1 / 59

The ABC’s of Identity Theft

The ABC’s of Identity Theft. Part One in a multi-part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery. Objectives Security Overview Define “identity theft” Evaluate criminal methodologies Consider “protective” solutions.

azriel
Download Presentation

The ABC’s of Identity Theft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The ABC’s of Identity Theft Part One in a multi-part series of overviews on Disaster Avoidance, Business Continuity and Disaster Recovery

  2. Objectives • Security Overview • Define “identity theft” • Evaluate criminal methodologies • Consider “protective” solutions

  3. Interesting information… • 25 million new strains of malware are presented in just one year • 23 new malware samples per minute • Banker trojans make up 66% of all malware • 95% of the bits and bytes sent across the internet consists of “unstructured” data • PDF • JPG/GIF • MPEG SOURCE: Infoweek TechWeb Webcast of 2/17/2010

  4. Interesting information (cont)… • The most alarming sources of malware attacks come from: • Social Networking @ 31% • Web sites @ 29% • Email @ 17% SOURCE: Infoweek TechWeb Webcast of 2/17/2010

  5. Interesting information (cont)… • Facebook receives 15 million requests for service PER SECOND • 49 % of companies polled allow their staff to access Facebook SOURCE: Infoweek TechWeb Webcast of 2/17/2010

  6. Potential Threat Vectors… • Web site attacks on browsers • Social networks • Email accounts • Wireless access points

  7. “Vectors” of choice…

  8. A new site to watch (or not)… • Reported in Sunday’s New York Times • CHATROULETTE Only three months old and has grown to tens of thousands of users

  9. During the 2nd half of 2008, 70 of the top 100 websites were found to have been compromised or contained links to malicious sites.

  10. A recent Oracle survey… • Security threats are poorly understood • 33% of those polled stated identity theft was a potential barrier to online purchasing • 42% were worried that personal details might be intercepted • 30% stated they didn’t trust web site security measures

  11. Fringe sites… The problems only occur after the user decides to click the link!

  12. Identity Theft

  13. Identity theft in its simplest form is the compromise and use of your personal data for the purpose of committing a fraudulent act.

  14. It isn’t about credit card receipts • It doesn’t always come from those unsolicited credit card company invitations • It doesn’t happen from people looking over your shoulder at the ATM

  15. What they want… • DOB • SSN/National ID number • Online banking information • Email address and passwords • Mailing address • Telephone number

  16. Why they do it… • Access to your bank accounts • Access to your credit card accounts • Use of your personal data to secure credit • Use of your personal data to obtain fraudulent identification papers

  17. Criminal Methodologies

  18. Cybercrime today has solid roots in Romania, Bulgaria and Russia. Their “take” amounts to hundreds of thousands of dollars per day.

  19. ???

  20. IP Address • Email Address • Facebook

  21. How they do it… • Overt “hacking” • Trojans • Key loggers • Phishing/scam emails

  22. Hacking • Remote access of private areas of the company server environment • Primarily access over the web • 1) access into then company home page • 2) access into sensitive files areas • Unlawful or malicious removal of sensitive information • Internal/local access • 1) USB drives • 2) CD burners • 3) Rogue wireless devices

  23. Trojans Potentially malicious executable files that access critical areas or files in your network or computer.

  24. Key Loggers Beware! These executables have the ability to record ALL your password entries and then send them off to a specific address without you knowing it.

  25. “Phishing” and scam emails Emails that solicit the recipient to divulge key information in order to gain access to specific data.

  26. How malware propagates… “botnet” is a term associated primarily with the negative aspects of malware distribution

  27. One Support Website One Pharmacy One Merchant Account Billions of Messages 10-15 Unique Site Designs 100’s Web Servers 1,000’s URLs 10,000’s Message Variants 100,000’s Zombies

  28. The problems only occur when the user decides to click the link!

  29. What looks “innocent” really isn’t. Would you provide this information to a stranger?

  30. So, do you think this looks official and legitimate?

  31. Protection Options

  32. Anti-virus update… • Symantec (Norton) will leave the business • McAfee is strengthening its position • RSA is winning huge projects • Sendio, Red Condor, AVG, etc…

  33. “Security” regulations… • HIPAA - Health Information Portability and Accountability Act • HITECH - Health Information Technology for Economic and Clinical Health Act • PCI - Payment Card Industry • Sarbanes-Oxley

  34. Protection methods… • Firewall • Resident Antivirus app • Spyware/Malware app • Endpoint security • Forensics Individual Corporate

More Related