ID Theft Fast Facts
Business Identity Fraud - Is defined as fraud that involves the use of a Company's name, address, tax identification number, bank account number(s), business credit card(s), business credit information, purchase orders, or other identifying information, without the knowledge of the Company's principals, and such information is used to commit fraud or other crimes.
Business Data Breach - Is defined as an accidental or malicious incident resulting in the loss of non-public, personal information of employees or customers. This includes, but is not limited to: accidental release or publication of information, network or database intrusion, lost documents, hardware or software, physical security breach, stolen documents, hardware, media, or unauthorized employee intrusion.
Consumer Identity Theft - The FTC defines "identity theft" as a fraud that is committed or attempted, using a person's identifying information without authority.
Personally Identifiable Information (PII) - Refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.
Personal Privacy - Your personal information is more than your name, address and Social Security number (SSN). It includes your shopping habits, driving record, medical diagnoses, work history, credit score and more. The right to privacy refers to having control over this personal information. It is the ability to limit who has this information, how this information is kept and what can be done with it.
Password Management - Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks by creating a password that is difficult to guess, does not share popular names or words, does not have consecutive letters and/or numbers and is not similar to a previous password.
Types of ID Theft (Financial and Non-Financial)
Child ID Theft occurs when a child's identity is used by another person for the imposter's personal gain. Children are targets because they are not working or applying for credit (e.g. student loans) until they are teenagers.
Criminal ID Theft where you can be adversely affected when a criminal chooses to use your name and a fake driver's license information at the time of a traffic ticket, DUI or felony.
Driver's License ID Theft includes the use of another person's identity along with fake identity documents like a birth certificate or social security card. Oftentimes criminals simply create these documents from their personal computers and print them after changing your Personally Identifiable Information (PII).
Employment Fraud/ID Theft occurs when an identity thief obtains employment by using a stolen or synthesized (made up) social security number (SSN).
Financial ID Theft occurs when a criminal either takes over a current checking or credit card account or when someone fraudulently opens a new checking or credit card account in your name and then fraudulently uses those accounts to commit financial fraud.
Government Benefits ID Theft occurs when identity thieves pretend to be another person to steal money in the form of social security benefits, unemployment benefits, welfare benefits, etc.
Medical Benefits ID Theft affects both healthcare providers and patients when someone poses as another individual who has a different blood type, medical condition or the medical record reflects the information of the imposter and NOT the individual whose identity has been stolen.
Senior ID Theft occurs when a senior's identity is used by another person for the imposter's personal gain. Seniors are targets because most seniors have spent their lives building credit-worthiness and retirement funds and can be too trusting.
Social Media ID Theft occurs when your online identity is stolen and used to promote content that is not originated by you. It can be a form of cybersquatting where your stolen account may be used to steal money from family and friends, create new accounts or to negatively smear your reputation.
Social Security Number ID Theft occurs when someone uses your social security number to apply for a job, which can lead to taking over your identity. A common theme when someone steals your social security number is to obtain employment and then the imposter fails to pay taxes and the IRS comes after you for this failure.
Synthetic ID Theft is a type of ID fraud in which thieves literally create new identities by combining real and fake identifying information to establish new accounts with fictional identities.
Types of Scams
Cyber Crime - From spyware to new viruses to using a computer and the Internet to steal an individual's Personally Identifying Information (PII). Cyber Crime has also expanded into stalking / bullying / targeting victims – which has become more prevalent with the popularity of social networking groups like Facebook (see http://www.facebook.com/security for more information).
Pharming - The process of redirecting internet domain name requests to false websites to collect personal information.
Phishing - A scam that uses an authentic-looking fraudulent email to solicit confidential customer information in response.
Pre-texting - Where a thief poses as a legitimate representative of a company, bank, employer, landlord, business owner, Internet service provider, or anyone else that contacts you in an attempt to garner your confidential information – usually by asking you to verify some data.
Skimming - Stealing credit/debit card numbers by swiping the card to a portable data storage device; or by attaching to an ATM or card reader.
Spoofing - Where fraudsters create fraudulent websites to look exactly like an actual website via phishing or pharming schemes.
Spyware - Where information is collected from a computer user without his or her knowledge/informed consent, which reports information to a third party. This is used by legitimate businesses as well as identity thieves.
Vishing or Voice Phishing - Where an identity thief sends an e-mail hoping to get victims to telephone a voice mail box, or provide information to an automated outbound voice response system, thus disclosing sensitive financial and personal information.
Privacy Right Clearinghouse Definitions:
- Unintended disclosure (DISC) - Sensitive information posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail.
- Hacking or malware (HACK) - Electronic entry by an outside party, malware and spyware.
- Payment Card Fraud (CARD) - Fraud involving debit and credit cards that is not accomplished via hacking. For example, skimming devices at point-of-service terminals.
- Insider (INSD) - Someone with legitimate access intentionally breaches information - such as an employee or contractor.
- Physical loss (PHYS) - Lost, discarded or stolen non-electronic records, such as paper documents.
- Portable device (PORT) - Lost, discarded or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc.
- Stationary device (STAT) - Lost, discarded or stolen stationary electronic device such as a computer or server not designed for mobility.
- Unknown or other (UNKN)
Verisign 2010 Malware Security Report on the common types of malware delivery mechanisms:
Software updates: Malware posts invitations inside social media sites, inviting users to view a video. The link tries to trick users into believing they need to update their current software to view the video. The software offered is malicious.
Banner ads: Sometimes called "malvertising," unsuspecting users click on a banner ad that then attempts to install malicious code on the user's computer. Alternatively, the ad directs users to a web site that instructs them to download a PDF with heavily-obscured malicious code, or they are instructed to divulge payment details to download a PDF properly.
Downloadable documents: Users are enticed into opening a recognizable program, such as Microsoft Word or Excel, which contains a preinstalled Trojan horse.
Man-in-the-middle: Users may think they are communicating with a web site they trust. In reality, a cybercriminal is collecting the data users share with the site, such as login and password. Or, a criminal can hijack a session, and keep it open after users think it has been closed. The criminal can then conduct their malicious transactions. If the user was banking, the criminal can transfer funds. If the user was shopping, a criminal can access and steal the credit card number used in the transaction.
Keyloggers: Users are tricked into downloading keylogger software using any of the techniques mentioned above. The keylogger then monitors specific actions, such as mouse operations or keyboard strokes, and takes screenshots in order to capture personal banking or credit card information.