10101011110101010101101011010100000101110101010100101001001010101010101010001101010111 11001 10101011110101010101101011010100000101110101010100101001001010101010101010001101010111 11001 www.sph3r3.com “ … delivering the information solutions required by the digital enterprise.” What, How, and Responding to Identity Theft Matthew E. Luallen [email protected]
18
Embed
Matt Luallen Explains What, How and Responding to Identity Theft
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
How identity thieves GET your personal information
How identity thieves GET your personal information
• Steal – wallets and purses containing your identification and credit and bank
cards. – your car, with insurance paperwork– your mail, including your bank and credit card statements, pre-approved
credit offers, new checks, and tax information. – your hotel bill from under your door, you check out – they check in.
• Complete a “change of address form” to divert your mail to another location.
• Dumpster Diving • Obtain credit reports fraudulently• They find personal information in your home and on the Internet.• Bribing co-workers and other internal employees• Phishing / Email Scams; Computer Hacks
Phishing / Pharming (new name, old game) - CERT Advisory
Phishing / Pharming (new name, old game) - CERT Advisory
• http://www.cert.org/advisories/CA-1991-04.html• I. Description• The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received several incident reports concerning users receiving requests to take an action that results in the capturing of their password. The request could come in the form of an e-mail message, a broadcast, or a telephone call. The latest ploy instructs the user to run a "test" program, previously installed by the intruder, which will prompt the user for his or her password. When the user executes the program, the user's name and password are e-mailed to a remote site. We are including an example message at the end of this advisory. These messages can appear to be from a site administrator or root. In reality, they may have been sent by an individual at a remote site, who is trying to gain access or additional access to the local machine via the user's account.
• While this advisory may seem very trivial to some experienced users, the fact remains that MANY users have fallen for these tricks (refer to CERT Advisory CA-91.03).
• How were identities stolen?– Stolen Laptop– Lost Backup Tapes– Hacking– Accidental Online Exposure– Email Exposure– Dishonest Insider– Passwords Compromised– File Boxes Left Unattended and Unshredded– Hard Drives Stolen– External Auditor Loses Internal CD