 5 states for Identity Theft

Why are THESE states in RED? The answer is “Politically Incorrect”

OHIO IS RANKED 29th IN IDENTITY THEFT

PHISHINGPHISHINGNote the warning in the subject Note the warning in the subject

line of the email belowline of the email below

LINK ABOVE LOOKS AUTHENTIC

NOTE INTERNET ADDRESS IN THE ADDRESS BAR IT IS NOTE INTERNET ADDRESS IN THE ADDRESS BAR IT IS LOCATED IN KOREALOCATED IN KOREA

WHOSE CREDIT CARD IS IT NOW? WHAT HAPPENS NEXT?

FORWARD TO: spoof@paypal.com

EBAY PHISHING TO STEAL PASSWORDSEBAY PHISHING TO STEAL PASSWORDS

LINK ABOVE LOOKS AUTHENTIC

NOTE INTERNET ADDRESS IN THE ADDRESS BAR – IT IS IN INDIANOTE INTERNET ADDRESS IN THE ADDRESS BAR – IT IS IN INDIA

Forward to: spoof@ebay.com

PHISHING

COMPARE THE LINKS; DOES IT LOOK SUSPICIOUS?

Now who can access the victims’ information?

This site was registered in Missouri, but hosted in TAIWAN!

Others were hosted in Germany, Mexico, India, Czechoslovakia, and the Netherlands

There are only 5 questions that you must answer before you receive your $250 reward. Once you click to submit your answers you are taken to a page that requests your

personal information along with your credit card number so that they can “credit your account” the $250 reward.

LINK ABOVE LOOKS AUTHENTIC

NOW THE CYBER CROOK

HAS ALL OF YOUR

INFORMATION INCLUDING

CREDIT CARD, DL, AND

MOTHER’S MAIDEN NAME.WHAT CAN HE DO WITH THIS

INFORMATION?

http://www.kotlovka.ru/picnews/help/www.irs.gov

INCOME TAX PHISHING IS MOST COMMON AROUND

TAX TIME.NOTE THAT THIS RUSSIAN

CROOK WOULD HAVE CREDIT CARD AND PIN

NUMBER

Credit Report ExampleCredit Report Examplehttp://www.annualcreditreport.comhttp://www.annualcreditreport.com

• Do not give out personal identifier information over the phone or Internet.

• Stay informed about your personal financial records with frequent checks of credit history, bank records, i.e., extra or unknown transactions.

• Limit personal information on necessary public distribution items (checks, business cards).

• Purchase a home shredder.• Consider Identity Theft Insurance (controversial).• PRACTICE “SAFE HEX”

Prevention – Personal AwarenessPrevention – Personal Awareness

Ira Wilsker

iwilsker@sbcglobal.net