Electronic Identity Theft and Basic Security

Similar documents
FAQ. Usually appear to be sent from official address

Cyber Security Practice Questions. Varying Difficulty

Retail/Consumer Client Internet Banking Awareness and Education Program

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Personal Cybersecurity

Security Awareness. Presented by OSU Institute of Technology

5LINX ID GUARD Product Overview. Credit/Presenter Goes Here

Securing Information Systems

Chapter 6 Network and Internet Security and Privacy

Employee Security Awareness Training

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

How To Remove Personal Antivirus Security Pro Virus

How Cyber-Criminals Steal and Profit from your Data

How to Keep Your Personal Information Secure

3.5 SECURITY. How can you reduce the risk of getting a virus?

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Who We Are! Natalie Timpone

Online Security and Safety Protect Your Computer - and Yourself!

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Identity Theft and Account Takeover Prevention

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

Duplication and/or selling of the i-safe copyrighted materials, or any other form of unauthorized use of this material, is against the law.

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

CHAPTER 8 SECURING INFORMATION SYSTEMS

CHAPTER 3. Information Systems: Ethics, Privacy, and Security

Get Max Internet Security where to buy software for students ]

Why you MUST protect your customer data

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Entertaining & Effective Security Awareness Training

Securing Information Systems

Phishing Read Behind The Lines

McAfee S DO s AnD DOn ts Of Online Shopping

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

SHS Annual Information Privacy and Security Training

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

PROTECTING YOUR BUSINESS ASSETS

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Access Controls. CISSP Guide to Security Essentials Chapter 2

Octopus Online Service Safety Guide

Keep the Door Open for Users and Closed to Hackers

Cyber Security Updates and Trends Affecting the Real Estate Industry

IS Today: Managing in a Digital World 9/17/12

Business/Commercial Client Internet Banking Awareness and Education Program

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Troubleshooting and Cyber Protection Josh Wheeler

How To Remove Personal Antivirus Security Pro Virus Manually

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Security Awareness. Chapter 2 Personal Security

Course Outline (version 2)

How to Build a Culture of Security

IMPORTANT SECURITY INFORMATION PHISHING

Data Compromise Notice Procedure Summary and Guide

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security

6 Ways Office 365 Keeps Your and Business Secure

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

Chapter 12. Information Security Management

Red Flag Regulations

Protecting from Attack in Office 365

Target Breach Overview

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Review Ch. 3 Connecting to the World s Information. 2010, 2006 South-Western, Cengage Learning

God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11

Introduction to Ethical Hacking. Chapter 1

Layer by Layer: Protecting from Attack in Office 365

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Chapter 10: Security and Ethical Challenges of E-Business

Enterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE

Breaches and Remediation

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Encrypting PHI for HIPAA Compliance on IBM i. All trademarks and registered trademarks are the property of their respective owners.

BEST PRACTICES FOR PERSONAL Security

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Newcomer Finances Toolkit. Fraud. Worksheets

Panda Security 2010 Page 1

Securing Information Systems

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

Meeting FFIEC Meeting Regulations for Online and Mobile Banking

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

DEFENDING THE MOBILE WORKFORCE Karim Toubba-Vice President Product Marketing and Strategy-Security Business Unit

Cisco Systems Korea

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Technology in Action

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

What is Cybersecurity?

Security Solutions. Overview. Business Needs

How do you decide what s best for you?

Computer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak

HIPAA UPDATE. Michael L. Brody, DPM

CE Advanced Network Security Phishing I

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

Quick Heal Total Security

Introduction to Information Security Dr. Rick Jerz

Transcription:

Electronic Identity Theft and Basic Security Prepared for DACS By Philip Chen CCSP, NSA infosec Professional 10-2-2007 Pchen@hi-link.com

Agenda Introduction Examples Effective Security Defenses for Enterprises Effective Security Defenses for SOHO Basic Security measures Q&A

Introduction Hi-Link is a premier solutions provider. Certified Cisco Technology specialization. More than a decade of proven experience. Focus: Security, Wireless, IPT, Mission Critical LAN/WAN Infrastructure, Network Management. SMB,Governments, Enterprises, Healthcares, Financials and Education customers. CISSP, CCEA, CCSP, CCDP, CCNP, MCSE certifications.

