Cyber Security, Data Breach, Education, Identity Theft, Tip of the Week

Identity Theft

According to a Consumer Report, there are millions of Americans becoming victims of identity theft.

Identity Theft
Javelin Strategy & Research, in 2017 & Federal Trade Commission

Identity theft Video: 7 Ways to protect yourself from cybercriminals

Types of Identity Theft and Fraud

  1. Driver’s license theft: most common
  2. Mail theft: oldest ways for criminals to steal your information
  3. Debit Card fraud or Credit Card fraud: called “card-not-present fraud”
  4. Online shopping fraud: purchase items using stolen card and shipped to their own address mostly overseas called “eCommerce fraud”
  5. Social Security Number theft: usually occurs from a data breach or tax id theft
  6. Account Takeover fraud: criminals gain access to your bank or credit card from data breach, phishing scams, malware attacks then starts using the credit card for their own gains
  7. Senior Citizen identity theft: very common since checking financial accounts or credit report is not important for most of them, scams happens when they trust the wrong person (Scam Video)
  8. Child Identity theft: not as common but their Social Security Numbers (SSN) can be use to apply for government benefits, take out a loan, etc. often the child does not realize this theft until they are of age and applying for a student loan or car loan
  9. Tax Identity theft: Bad guys will file your income tax before you do and use a fax address to receive the funds
  10. Biometric ID theft: Fingerprint or voice recognition are the best example such as when “Alexa” (Amazon’s hands free speaker controlled with your voice) can be copied and recorded, but it doesn’t end there (parks such as Six Flags and Disney are using fingerprint to identify who you are for easy access to the park!)
  11. Criminal Identity theft: happens when criminals would provide your own data (stolen or lost ID) when arrested/ you would not know until you need a background check for a new job or a warrant is issued for you arrest
  12. Synthetic Identity theft: fastest growing type of ID fraud – real and fake information is merged to create a new identity using SSN, names, addresses, birthdays bought from the “dark web”
  13. New Account Takeover: criminal opens a new account with your information and have the ability to impersonate you to access a higher credit limit
  14. Medical Identity theft: more difficult to discover, but usually used to obtain medical services in your name/check your statement of benefits often
  15. Loan Stacking fraud: multiple loans are taken out by borrowers who slide through today’s automated approval process from loopholes in online lending marketplaces
  16. Mortgage Fraud: borrower, broker, or an appraiser lies about information on the application for a mortgage loan/it’s done to get approved for a bigger loan or to get the mortgage approved!
  17. Auto Lending fraud: similar to mortgage fraud and occurs when consumers, dealers, auto lenders submits or accepts a fraudulent (falsified information)application for credit
  18. Employment Identity theft: criminal applies for a job using your SSN or ID, the employers reports the income to the IRS under your name and expects you to pay taxes on all income earned in your name/review credit report regularly
  19. Bust-Out Fraud: first party fraud scheme and a deliberate form of fraud or ID theft “sleeper fraud”/ happens when a consumer applies for credit and uses their own name with the intent of maxing out all available credit for the purpose of disappearing
  20. Internet of Things (IoT) Identity theft: occurs when your smartphones/tablets are paired with consumer products such as cars, heart monitors, and household appliances that are connected to the internet which creates an opportunity for hackers to steal your data usually from a security flaw

Identity Theft and Fraud Complaints from 2014-2017

Identity Theft and Fraud Complaints 2014 to 2017

Prevention is the best route

Use Strong Passwords that is unique to you

  • Make it easy for you to remember but hard to guess
  • Use KeePass to store all your passwords securely in an encrypted file (database)
  • Change it as often as you can (routinely)
  • Don’t ever reuse passwords
  • Do not write them and leave them on your desk (put away inside your wallet/inside your purse)

Review Bank statements and Credit Card statements thoroughly each month

  • Check for suspicious transactions

  • Notify bank or card issuer immediately

Check your three credit reports (Experian, TransUnion and Equifax) often for any signs of identity theft

  • If you discover unauthorized access to your credit reports notify the credit reporting agency right away
  • Place a fraud alert, a credit lock, or a security freeze on all three if you suspect your personal information has been compromised

Phishing

  • This is where you might be tricked into revealing sensitive information via email or text
  • Messages would be created to look like it is from a company you have an account already or someone (person or organization) you know well
  • When you click to the link from the message and attempt to log into your account, you have now handed over your login and password to the “bad guys”
  • Now you are vulnerable to many types of identity theft

Recovery Steps to help limit the damage if you become a victim to Identity Theft

  • File a Report immediately (get copies of the report for your insurance, medical provider, credit bureau, etc.)

