Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, LLRX.com www.llrx.com Author, beSpacific.com www.bespacific.com Barbara Fullerton, Director of Library Services Locke Liddell & Sapp LLP [email protected]
47
Embed
Spam, Phishing and Fraud on the Net Sabrina I. Pacifici, Law Librarian Founder, Editor, Publisher, LLRX.com Author, beSpacific.com .
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
• This presentation highlights federal, state, association, advocacy, corporate, commercial and news related resources providing reliable data that addresses the issues of spam, fraudulent website claims and offers, and attempts to obtain personal data to perpetrate ID theft.
• Websites and resources have been selected based on authority and topical relevance. We welcome your suggestions and recommendations for relevant sites not mentioned, for inclusion in this guide.
Barbara J. Fullerton & Sabrina I. Pacifici
Is This Spam?
Barbara J. Fullerton & Sabrina I. Pacifici
This is Spam…
• Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" – Email that is “unwanted, “inappropriate”
and no longer wanted…”http://www.clickz.com/experts/em_mkt/em
_mkt/article.php/1492521
Stats on Spamhttp://www.mailfrontier.com/threats/stats.html
The Difficulties of Tracing Spam Email – Report prepared at request of FTC
Barbara J. Fullerton & Sabrina I. Pacifici
Example: Spam Reduction PolicyThis is one of a number of internet and extranet sites (each, a “Practice Website”)
accessed through the Internet and sponsored, owned, controlled and/or maintained by Mayer, Brown, Rowe & Maw (which is a combination of two limited liability partnerships, each named Mayer, Brown, Rowe & Maw LLP, one established in Illinois, USA, and one incorporated in England) (together with all owned or controlled subsidiaries and affiliates thereof (collectively, the “Practice”)) whose principal place of business in the United States of America is 190 South LaSalle Street, Chicago, Illinois 60603-3441.
IntroductionReceipt of Unsolicited Bulk Email (UBE also known as "spam") is a growing concern for Email users at the Practice. This document provides a description of what the Practice is doing about it, why and how that affects senders.
• This document serves several purposes and addresses several types of readers.
1. The user who wants to know what the Practice is doing about spam. 2. The legitimate user who finds that he/she is no longer able to send Email to a
Practice userhttps://registration.mayerbrownrowe.com/registration/helpcenter/spam.asp
What Companies are Doing• AMERICAN EXPRESS - How to Contact American Express
about Fraudulent E-Mails
• If you receive an e-mail that you believe could be fraudulent, immediately forward it to [email protected]. Please do not forward the e-mail as an attachment. Please note that any submissions to this email address will result in an auto-generated reply to notify you that we have received your e-mail. If we find it to be fraudulent, we will immediately take appropriate action. For consumers requiring additional assistance, please contact us at Contact American Express– http://www10.americanexpress.com/sif/cda/page/
0,1641,21372,00.asp
Barbara J. Fullerton & Sabrina I. Pacifici
Barbara J. Fullerton & Sabrina I. Pacifici
E-Mail Fraud
• From U.S. Bank: Email Fraud Information and Help – Customer Alert and Data on Phishing Scams http://tinyurl.com/2h3vv
What is Phishing?--- listening to music by the band called Phish
--- a hobby, sport or recreation involving the ocean, rivers or streams…nope
“Fishing for personal information”• Use “spoofed” e-mails and fraudulent
websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc. – Anti-Phishing Working Group
Example of PhishingFrom: Customer Support [mailto:[email protected]]
Sent: Thursday, October 07, 2004 7:53 PM
To: Eilts
Subject: NOTE! Citibank account suspend in process
Dear Customer:
Recently there have been a large number of cyber attacks pointing our database servers. In order
to safeguard your account, we require you to sign on immediately. This personal check is requested of you as a precautionary measure and to ensure yourselves that everything is normal with your balance and personal information. This process is mandatory, and if you did not sign on within the nearest time your account may be subject to temporary suspension. Please make sure you have your Citibank(R) debit card number and your User ID and Password at hand. Please use our secure counter server to indicate that you have signed on, please click the link bellow: http://211.158.34.249/citifi/. Note that we have no particular indications that your details have been compromised in any way. Thank you for your prompt attention to this matter and thank you for using Citibank(R)
• Publish your mail server addresses (to thwart spoofing)
• Educate customers (and employees)• Establish online communication protocols• Create a response plan now• Proactively monitor for phishers and fraud• Make yourself a difficult target
• Never click on hyperlinks• Use Anti-SPAM filters• Use Anti-Virus Software• Use personal firewalls• Keep all software updated• Always look for https and
sites that ask for “personal information”
• Keep computer clean from Spyware
• Know Fraudulent activity on the Internet
• Check your credit report immediately for free!
• If unsure, ask!
Barbara J. Fullerton & Sabrina I. Pacifici
Industry Sponsored Anti-Phishing Efforts• “The Anti-Phishing Working Group (APWG) is an industry
association focused on eliminating the identity theft and fraud that result from the growing problem of phishing and email spoofing.” http://www.antiphishing.org/ – An updated chart of examples of phishing attacks submitted to
antiphishing.org are available here: http://www.antiphishing.org/phishing_archive.htm
• White Paper, Anti-Spam Technical Alliance, 22 June 2004, http://tinyurl.com/2qaje
• Microsoft Anti-Spam Virtual Press Room, http://www.microsoft.com/presspass/events/antispam/material.asp
• TECF – Trusted Electronic Communications Forum http://www.tecf.org/– “The Trusted Electronic Communications Forum (TECF) is a
global, cross-industry consortium of industry leaders focused on efforts to eliminate the phishing and spoofing attacks that lead to identity theft and brand distrust.”
• Identity Theft Penalty Enhancement Act (ITPEA), signed by the President on July 15, 2004 - To amend title 18, United States Code, to establish penalties for aggravated identity theft, and for other purposes.
– The President’s remarks upon signing the bill: http://www.whitehouse.gov/news/releases/2004/07/20040715-3.html
– The text of the bill:
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.01731: For Reference, see also the Fair and Accurate Credit
Transactions Act of 2003, H.R.2622, To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes.
Became Public Law No: 108-159. http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02622:
• The Federal Trade Commission (http://www.ftc.gov) serves as clearinghouse to receive consumer complaints and provide assistance.
• National and State Trends in Fraud and Identity Theft, January – December 2003, http://www.consumer.gov/sentinel/pubs/Top10Fraud_2003.pdf
• ID Theft: When Bad Things Happen To Your Good Name: “a step-by-step guide to prevent ID theft that also provides useful documentation on services and resources available to those who are already victims of fraud.” http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm
• ID Theft Complaint Input Form https://rn.ftc.gov/dod/widtpubl$.startup?Z_ORG_CODE=PU03
• ID Theft Alert website reviews how identity thieves work, provides government reports and Congressional testimony, law enforcement updates and links to other identity theft sites. http://www.consumer.gov/idtheft/
• Your file cannot be shared with potential creditors. Most businesses will not open credit accounts without checking a consumer's credit history first.
• Must write to all 3 credit companies; set-up with PIN• You can order a credit report, but no one else can• Only available in 2 states
– California and Texas– Louisiana and Vermont make it available July 2005– See this AP article, Credit bureaus shun identity theft weapon,
http://msnbc.msn.com/id/5841962/, for more details
• Only you can unfreeze it• Used only in extreme measures• Fee for lifting the freeze: $10-$15 for each transaction
Barbara J. Fullerton & Sabrina I. Pacifici
At Home: Preventing ID Theft
• If you are buying a new computer, you need to take the following steps to prevent your information from being stolen from your old computer– Clean your disk – Destroy that hard drive, or remove it– Donate rest of computer to charity or recycle it
Barbara J. Fullerton & Sabrina I. Pacifici
Other Resources on PC Security, Spam and ID Theft, sponsored by the federal government
• Louisiana credit freeze info http://www.ag.state.la.us/calerts/alert0004.aspx
• Links to State Attorneys General Websites http://www.findlaw.com/11stategov/indexag.html
• ID Theft Statutes as of July 2003 http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm
• National Conference of State Legislatures (NCSL), Identity Theft Information, http://www.ncsl.org/programs/lis/privacy/idtheft.htm • Identity Theft Legislation updated as of August 20, 2004
• Equifax Phone: 800-685-1111; P.O. Box 105788, Atlanta, GA 30348
• ExperianPhone: 888-397-3742; P.O. Box 95554,
Allen, TX 75013
• TransUnionPhone: 888-909-8872; P.O. Box 6790, Fullerton, CA 92834
• Consumer Info’s Free Credit Report
http://tinyurl.com/49rug
Don’t Like those Nasty Pre-Approved Credit Card Offers?
