Relevancy

So far we have talked about the impacts, the solutions and ethics of identity theft. Although these examples seem very dismal, we’re going to talk to continue the discussion on some more extraordinary practical examples of how it can affect you. It can start with a sign like a sudden drop in your checking account balance. A call from a debt collector about a cell phone service plan or credit card you never signed up for. The first sign that you've been a victim of identity fraud is always unsettling. But for many people, that first sign is just the beginning. Depending on the skills and determination of the thief, and the length of time it happens, the damage could be much greater.

It could happen to you:

Meet our friend Jack B:




















(Citibank, 2006)

The video above is a humorous depiction on how identity theft can impact the average person in today's cyber-society. In this video, the situation that happened to our friend Jack B. can be funny but when it happens to you in real life it is quite disturbing. Following is a description of a real life example that happened to a member of our own editing team. You will see how unfunny identify theft really is…


It happened to me

Consider the following situation:
external image arrested.jpg"You’re driving along on a peaceful Saturday afternoon with your family when you get that sinking feeling as you look in the rearview mirror and see the flashing lights of a police car signaling you to pull over.

The police officer approaches your window and asks for your driver’s license, registration and insurance card. The officer informs you that you were speeding, but that if your driving record is clean he will only issue a warning. You watch in the mirror as he returns to his vehicle to run your name through a police database.

Minutes later the officer returns and you are shocked when he commands you to “step out of the car and place your hands on the roof.” Suddenly you are being handcuffed as the officer informs you that you are under arrest because there is a warrant in your name for a series of serious crimes in the next state.


You protest to the officer that there must be a mistake. You tell him that you’ve never committed a crime or received a traffic ticket. Your pleas are ignored as the officer says your identity matches the information on the warrant and you can sit in jail until Monday and explain it to the judge." (identitytheft.info, 2010)



This is a very real situation. Many times you don't realize what has happened until it is too late and the damage has already been done. Many people don't find out they have been victimized until they are denied for a mortgage, student loan, or car loan. They may even be turned down for a job because of a criminal background they did not create.


I Share My Own Identity: A Personal Experience Story
By Christopher Salyers
A couple of years ago, I experienced the first fraudulent charge to my debit card, and it turned out that it would not be the last. During a routine check of my statement one day, I was shocked to discover that I had a negative balance in my checking account, and I knew for sure that there had to be a mistake. Upon further inspection, I saw a small charge that was labeled as, “International Charge,” totaling one dollar. Posted a few days later was another charge for several hundred dollars from an unrecognizable vendor. Further down the list was another charge from yet another unknown vendor for another several hundred dollars. Of course all of my own charges to my debit card had still been processing, and along with each transaction was an accompanying $35 insufficient funds fee processed by my bank. I immediately went to my bank in a terrified state to discuss these out of place charges, and my suspicion that someone had stolen my debit card number proved to be true. The consultant advised me to close my account and open up a new one with a new debit card, and I absolutely agreed with her. The next step was to figure out exactly how it happened, and the only explanation was my carelessness of making purchases online without paying attention to whether or not the vendor sites were certified or if they even had a privacy policy. It would turn out that while using a credit or debit card wisely over the Internet is always a great idea, sometimes it is not enough to keep your identity safe.

After my first experience as a victim of the debit card fraud type of identity theft, I felt as though it was truly my turn to be an adult. There was no way that anyone else would be able to take advantage of me like that again, and I would always be safe with my debit card. I now practice safeguarding techniques such as only making purchases from trusted and well-known sites, ensuring that the vendor site owned a valid authorized certificate, and always checking that my browser displayed the prefix of “https” in front of the vendor sites’ URLs, indicating that the site was secure. I was doing such a great job that my bank statements were clear of any suspicious charges, and I never had all of my money charged out of my account ever again. My idea of living worry-free of anything taking my money was shattered about a year later when my debit card purchases were suddenly all declined. After checking my account balance over and over via every method I could think of, it was clear to me that there should be no reason why my purchases were being declined. I came home to a letter from my bank stating that I needed to contact a branch immediately, so I naturally picked up the phone to call the same person that had helped me with my issue before. “Christopher, we cannot talk about this over the phone. I need you to come in as soon as you can. Your account has been put on hold until we see you.” My heart skipped a beat because paranoid thoughts filled my head, and I thought that I had done something wrong without knowing it. When I arrived at the bank, my nerves were really on edge when I was taken not to a cubicle, but to a room behind closed doors. I was asked if I was out of the country on a particular date, and I stated that I had not been. The next question was whether or not I had a relative or other authorized user of my debit card that was outside of the country. I explained that there are no authorized users of my card other than myself, so that would have been impossible. The consultant told me that there were two attempted charges from out of the country that consisted of a small one dollar charge and another for over $900, and that they were tracked back to an airport. I felt lucky to have been a victim of identity theft before when I was told that the charges were blocked and my account frozen. Again, I entered a discussion about how something like this might have happened, and we came up with all of the same solutions to my problem. This time around, I would stop making any purchases online altogether. All I needed was a new account with a new debit card.

