1 / 22

Protecting Your Identity

Protecting Your Identity. What is IA?. Committee on National Security Systems definition: Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. CIA model

gayle
Download Presentation

Protecting Your Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Your Identity

  2. What is IA? • Committee on National Security Systems definition: • Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. • CIA model • Confidentiality: prevent disclosure from unauthorized individuals or systems • Integrity: Information cannot be modified without authorization • Availability: Information must be accessible when needed • Authentication: establishing information as authentic • Non-repudiation: ensuring that a party cannot refute that information is genuine.

  3. What is Identity Theft? • Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes • The FTC estimates that as many as 9 million Americans have their identities stolen each • Typical Identity theft crimes • Rent an apartment • Obtain a credit card or other types of debt • Establish a telephone account • Get various types of identifications in the victim’s name • Steal financial assets

  4. What is Identity Theft? • Costs of Identity Theft • Legal fees • Exorbitant amount of time • Lost job opportunities • Denial of all types of financial resources • False accusations, and potential arrests for crimes not committed

  5. How Does it Occur? • In most cases attackers need personally identifiable information (PII) or personal documents in order to impersonate the victim. • Name, Address, DOB, Birthplace, License Number, Credit Card Number, SSN • Where could an attacker find this information? • Could you be an easy target?

  6. Generation Stereotype • Millennial Generation (Us) • Users of instant communication technology • Myspace, Twitter, Facebook, Text, IM, e-mail • Tech savvy • Video Games (PC, Xbox, Playstation) • MMOs (Second Life, WOW, Lineage, Maple Story) • 90 percent own a computer in US • Spend more time online than watching TV • How much information about you is stored on somebody else’s servers? • What methods of protection are in place?

  7. Contemporary High Risk Areas • On-line shopping • Malware • Credit Card Applications • Online incentives • in person incentives • mail applications • Physical Assets • Laptops, cellphones, ipods... • Wallet, purse, checkbook... • Social Networking • Online Gaming

  8. Social Engineering • The process of using social skills to convince people to reveal access credentials or other valuable information • Common Social Engineering Techniques • Confidence Trick • Pretexting • Baiting • Quid Pro Quo • Phishing • Spear Phishing • Whaling • Phone Phishing

  9. Phishing • An attempt to obtain personal or financial information by using fraudulent means, usually by posing as a legitimate entity. • Targets • PII • Methods • Bank Account Credentials • E-mail Login Credentials • Social Networking Login Credentials • Why?

  10. Phishing Email Example

  11. Phishing Email Example

  12. Phishing Email Example

  13. Phishing Logon Example

  14. Phishing • Phishing can take many forms: • E-mails from websites or services you use frequently • Bogus job offers • They might appear to be from a friend or someone you know (Spear Phishing) • They might ask you to call a number (Phone Phishing) • They usually contain official looking logos • They usually links to phony websites that ask for personal information • Physical Mail

  15. Red Flags • “Verify your account” • “Click the link for account access” • “If you don’t respond, your account will be suspended” • “Suspicious activity alert” • Pop ups • Deceptive URLs • www.mircosoft.com • www.facesbook.com • www.192.168.XX.XX/citibank.com • Masked URLs

  16. Identity Theft • What are other method’s of stealing someone’s identity? • Technical? • Non Technical?

  17. Prevention • Shred all your important information • Don’t access personal info in public places • privacy screens • Have your checks delivered to your bank • Properly destroy storage media (hard drives,flash drives, cds...)

  18. Prevention • Drop off payment checks at the post office • Note when new credit cards are to be received • Cancel old credit cards • Use strong passwords • Don’t post personally identifiable info on the internet.

  19. Prevention • Carry only necessary information with you • Do not give out personal information unless necessary • Monitor your accounts • Order your credit report at least twice a year • Know the website you are visiting. • Ensure PII info is encrypted (SSL, TLS)

  20. Annual Credit Report • Request your Credit Report Online • https://www.annualcreditreport.com • To Request your Credit Report by Phone • Call 1-877-322-8228 • To Request your Credit Report by Mail • Annual Credit Report Request ServiceP.O. Box 105281Atlanta, GA 30348-5281

  21. Recovering From Identity Theft • What are the steps I should take if I'm a victim of identity theft? • Place a fraud alert on your credit reports, and review your credit reports • Close the accounts that you know, or believe, have been tampered with or opened fraudulently • File a complaint with the Federal Trade Commission • File a report with your local police or the police in the community where the identity theft took place

  22. Questions

More Related