Insider`s Guide to Information Security and Avoiding Identity Theft 2

Transcription

Insider's Guide to Information Security
and Avoiding Identity Theft
Written & Presented By: Stephen M.Yoss, Jr., CPA
February 16, 2016 . Claremont, California
Insider's Guide to Information Security and Avoiding Identity Theft
1
NEXT
About the Presenter
Stephen M. Yoss, Jr., CPA
If I’m not speaking, in class, or developing
software then I must be getting my hands
dirty at a fireworks show!
‣
‣
Founder and principal of MantisPRO
‣
‣
Proud graduate of Loyola Marymount University
‣
Started working with technology at age 10 in family’s
accounting firm
‣
Actively works in software and technology product
development
Certified public accountant with experience in public and
private accounting
Currently pursuing a Master’s degree in Information
Systems and Technology at Claremont Graduate University
2
NEXT
Top Left: 75th Anniversary of the Golden Gate Bridge, San Francisco, CA
Top Right: KGB Skyshow, San Diego, CA
Bottom Left: Brooklyn Bridge, New York, NY
3
NEXT
Module One. Identity Theft.
4
NEXT
Trends in Security and Privacy
Privacy
The
Internet
A helpful Venn diagram of privacy and the Internet.
5
NEXT
A Discussion on Identity Theft
‣ Defining identity theft
‣ Major breaches
‣ Signs of identity theft
‣ Medical identity theft
‣ Tax return identity theft
‣ Resolving identity theft & resources
6
NEXT
Identity Theft Defined
According the US Dept. of Justice, identity theft is:
‣ "But he that filches from me my good name/Robs me
of that which not enriches him/And makes me poor
indeed.” - Shakespeare, Othello, act iii. Sc. 3.
‣ Identity
theft and identity fraud are terms used to
refer to all types of crime in which someone involves
frames or deception, typically for economic gain.
Want to Learn More? http://goo.gl/KnkNA
Essentially, someone exploiting your personal information
for their personal gain.
7
NEXT
How Identity Theft Works
‣ Obtain.
Criminal obtains uniquely identifying
information about a target. The information can
come from online sources such as phishing emails
or physically obtained.
‣ Sell. Most of the time the people who obtain the
personal information sell it to other parties.
Want to Learn More? http://goo.gl/1Iq5M
‣ Exploit.
The uniquely identifying personal
information is used for financial gain through
opening credit cards or obtaining loans.
8
NEXT
Identity Theft: By the Numbers
Want to Learn More? http://goo.gl/o1Azcv
‣
‣
Identity theft is the fastest growing crime in America.
‣
It takes the average victim an estimated $500 and 30
hours to resolve each identity theft crime.
‣
Financial institutions, like banks and creditors, usually
only hold the victim responsible for the first $50 of
fraudulent charges.
‣
Only 28% of identity theft cases involve credit or
financial fraud. Phone, utility, bank, and employment fraud
make up another 50% of cases.
Every minute about 19 people fall victim to identity
theft.
9
NEXT
Recent Major Identity Theft Examples
Want to Learn More? http://goo.gl/Xt7MZd
‣
In 2013, Mauricio Warner of Atlanta, Georgia filed 5000
fraudulent tax returns using stolen information. He
received over $6M dollars in refunds. Victims were told
they could submit an application for a “stimulus
payment” or “free government money” by providing
their names and social security numbers.
‣
In 2011, Amar Singh and his associates stole in excess of
$13m dollars from victims in three months. The
obtained credit card information from fake websites as
well as RFID scanners in stores. They generated fake
new cards and spent as much as possible as quickly as
possible.
10
NEXT
Recent Data Breach with the IRS
‣ Criminals used stolen information to gain access to past tax
‣
‣
‣
Want to Learn More? http://goo.gl/8RJ39f
‣
returns for more than 100K people using the Agency’s
electronic transcript service.
Criminals used information such as social security numbers,
dates of birth and other information obtained from other data
breeches to get through the multistep authentication process.
More than 200,000 attempts to view the past returns using
stolen information were made from February to mid-May, and
about half were successful.
The Agency reportedly sent nearly $50M in refunds before the
fraud was detected.
The Agency strongly believes that the fraud was perpetrated by
organized crime syndicates from around the world.
11
NEXT
Recent Data Breach with Federal OPM
‣
‣
‣
‣
‣
‣
In April 2015, the US Office of Personnel Management was attacked and
breached. Approximately 4M personnel records were compromised.
The breach focused on current and, former and prospective federal
government employees who had security clearances.
The breached data included detailed background security-clearancerelated background information.
The Chinese government is suspected as sponsoring the attack, but they
have denied the allegation.
The motive is unclear, but it is suspected that this information will be
used to help conceal future potential spies as well as expose US
government operatives.
Hacked federal files couldn't be encrypted because government
computers were too old.
Want to Learn More? http://goo.gl/s1j7tG
12
NEXT
What Happens with Stolen Data?
Want to Learn More? http://goo.gl/TdiP
‣
Substantially all stolen data is sold on the Dark Web.
Most often using the TOR network. TOR is free software
for enabling online anonymity and censorship resistance.
‣
TOR directs Internet traffic through a free, worldwide,
volunteer network consisting of more than five thousand
relays to conceal a user's location or usage from anyone
conducting network surveillance or traffic analysis.
‣
The Dark Web contains vendors that sell everything
from illegal narcotics, to illegal steroids, to illegal
firearms. If is illegal, it can be found on the Dark Web.
13
NEXT
Signs of Identity Theft
Signs that someone might have stolen your identity:
‣ You see withdrawals from your bank account that you
can’t explain.
‣ You don’t get your bills or other mail.
‣ Merchants refuse your checks.
‣ Debt collectors call you about debts that aren’t yours.
‣ You find unfamiliar accounts or charges on your credit
report.
‣ The IRS notifies you that more than one tax return was
filed in your name, or that you have income from an
employer you don’t work for.
Want to Learn More? http://goo.gl/ZcNTmD
14
NEXT
Identity Theft and Social Media
‣ When you share your personal information, photos, and travel
plans on social media sites, you may be putting yourself at risk and
giving someone the keys to steal your identity. Avoid sharing too
much information:
‣ Don’t post or share your e-mail address on a public profile.
‣ Don’t share answers to common security questions like:
mother’s maiden name, high school, graduation date, mascot,
names of children, or pets.
‣ Be aware that hackers can find out personal information from
quizzes you answer.
‣ Be careful installing applications from sources you don’t trust.
‣ Avoid checking in from your GPS or posting your travel plans.
Want to Learn More? http://goo.gl/RZs8QW
15
NEXT
Medical Identity Theft
‣ Medical identity theft occurs when a perpetrator uses a victim’s
Want to Learn More? http://goo.gl/WE4Dmq
name, health insurance information, or identifying information
to see a doctor, get prescription drugs, file a health insurance
claims, or get other care. Signs of medical identity theft include:
‣ A bill for medical services you didn’t receive.
‣ A call from a debt collector about a medical debt you don’t
owe.
‣ Medical collection notices on your credit report that you
don’t recognize.
‣ A notice from your health plan saying you reached your
benefit limit.
‣ A denial of insurance because your medical records show a
condition you don’t have.
16
NEXT
Tax Return Identity Theft
Taxpayer Guide to Identity Theft
‣
Identity theft can also use personal information to file tax returns
to claim fraudulent refunds.
‣
In tax-related identity theft, the criminal generally will use a stolen
SSN to file a forged tax return and attempt to get a fraudulent
refund early in the filing season.
‣
You may be unaware that this has happened until you file your
return later in the filing season and discover that two returns have
been filed using the same SSN.
‣
In addition to the normal recovery procedures, the taxpayer
should complete Form 14039, Identity Theft Affidavit.
Want to Learn More? http://goo.gl/MDWVk
17
NEXT
Are Identity Theft Losses Deductible?
‣ You can deduct losses related to identity theft
to the extent you are not reimbursed or
compensated for the loss.
‣ To
claim the deduction, complete IRS Form
4684, Casualties and Thefts. Part A is for
personal losses. Part B is for business losses.
‣ Keep meticulous records about the losses and
related expenses in case of audit.