Opt Out!
1-888-5OPTOUT
Good for 2 years or permanent
Barbara J. Fullerton & Sabrina I. Pacifici
What is Spyware?
Any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties.
Defined by searchCRM.com
Barbara J. Fullerton & Sabrina I. Pacifici
What is Adware?
Any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen.
Defined by searchSmallBizIT.com, http://searchsmallbizit.techtarget.com/
Barbara J. Fullerton & Sabrina I. Pacifici
Resources on Spyware• Who Downloaded the Spyware? Not Me! by Chris Hayes, May 24,
2004, http://www.llrx.com/features/spyware.htm• Spyware: What You Don't Know Can Hurt You, Hearing by the
Subcommittee on Commerce, Trade, and Consumer Protection, April 29, 2004, Link to Witness List & Prepared Testimony, Related Documents and Bills, http://energycommerce.house.gov/108/Hearings/04292004hearing1255/hearing.htm
• Spyware Warrior, Waging the war against spyware http://www.netrn.net/spywareblog/
• Spyware vs. spyware“Lawmakers are preparing to attack spyware, but efforts could criminalize common tools and techniques currently in use.” http://www.infoworld.com/article/04/08/30/HNspyware_1.html
• McAfee releases VirusScan with intrusion prevention http://www.infoworld.com/article/04/08/30/HNmcafeevirusscan_1.html
Blog devoted to fighting spyware – Spyware Warrior
Barbara J. Fullerton & Sabrina I. Pacifici
Additional Resources on Spyware
• From Lehigh University Library & Technical Services, Guide to Spybot Search & Destroy 1.3: Downloading, Installing, and Using Spybot - http://www.lehigh.edu/~inlts/help/spyware/spybotinstall.html
• beSpacific.com, the blog on law and technology news: postings on spyware http://www.bespacific.com/mt/mtsearch.cgi?IncludeBlogs=1&search=spyware
• And for broadband users, this article, http://www.thebusinessledger.com/Articles.asp?artId=573&isuID=25 recommends free applications and software.
Spyware Warrior – links to spyware help forums and free anti-spyware software
Barbara J. Fullerton & Sabrina I. Pacifici
Selected Anti-Spyware Articles & Resources
• Spy Stoppers by Cade Metz, March 2, 2004, http://www.pcmag.com/article2/0,4149,1525474,00.asp
• Compare Top Spyware Removers, http://www.spywareremoversreview.com/
• Spyware - It's lurking on your machine, by Cade Metz, http://www.pcmag.com/article2/0,1759,978170,00.asp
• Your PC May Be A Haven for Spies, by Dan Tynan, http://www.pcworld.com/news/article/0,aid,116526,00.asp
• Poor Defenders – “Some anti-spyware companies use confusing ads, and our tests show their $20-$60 products are less effective than free competitors.” http://www.pcworld.com/news/article/0,aid,118362,00.asp
• http://www.pcworld.com/resource/printable/article/0,aid,116302,00.asp • Special Report: Readers Take The Offensive Against Spyware, Aug. 9,
2004, http://tinyurl.com/3jadn • The Soft Invasion, by Walter S. Mossberg, August 2004, WSJ,
http://ptech.wsj.com/archive/report-200408.html • Microsoft’s Protect Your PC site