  • File with the Federal Trade Commission (FTC) for their Recovery Steps

  • Call the Companies Where the Fraud Occurred (let them know it was not you and ask to work with you)

  • Communicate With Each Credit Bureau and place a freeze or fraud alert on your credit report

  • If it’s a medical fraud call your insurance company and medical providers (get a copy of your medical files and ask to have them corrected/file with the Office for Civil Rights (OCR) as well)

  • If you become a victim of Tax ID Theft contact the Internal Revenue Service (IRS)

Safeguard Against Future Problems

  • Stay up to date by reading and learning continuously (read ways to protect your information)

  • Learn about the warning signs

  • Learn how to reduce your risks

  • How to avoid Identity Theft/How to avoid Frauds & Scams (read)

  • Be persistent by monitoring your accounts and reviewing your personal information to stay on top of looming threats

For more information read: Security Awareness For Taxpayers

Advertisements
Cyber Security, Data Breach, News Events

Cyberattacks Against United States Targets, the White House, and a Critical Presidential Declaration!

The White House has been in the news over the past two weeks in reports from USA Today, CNN, NBC News, and many more sources.  Officials informed NBC News (Mitchell, 2015 April) that it is believed the Russians accessed the system through State Department computers which contained private unpublished schedule of President Obama. While attribution usually takes weeks or months for the FBI’s Cyber Division to determine and publish, the sources of the attacks are less important than the objective. The objective is similar across all of these attacks; to retrieve classified information. According to former FBI official Shawn Henry and the president and CSO of CrowdStrike Services cyber-attacks occur because countries such as China and Russia have the need to look at U.S. polices, how policies are created, new initiatives that are under consideration, basically anything that these foreign countries can get that will provide them with some advantage at the next level of trade talks and collect intelligence against the US for personal gains.

Healthcare organizations need to understand the criticality, reasoning, and determination for these attacks as well. When VIPs such as political or military leaders are seen or treated by their facility, or by a facility they are affiliated or networked with, their systems, networks, and data become a high priority target for foreign threat actors. Healthcare organizations often fail to realize how important their health information data repositories are for reasons entirely Unrelated to identity theft or medical billing fraud. Basic healthcare information about a head of state, a state department official involved in a negotiations process, senior leadership in the military or a congressional committee is incredibly important to both Nation-State actors and Terrorist organizations. Healthcare providers have no idea that cyber-bullets are flying by their ears in this electronic war!

On April 1st, 2015, President Barack Obama sent out an Executive Order titled “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled activities”.  Here’s a short excerpt from the Executive Order:

Obama quote April 1 2015

Only a few months ago on January 13th, President Obama announced a legislative National Data Breach Notification standard and miscellaneous cybersecurity legislative proposals and efforts.  The Executive Order should provide the U.S. government the tools needed to combat the expanding malicious cyber activities.  The Executive Order enables the Treasury Department along with the Attorney General and the Secretary of State to impose sanctions on the unlawful actions created by hackers. The goal would be to freeze targets’ assets when operating in the U.S. financial system and prohibiting them from having transaction with American companies.

Both Public and Government sectors must pay immediate and substantial attention to this existing and evolving threat!

References

Henry.S. (2014, November 17). Cyber attacks hit State department email, web. Retrieved from http://www.cnn.com/videos/bestoftv/2014/11/17/lead-intv-henry-state-department-hacking.cnn

Hollywood Reporter. (2015, April 1). Obama creates federal sanctions to deal with cyber attacks. Retrieved from https://www.youtube.com/watch?v=dNFdUphnU18

Mitchell, A.(2015, April). Russia hacked White House last year, U.S. officials says. Retrieved from http://www.nbcnews.com/news/us-news/russia-hacked-white-house-last-year-u-s-officials-say-n337521

Whitehouse.gov. (2015, April 1). The White House: Executive order. Retrieved from https://www.whitehouse.gov/the-press-office/2015/04/01/executive-order-blocking-property-certain-persons-engaging-significant-m