Want to Learn More? http://goo.gl/M8FTWl
18
NEXT
Child Identity Theft
‣ Children comprise the fastest-growing segment of identity theft
victims. There are approximately 500K cases of child identity theft
annually.
‣ Criminals target children as they have clean credit records, making it
easy for the criminal to create new accounts. Additionally, most
parents don’t check to see if their children have credit records, the
crime can go unnoticed for years.
‣ Many cases of child identity theft aren’t discovered until the child
applies for a driver’s license or first job.
‣ Child identity theft typically involves the creation of new accounts.
Want to Learn More? https://goo.gl/9w9uDz
According to the FTC, new account fraud causes considerably more
harm to victims in both out-of-pocket expense and the time it takes
to repair the damage.
19
NEXT
Child Identity Theft
What to Look Out For
‣
‣
‣
‣
‣
‣
Want to Learn More? https://goo.gl/9w9uDz
‣
‣
Hospital records and physicians’ offices
School records
Day care centers
Library cards
Sports team applications
Online social networks, in which thieves coax information
from teens
Immunization records
Any type of public record where the child’s name, social
security number and date of birth are included
20
NEXT
Put a Fraud Alert on Your Credit File
‣ Place
a fraud alert with the credit reporting
companies.
1-800-680-7289 http://goo.gl/qM47S6
‣ Get your free credit reports.
‣ Create
1-800-525-6285
http://goo.gl/VqNTN
an Identity Theft Report by filing a
complaint with the Federal Trade Commission
(https://www.ftccomplaintassistant.gov/) and your
local police department.
‣ Keep meticulous records and rigorously follow up
1-888-397-3742 http://goo.gl/mXzKo
with creditors and agencies.
21
NEXT
Resources for Identity Theft Resolution
‣
The Federal Trade Commission is the primary
government agency for managing identity theft crimes. http://goo.gl/3ugBJ
‣
The United States Secret Service is responsible for
maintaining the integrity of the nation's financial
infrastructure and payment systems. http://goo.gl/JUfZ
‣
Local law enforcement agencies can help with filing
police reports, local investigations, and local resources.
‣
Private investigators and can be helpful in identifying
and finding perpetrators.
22
NEXT
Identity Guard
Comprehensive identity theft protection and credit monitoring services.
Want to Learn More? http://goo.gl/IAxA
Identity Guard provides comprehensive credit and identity theft
prevention services that focus on:
‣ Monitor & Protect. They continually keep an eye out for
your personal information appearing where it shouldn’t. You
will be notified immediately in the event your identity or
credit is compromised.
‣ Recover. In the event your identity or credit is compromised,
they have a tools and services to help resolve the issue.
Additionally, they offer $1M in identity theft insurance.
‣ Credit Profiles. You can regularly get a copy of your credit
score and reports from all three major credit agencies.
23
NEXT
Identity Theft & Passwords
Want to Learn More? http://goo.gl/WqNEm
‣
Email. Always use a separate and complex password
for your email. Never use it anywhere else.
‣
Password manager. Consider using a password
manager such as mSecure (https://
msevensoftware .com) or LastPass (https://
lastpass.com/).
‣
Password managers keep all your passwords
organized, secured, and stored in a single location.
‣
Easily generate long, highly complex passwords for
each individual website or service.
24
NEXT
The Buck Stops with You
At the end of the day, you are
ultimately responsible for preventing,
detecting, stopping, resolving, and
managing your identity.
It’s your life.
25
NEXT
Stephen M.Yoss, Jr., CPA
Feel free to call: (909) 694-0075
Send me an email:
steve.yoss@mantispro.com
Connect with me on
LinkedIn.
26
NEXT
Thank you and good luck!
Thank for submitting your evaluation for this session.
27
NEXT

Insider`s Guide to Information Security and Avoiding Identity Theft 2

Transcription

Similar documents

Procedures and Practices when dealing withTheft in the Workplace

Form 990 for GLADWYNE MONTESSORI SCHOOL (23

272280 jan 08 nl-ngfcu - National Geographic Federal Credit Union

Teichert Construction Theft - Construction Industry Crime Prevention

Identity Theft

April

stockmens insurance agency llc

Don`t hatchet your counts before they

Business Profile • Group Benefits