Cscu module 10 social engineering and identity theft

2. 11:16:54 ,05/16/2011AMPDT 2 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D . Oakland PoliceShut Down BayArea‐Wide Identity TheftOperation OAKLAND ‐‐ Calling it the biggestthey have seen,Oaklandpolice said Monday that an identity theft operation that manufacturedphony checks,IDs and credit cardshas been shutdown. Officials said there arepotentially thousandsof victims all over the BayArea and in other statesand the possibilityof an untold amount of monetary loss. Police ChiefAnthony Batts said breaking up the operation is particularly important to law enforcementbecauseidentity theft "puts fearin everyone," includinghimself. Theoperation, which Officer Holly Joshicalled a "one‐stop shop" for identity theft,was run out of a Haywardapartment in the 21000 block of Foothill Boulevard,where residentMishel Caviness‐Williams, 40,was arrested last week as she left the apartment.She had $4,000in cash on her,police said. http://www.mercurynews.com

3. May 23,2011 Suffolk police areseekingassistancelocating a woman who allegedlytook an elderly man’sdebit card and used it on several occasions. Police have five felony warrantson file forLavonda“Goosie”Moore, 37,for credit cardtheft,credit cardfraud, criminally receivingmoney,third offense petit larcenyand identity theft. Police say Moore took a debit cardfrom the victim on Hill Street on May 15 and used it on multiple occasions at anATM andat retail stores.Therealso is a warranton file for Moore for third offense petit larceny in an unrelatedcase. Moore’s last known address is the 600 block of BrookAvenue.Anyone who has information on Moore’s location is askedto call CrimeLineat 1‐888‐LOCK‐U‐UP.Callers to Crime Lineneverhave to give their names or appear in court,and may be eligible for a rewardof up to$.1,000 http://www.suffolknewsherald.com 3 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D . WomanSoughtin Theft

4. IDENTITY THEFT STATISTICS 2011 %75 11.1 Million 54$billion %13 %4.8 TheTotalFraudAmount Adults Victimsof IdentityTheft FraudAttackson Existing Credit cardAccounts Percent of Population Victimized by Identity Fraud Victim WhoKnew Crimes WereCommitted http://www.spendonlife.com 4 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

5. ConsumerComplaint SCENARIO SocialSecurityNumber number of years.A person got arrestedand producedmy SSN on his arrestsheet. http://www.networkworld.com

6. MODULE IOBJECT VW Ehat t So d 6 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

7. Identity Theft W ha t to Do if Identity Is Stole n Victim of Ident ity Theft Reporting Identity Theft Prot ection from Identity The ft U L E F How to FLind if You Are a O W Soc ia l Engine ering 7 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

8. Criminal charges Legal issues It leads to denial employment, heal carefacilities,mo bank accountsand cards,etc. of th rtgage, credit Financial losses Identity TheftEffects crime offender wrongfullyobtains the intended victim's personalidentifyinginformation,such as date of birth, Social Security WHAT IS IDENTITY THEFT? 8 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

9. Personal Information that Can be Stolen Names Address Mother’s maidenname Telephone numbers Passportnumbers Birthcertificates Creditcard/Bank account numbers Drivinglicense numbers Socialsecurity numbers Date ofbirth 9 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

10. STEAL IDENTITY? Hacking Theft of PersonalStuff So HOW DO eAerinTg TACKERPShishin Fraudsterpretend to be a financial institutionand send spam/pop‐up messages to trick theuser to reveal personal information Fraudsters may steal wallets and purses, mails including bank and credit card statements, pre‐ approved credit offers,and new checks or tax information Attackers may hackthe computer systems to steal confidential personalinformation It is an act ofmanipulating people trust toperform certain actions or divulging private information, without using technicalcracking methods 10 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