The New Crime Wave Some federal cases within the last year suggest why identity theft has become one of the fastest-growing forms of white-collar crime: A man was indicted in Miami on identity theft-related charges relating to his alleged filing of false federal tax returns in the names of 614 Florida prisoners, seeking more than $3 million in fraudulent refunds. A woman was convicted in Seattle on various identity theft-related offenses involving at least $464,000 of fraud under false identities that the defendant and her co-conspirators had set up. A man was sentenced in Los Angeles to federal prison for managing an auto theft and identity theft ring, in which conspirators stole biographic and credit information from real people and used the data to buy luxury cars amounting to more than $200,000. Source:http://www.usdoj.gov/criminal/fraud/

Garbage in, Garbage out

Sources of ID Theft Dumpster Diving Information collected from your garbage. Social Engineering Information divulged by you or someone or company who has your information. Change Address Form Filling out falsified change of address form in your local post office to divert your billing and other sensitive information to an alternate address.

Sources for ID Theft (Cont.) Phishing ID theft using embedded Malware, viruses and pop- up messages in an email or a web page which tricks you into believing that it is something harmless. Property Theft ID theft from information obtained from stolen laptops, Desktops, harddrives, USB drives, and your wallets. Security Breach ID theft by comprising your computer in the form of network attacks.

What is Phishing It is the act of tricking you into divulging sensitive private information such as social security number and bank accounts. It is usually done by using viruses, malwares, popup messages embedded in a SPAM email or a falsified web link.

Phishing URL Obfuscation, clicking on the following do not direct you to the official page of http://www.mybank.com http://www.mybank.com.ch/ http://mybank.com:ebanking@210.134.161.35/logi n.htm http://mybank.com/ebanking?url=http://evilsite.co m/phishing/fakepage.htm http://mybank.com/ebanking?page=1&response=e vilsite.com%21evilcode.js&go=2

Phishing (Cont.) URL Obfuscation, You may by asked to click on a URL like this in an email: http%3a%2f%2f3515261219%2fphishing%c0%a Efakepage%2Ehtm This URL is encoded in Unicode to disguise its evil identity. The real website is really: http://evilsite.com/phishing/fakepage.htm Key logger: a piece of hardware or software installed on a computer to silently record your key strokes and replay them back to the perpetrator later

Phishing (Cont. 1) Address bar and security status substitution

Phishing (Cont. 2) Graphic substitution email phishing

Property Theft Stolen computer with you personal and financial information Stolen unencrypted USB drives with your personal information

Security Breach Compromising of your firewall Wireless network intrusion Virus infection Malware and Trojans installed unkown to you Hackers Can Now Deliver Viruses via Web Ads http://online.wsj.com/public/article_print/sb118480608500871051.html

Effective Defenses is a security system working together Security Camera Security Office Traditional Locks Card Key Guard

Effective Defenses for Enterprises (Old Security Model)

Effective Defenses for Enterprises (New Security Model)

Effective Defenses Two things in life are 100% certain:death and Taxes. 100% security unfortunately is not one of them, doesn t matter how much money and effort is thrown at it. Security is about managing risks. Minimalist approach. Risk = Probability + Consequence

Effective Defenses (Cont.) Reducing the probability of infection. Understand the impact if you were an ID theft victim before you become a victim so you can plan ahead and reduce the damage. You are in less risk if you reduce the sum of these two. Use common sense. If it looks too good to be true. It probably is! Obtain and check your credit report annually. http://www.annualcreditreport.com 877-322-8228; Equifax;Experian;TransUnion

Effective Defenses (Cont 1.) Do not post your email address on public websites or user forums. This will greatly reduce amount of SPAM sent to you. If something looks out of place on a web page or in an email, beware. Email addresses can be easily spoofed. bank, financial and medical industry will never send you emails asking for confidential information. These industries are regulated and governed by laws such as HIPAA, Sarbanes-Oxley.

Basic Security The most basic: turn on firewall on your Windows XP. Use anti-virus and anti-spyware applications. Many such good applications are free. -AVG anti-virus from http://www.grisoft.com/ -Spybot from http://www.safer-networking.org/en/index.html -Free online virus scanning http://housecall.trendmicro.com/ Upgrade to IE7 or Firefox 2.0 Signup for Opt Out of NAI Member Ad Networks. Do not call equivalent http://www.networkadvertising.org/managing/opt_out.asp

Basic Security-Use What You Already Have

Basic Security-FireFox Privacy

Basic Security-FireFox Security

Basic Security-The best of FireFox http://adblock.mozdev.org/

What you see is not what you will get How about this:

Be on the lookout Be on the lookout for suspicious websites and emails. What does it tell you if your bank website prompts you with this:

Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback