Guest Post - Nick Volpe - Stealing Your Identity!

Guest Post from Nick Volpe

Nick Volpe is at student at Immaculata University.  He is also a cybersecurity research analyst intern for Fortalice®, LLC.

Research Outline  

Topic: Electronic ID Theft
Date: 3/1/10 

Electronic identity theft jumped by 12% over last year. 

SUMMARY PARAGRAPH: Identity theft online is on the rise. The crime itself is expanding as criminals and ID thieves are finding new means of stealing a consumer’s identity either through consumer mistake or a corporate lack of security. All sectors are affected by this crime including government, business, consumers, etc. Overall awareness is up yet the crime is still very serious and very lucrative for evil doers. They want everyone’s money.  

KEY FINDINGS
 Electronic ID theft is on the rise because of thieves finding new holes in the system to exploit and more consumers are being targeted by more ID thieves than ever before

• Total cost to consumers in 2007 was $1.2 billion according to FTC estimate
• About $691 loss on average
• Total cost to business in 2007 was about $6.3 million per incident
• In 2009, in increased number of people were affected by ID theft however the average dollar loss and time loss dropped

   
BACKGROUND
The rise in ID fraud is happening in many new ways electronically. Thieves are using public Wi-Fi to sniff the data from other people on the network, using sophisticated software to crack passwords to online accounts, and using skimmers at ATMs and the like to collect personal data that can be distributed or sold online. There have been increases in phishing attacks that trick consumers into giving a fraudster their personal information, malware attacks that capture the information on a workstation or personal computer, and attacks against processing systems that store critical financial or personal data.
Electronic ID theft makes up about 10 to 12 percent of all identity theft. Another interesting and less heard of form of electronic ID theft is vishing, or voice phishing, which involves the use of an electronic telephone system to trick a consumer into giving a fraudster their sensitive information for whatever purpose.  

STRATEGIC PLANNING ASSUMPTIONS:


ANALYSIS:
 Businesses, like consumers, also fall victim to electronic identity fraud schemes. Individuals tend to be easier targets for fraudsters than businesses but businesses take the bigger hit. Businesses should make a major effort to protect their employees and especially their customers so that nobody has to fall victim to this crime that can destroy reputations and financial aspects of people’s lives. There are simple cost effective steps that businesses can take to prevent this crime from happening within their brand.
Consumers, however, have the biggest burden to protect themselves from this crime as they have to use their own time and money getting out of ID theft. Consumers are also much easier for ID thieves to target online because many victims are unaware of what information is out there about them. It can even be as simple as doing a Google search to find out a victims date of birth in order to fraudulently change the victims password by answering security questions on banking websites. People simply need to take action and think outside to box rather deny that it can happen to them. Once a person agrees that it can happen to them, they are already on the way to protecting their identity.


IMPLICATIONS:

•  Steps that businesses need to take in order to effectively prevent electronic ID theft on consumer or employee/company data
• Securing the corporate network with firewalls, anti-malware protection, and intrusion protection
• Keeping all systems up to date including operating systems and web browsing software
• Insuring an employee web/technology use policy to protect both the company and employees
• Enforce strong passwords in all systems online and off as well as changing of the passwords frequently
• Complete regular maintenance and security checks on all company PCs and systems regularly

RECOMMENDATIONS:

•  Guarding against consumer electronic ID theft
• Be wary of e-mails requesting any kind of personal information
• Most companies will never ask you for personal information such as SSN, online username, and password via e-mail
• If an email looks suspicious, it is better not to open it
• Purchase an internet security suite to help aid in protecting your data and privacy which will in turn help protect your identity
• Never download unknown files from the internet especially from websites you don’t trust
• Monitor all online accounts for fraudulent activity such as banks and other financial institutions
• Do a simple Google search of your name – what information is out there about you?
• Businesses can protect themselves by educating their employees to take the same proactive measures as consumers within the workplace

   
SOURCES:

1. Hines, Matthew. "Report: ID Fraud Grows At Record Pace." eWeek Security Watch. 11 Feb 2010. Ziff Davis, Web. <http://securitywatch.eweek.com/identity_theft/report_id_fraud_grows_at_record_pace.html>.
2. "Javelin Study Finds Identity Fraud Reached New High in 2009, but Consumers are Fighting Back." PRNewswire. 10 Feb 2010. Javelin Strategy & Research, Web. <http://www.prnewswire.com/news-releases/javelin-study-finds-identity-fraud-reached-new-high-in-2009-but-consumers-are-fighting-back-83987287.html>.
3. "More Consumers Experience Fraud, but Mean Consumer Costs and Resolution Hours Drop." NewsCom. 10 Feb 2010. NewsCom, Web. <http://www.newscom.com/cgi-bin/pub/s?f=PRN/prnpub&page=1&xtag=PRN-prnphotos-89538&redir=detail&TAG_ID=prnphotos089538>.
4. Steiner, Sheyna. "The costs of ID theft." Bankrate.com. 21 Apr 2008. Bankrate, Inc., Web. <http://www.bankrate.com/brm/news/Financial_Literacy/identity_theft/costs_of_identity_theft_a1.asp?caret=92a>.
5. "New Research Shows Identity Fraud Growth Is Contained and Consumers Have More Control Than They Think." BBBOnline. 31 Jan 2006. Better Business Bureau, Web. <http://www.bbbonline.org/IDtheft/safetyQuiz.asp>.
6. "Don't Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams ." FDIC. Web. <http://www.fdic.gov/consumers/consumer/guard/>.