Since the last experience, I have been a victim of identity theft four more times. However, it turns out that making purchases online may not have been my problem in the first place. It is true that my debit card numbers kept ending up in the hands of someone else, but even my renewed driver’s license was successfully mailed to another address by someone else. No matter how many times I change my bank account, it is always accessible to the other “me” because they now have all of my personal information. It has been very difficult to locate the violator because he or she lives in another country. I later discovered that whoever it was could also be establishing and ruining credit with my own identity. The lesson to be learned by others is that making online purchases with credit and debit cards is not the only way to be a victim. Any personal and non-public information that is shared over the phone or on the Internet can be taken by someone else, and there are many methods that criminals can use to get it. Everyone should evaluate what information is publicly accessible about them on every single Web site that they use and consider removing most of it. As a result of my exposed information, even in the small amounts that were there, I am still fighting for my own identity.

Phishing for identities
You open an email or text, and see a message like this:

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.” (OnGuardOnline, 2011)

The senders are phishing for your information so they can use it to commit fraud. These messages seem official and often appear to come form a legitimate source. However, upon further investigation, they can be found to be quite "fishy." As the Background page has demonstrated, phishing is a very relevant problem when it comes to online identity theft. Following is an example of an actual email received by many CitiBank account holders:

external image recent_phishing.gif(Morgan Stanley, 2012)

If you received this letter in your inbox and you were a CitiBank customer, would you be suspicious? The truth of the matter is that millions of people fall prey to this kind of bait every day. Luckily, there is something you can do about it.

The first line of defense in preventing ID theft over the internet is to be aware of what you are participating in. If you receive suspicious e-mails from an unknown source it is best to approach them as cautiously as possible. Left-clicking and viewing the source of this link can reveal that the location is not at all related to the association who appears to have sent the email. Additionally, be weary of emails that ask for your personal information that you never requested in the first place. Never left-click a link from an e-mail that looks suspicious. (identitytheft.info, 2010)

There are two main risks associated that are mainly associated with clicking on a link from a phishing e-mail:
  • You are re-directed to a web site that looks official. You are then asked to provide personal information that will allow others to falsify your identity over the internet.

Following is an example of what could happen if you click on a link from a phishing email:
external image image_display.php?path=396668388_citibank_A.jpg(Fraud Watch, 2012)
  • Note the following:
    • "official" company logo
    • webpage in the background appears to be genuine
    • web address appears to be directing through another source
    • website is not secure (does not show https:)

  • Clicking the link may activate the execution and installation of a virus. The function of these viruses can vary from stealing information stored on the hard drive to taking over your computer to transmit other viruses to other people around the world. (identitytheft.info, 2010).


ID Theft can steal your baby's identity
While someone may be considering for a name to their unborn child, someone may have already stolen his/her identity thanks to a new software that predicts social security numbers before the child is even born. A 14 year old boy in California had a mortgage worth $605,000 which was part of an overall credit history that started when he was four. (Smith, 2011) The reason this kind of ID theft is so prevalent is because parents typically don't think to check their child's credit report until it is time to apply for student loans or credit cards. By then, it may be too late and a thief has ruined their credit. (identitytheft.info, 2010)

Candbab.jpg

Starting June 2011, the predictive generation of the SSN's will give way for one that attempts to assign random numbers that cannot be predicted. Although this does not correct the problem for those of us born that date, it is a step to prevent a horrible surprise from showing up during your child's first credit report. Checking your child's credit report to monitor for ID theft can increase their likelihood to become victims of ID theft. (Smith, 2011) By checking a credit report for the first time, you create a database entry that will hold the information for future inquiries, but also legitimizes a credit history for the child. Once a credit report has been ran, it is easier to use that SSN to perform fraudulent activities.


Phishing scams through social networking sites
The aspects of social networking sites which can make them the most appealing are also the same tools used to acquire your personal information for use in identity theft. The methods used to obtain basic information are rather simple since most social sites are designed around the concept of sharing your personal information. Once the scam artist has snaked his way onto your friends account, he can collect information on everyone on the contact list to find a weakness to exploit. Khoo Boo Leong warned there are weaknesses, sex appeal, greed, vanity, trust, sloth, compassion, and urgency. (Leong, 2011)

Many social networking sites have created the means to prevent or at least minimize the chances of becoming a victim of phishing. This can take the form of simply recognizing unusual behavior of the users. Another simple preventative measure is to alert the user that they are being redirected away from the security provided by the website.

facebook-hacked.jpg

"But why would they want to hack my Facebook?"

"Whats really on there anyway?"

The intent of the scam artist may vary from compromising your bank account, to simply observing your web browsing in order to optimize advertisements directed at you. The use of the key logger(LINK) could be used to compromise your login information for other various websites and services. As show below for thefts below $250, the highest rate of incident was under "Other existing accounts". In many of these situations the key logger will continue to send information about all of the personal account you access. The purpose of every step for the scam artist is to attempt to remain undetected so they can continue to collect information.

Untitled.png
(Langton & Baum, 2007)

The entire point of the effort is certainly to gain all the information about you. This has clearly improved the chances of success for phishing attacks as proven by an experiment in which an attempt to collect personal information though phishing using two groups, one control and one with social context gathered from social networking websites. The experiment was targeted at college students who could be targeted due to the high amount of available information through social networking. One group was targeted using that information and the other was targeted with non-contextual means. The percent of success for the control group on average for all class levels was 56.4%, however the percentage for those who were targeted using social context was 72%. (Jagatic, Johnson, Jakobsson, & Menczer, Oct 2007)


ID theft statistics
external image bugs-bunny-dressed-as-girl.jpg
  • 11.7 million = 5% of all persons age 16 or older in the US in 2008
  • Financial losses = $17 billion = approximately $1,500 per person
  • most prevalent = unauthorized use of existing credit card account = 6.2 million or 3%
  • other common misuses= fraudulent misuse of their information to open a new account, fraudulently obtaining medical care/government benefit, false information provided to law enforcement
  • 16% of victims experienced multiple types of identity theft during a 2 year period
  • how was their identity stolen?
    • 30% during purchase or other transaction
    • 20% from wallet or checkbook
    • 14% from personnel or other files at the office.
  • 27% of victims spent more than a month clearing up problems.
  • 20% of victims described the identity theft as severely distressing (Dept. of Justice, 2010)


ID Theft on a National Level: National Stories

external image computer200.jpgFBI Targeted
Even the FBI has been the target of online identity theft. Emails are being sent to individual households from someone claiming to be the FBI. They then say that you've accessed illegal websites and demands that you open an attachment and respond to some questions. The attachments are “maliciously laced” with the w32/sober virus. The FBI themselves are warning users about this issue and are assuring them that the FBI does not conduct business in that manner. (fbi.gov, 2005)


How Are Companies Being Affected
Financial identity theft is so common that it is considered a "cost of doing business" for some corporations. Unfortunately, the smaller businesses who have been fooled into lending money to an identity thief have little to no ability in getting their money back. (identitytheft.info, 2010). Fortunately, companies in today’s market do understand the risks and some are even going out of their way to offer services to help the consumer make educated decisions about their online purchases. The video below demonstrates one company’s strategy to help consumers shop online without worrying about their private information getting in the wrong hands.


(InternetTimeMachine, 2011)

In Our Own Neighborhood: Local Stories
Theft ring in Apopka
Apopka police recently busted a major identity theft ring in Central Florida. The police was able to seize about 1,000 stolen Florida driver licenses and 1,000 stolen credit cards from a rented home filled with property bought online with stolen identities. That property included an 8-inch stack of gift cards and 200 pairs of high-end shoes, which were still in boxes. Six laptops were also found, they were used to order items with the stolen credit cards. (Curtis, 2012)

Florida is #1... but not in a good way!

external image ID%20Theft.jpg?v=1
According to the Consumer Sentinel Network report, Florida has just been named the top state for complaints regarding identity theft. This is not a title we should really be proud of. Not only are we the leading state, we steal the lead by having more than double the amount of complaints as 48 other states! To add insult to injury, Orlando was ranked #12 in the nation with 147 complaints per every 100,000 people. Other top cities included Tallahassee, Lakeland, and Tampa. The #1 ranked highest in complaints was Miami with 324 complaints per every 100,000 people. (Orlando Business Journal, 2010)





Florida Hospital privacy breach: Workers accessed ER patient information


(September, 2011) It was brought to the attention of the Florida Hospital that a patient's information was leaked, after a woman that was involved in a car accident was later contacted by a lawyer referral service, knowing all her personal information at hand. The breach occurred between January 2010 and August 2011, where about 2,252 personal records were subject to this inappropriate act, while being contacted by mail. The hospital took action by firing three employees that were involved in this crime and put under investigation by the local authorities and the FBI. According to O' Lenick, a hospital spokeswoman, these perpetrators had access to the patient's name, social security numbers, and insurance information, which would be value information to steal someone's personal information. With the Federal Government pushing to move more medical records online, this has made patient even more nervous, because their information could be much more vulnerable and anyone with a computer could steal their information. However, experts on the field would suggest that this new way of electronic file keeping is rather safe in some ways than the old fashion way, where anyone accessing a patient's file would leave a digital footprint that would allow the hospital to determine which employee was able to access that information (Kate Santich and David Breen, Orlando Sentinel).



external image WPCS-Florida-Hospital1.jpg
Transition Statement

Next we will be moving onto the summary to reiterate the points covered so far in the presentation.