11. 11 Copyright © by EC-Council erved. Reproduction is StrictlyProhibited.AllRights Res Whatdo Attackers do with Stolen Identity? Cre dit Card Fraud Phone or Utilit ies Fraud Ot her Fraud They may open a new phone or wirelessaccount in the user’sname, or run up charges on his/her existing account They may use user’sname to get utility services such as electricity,heating, or cable TV They may get a jobusing legitimate user ’sSocial Security number They may give legitimate user ’sinformation topolice during an arrest and ifthey do not turn up for their court date, a warrant for arrest is issued on legitimate user’sname They may open new credit card accounts in the name of the userand do not pay thebills

12. 12 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Whatdo Attackers do with Stolen Identity? Bank/Finance Fraud Government DocumentsFraud They may createcounterfeit checks using victim’sname or accountnumber They may open a bank account in victim’sname and issue the checks They may clone an ATM ordebit card and make electronic withdrawals on victim’sname They may takea loan on victims’name They may get a driving license or official ID card issued onlegitimate user’sname but with their photo They may use victim’snameand Social Security number to get government benefits They may file a fraudulent taxreturn using legitimate userinformation

14. Identity Theft W ha t to Do if Identity Is Stole n Victim of Ident ity Theft Soc ia l Engine ering Reporting Identity Theft Prot ection from Identity The ft U L E F How to FLind if You Are a O W 14 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

15. Soc ia l Engineering Type s of Social Engine ering Social Engine ers At tempt to Gather SOCIAL ENGINEERING Sensitive information such as credit card details, socialsecurity number,etc. Passwords Otherpersonal information Human basedsocial engineering Computer based socialengineering Social engineering isthe art of convincingpeople to revealconfidential information It is the trick used to gain sensitive information by exploiting the basic human nature 15 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

16. SOCIAL ENGINEERING EXAMPLE Hi, we are fromCONSESCO Software. We are hiring new people for our softwaredevelopment team. We got your contactnumber from popular job portals. Please provide details of your jobprofile, current project information, social security number,and your residentialaddress. 16 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

17. CRIMINAL AS PHONE BANKER Hi, I am Mike callingfrom CITI Bank Due to increasing threatperception,we areupdating our systems with new security features.Can you provide me your personaldetailsto verifythatyou arerealStella. ThanksMike, Herearemydetails. Doyou need anythingelse? 17 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

18. AUTHORITY SUPPORT EXAMPLE Hi, I am JohnBrown. I'm with the external auditorsArthur Sanderson. We've been told by corporate to do asurprise inspection of your disaster recovery procedures. Yourdepartment has 10minutes to show me how you would recover froma website crash. 18 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

19. TECHNICAL SUPPORT EXAMPLE A man calls a company’s help desk and s he has forgotten his password. He add that if he misses the deadline on a big advertising project, his boss might firehim. Thehelp desk worker feels sorry forhim and quickly resets the password, unwittingly giving the attacker clear entrance into thecorporate network 19 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

20. Human-Based Social Engineering Eavesdropping Shouldersurfing Dumpster diving  Eavesdropping is unauthorized listening of conversations or reading of messages  It is interception of any form of communication such as audio, video, or written  Shoulder surfing is the procedure where the attackerslook over the user ’sshoulder to gain critical information such as passwords, personal identification number, account numbers, credit card information, etc.  Attackermay also watch the user from a distance using binoculars in order to get the pieces of information 20 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .  Dumpster divingincludes searching for sensitive information at the target company’strash bins, printer trash bins, user desk for sticky notes,etc.  It involves collection of phone bills, contact information, financial information, operations related information,etc.

21. Spam Email Instant Chat Messenger Chain Letters Hoax Letters Pop‐up Windows Windows that suddenly popup while surfing the Internet and ask for users’information to login or sign‐in Hoax lettersare emails thatissue warnings to the user on new viruses, Trojans,or worms that may harm the user’ssystem Chain letters are emails that offer freegifts such as money and software on the condition that the user has to forwardthe mail to the said number ofpersons Gathering personal information by chatting with a selectedonline user to get information such as birth dates and maidennames Irrelevant, unwanted,and unsolicited email to collectthe financial information, social security numbers, andnetwork information Computer-Based Social Engineering 22 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

22. 2 COMPUTER-BASED SOCIAL An illegitimateemail cElaimNing tGo beINromEa leEiti RateIsiNeattGemp: iretheuser’s personal or accountinformation Phishing emails orpop‐upsredirectuPserHs to fIakSewHebpIagNesofGmimicking trustworthysites that ask themtosubmit theirpersonalinformation FakeBankWebpage 2 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

23. 23 Copyright © by EC-Coun All Rights Reserved. Reproduction is Strictly Prohibit PHONY SECURITY ALERTS Phony SecurityAlerts are the emails or pop‐up windows that seem to befrom a reputed hardware or software manufacturers like Microsoft, Dell,etc., It warns/alerts the user that the system is infected and thus will provide with an attachmentor a link in order to patch thesystem Scammers suggest the user to download and installthose patches The trap is that the file contains maliciousprograms thatmay infect the user system cil ed.

24. 24 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Computer-Based Social Engineering through Social NetworkingWebsites social networking websites exploitusers’personalinformation

25. 25 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Identity Theft W ha t to Do if Identity Is Stole n Victim of Ident ity Theft Reporting Identity Theft Prot ection from Identity The ft U L E F How to FLind if You Are a O W Soc ia l Engine ering

26. 26 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. How toFind if Youare aVictim ofIdentity Theft? Billcollectionagenciescontactyou for overduedebtsyou neverincurred Youreceivebills,invoices, or receiptsaddressedto you for goods or services you haven’t askedfor Youno longer receiveyour credit card or bankstatements Younotice that some of your mailseems to be missing Yourrequestfor mortgage or anyother loanis rejectedcitingyour badcredit history despiteyou havinga good creditrecord

27. 27 Copyright © by EC-Council erved. Reproduction is StrictlyProhibited.AllRights Res How toFind if Youare aVictim ofIdentity Theft? Yougetsomething in the mail about an apartment you never rented,a house you neverbought, or ajob you neverheld Youlose important documentssuchas your passport or drivinglicense Youidentify irregularitiesin your creditcard and bank statements Youaredeniedfor social benefits citing that youare alreadyclaiming Youreceive creditcard statementwith newaccount

29. WHAT TO DO IF IDENTITY IS STOLEN? Contactthecreditreportingagencies  http://www.experian.com  http://wwwc.equifax.com http://www.transunion.com Request fora creditreport Immediately inform credit bureaus and establish fraudalerts Review the credit reports and alert the creditagencies 29 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D . Freezethe credit reports with credit reporting agencies Contactall of your creditorsand notify them of the fraudulentactivity Change all the passwords ofonline accounts Close the accounts that you know or believe have been tampered with or opened fraudulently

30. 30 Copyright © by EC-Council erved. Reproduction is StrictlyProhibited.AllRights Res D WHAT TO DO IF I ENTITY I SSTOLEN? Fileareport with the local police or thepolice in the communitywhere the identity theft took place Filea complaintwith identity theft and cybercrimereporting agencies such as the FTC Takeadvice frompolice and reportingagencies about how to protect yourself from further identitycompromise Ask the creditcard company aboutnew accountnumbers Tellthe debtcollectors that you are avictimof fraud and are not responsible forthe unpaidbill Ask the bank to report the fraudto a consumer reporting agency such as ChexSystemsthatcompiles reports on checking accounts

32. FEDERALTRADE COMMISSIONon, the nation's consumer pro ectionagency ,business practices,and identitytheft http://www.ftc.gov 32 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

33. econsumer.gov 33 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D . http://www.econsumer.gov econsumer.gov is a portal foryou as a consumer to report complaints about online and related transactions with foreigncompanies

34. INTERNET CRIME CO CE MPLAINT NTER http://www.ic3.gov The Internet CrimeComplaint Center ’s(IC3) mission is to serve asa vehicle to receive,develop, andrefer criminal complaints regarding the rapidly expanding arena of cyber crime The Internet Crime ComplaintCenter (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of JusticeAssistance (BJA) 34 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

35. PROSECUTING DI TYENTI THEFBegin the process by contacting thebureaus, banks, or any other organizations who may be involved File a formalcomplaint with the organization and with the police department Regularly update yourselfregarding the investigation process to ensure that the case is being dealt with properly Obtain a copy of theTpolice complaintto prove to the organizations that you have filed an identity theft complaint File a complaintwith the FederalTrade Commission and complete affidavits to prove your innocence on the claims of identity theft and fraudulent activity Contact the District Attorney's officefor further prosecuting the individuals who may be involved in the identity theft 35 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

36. Identity Theft W ha t to Do if Identity Is Stole n Victim of Ident ity Theft Reporting Identity Theft I P H iding Tools U L E F How to FLind if You Are a O W Soc ia l Engine ering 36 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

37. HIDING IP ADDRESS USING QUICK HIDE IP TOOL http://www.quick‐hide‐ip.com hides yourinternetidentity you can surfth hiding you realIP location It redirects the Internet traffic through anonymousproxies 37 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .

38. http://www.ultrareach.com IP ADDRESS 38 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D . HIDINGTOOHLideSIP http://www.iphider.org http://www.torproject.org http://www.giantmatrix.com http://www.anonymizer.com

39. MODULE SUMMARY 39 C O P YR I G H T© BY EC-COUNCIL A LLR I G H TS RESERVED. R E P R O D U CTION IS STRICTLYP R O H I B I TE D .  Identity theft is the process of using someone else’s personal information for the personal gain of theoffender  Criminals look through trash for bills or other paper with personal information on it  Criminals callthe victim impersonating a government official or other legitimate business people and request personal information sona Do not reply to unsolicitedemail that asks for  Use strong passwords for allfinancialaccounts  Review bank/credit card statements/credit reports regularly

40. 40 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Nevergive awaysocial security information or private contactinforma tion Ensurethat your nameis not presentin the marketers’hit lists Shred papers with personal information instead of throwing themaway Confirm who you are dealing with, i.e.,a legitimate representative or a legitimate organization over thephone Carry only necessary creditcards Cancelcardsseldom used Review credit reports regularly IDENTITYTHEFT PROTECTION on the phone – unless YOUinitiated theCphHonEecCallKLIST Keep your Social Securitycard,passport, license, and other valuable personal information hidden and locked up

41. 41 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Do not carry your Social Securitycardin yourwallet Do not reply to unsolicited email requests forpersonalinformation Do not give personal information over thephone Review bank/credit cardstatements regularly Shred credit cardoffersand “conveniencechecks”that arenot useful Do not storeany financial information on the system and use strong passwords forall financialaccounts Check the telephone and cell phone bills forcalls you did notmake Read beforeyou click, stop pre‐approved credit offers,and readwebsite privacypolicies IDENTITYTHEFT PROTECTION CHECKLIST

42. 42 Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Computer Based Identity Theft Protection Checklist Keepthecomputeroperatingsystemand otherapplicationsup to date Install antivirussoftwareandscanthesystemregularly Enable firewallprotection Checkforwebsite policies before you enter Becarefulwhileopeningemailattachments Clearthebrowserhistory,logs, and recentlyopenedfileseverytime Checkforsecuredwebsiteswhiletransmittingsensitiveinformation

Cscu module 10 social engineering and identity theft

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

Cscu module 10 social engineering and identity theft

Plus De Contenu Connexe

Diaporamas pour vous (19)

Similaire à Cscu module 10 social engineering and identity theft (20)

Plus par Alireza Ghahrood (20)

Plus récents (20)

Cscu module 10 social engineering and identity theft