Other Research Projects

WHAT SHOULD YOU DO IF YOU SUSPECT YOUR IDENTITY HAS BEEN STOLEN?

If your identity has been impersonated, what you should do to protect yourself? If you suspect that you may be a victim of identity fraud, please take the following action immediately:

• If your identity is stolen go for help to the Federal Trade Commission at http://www.consumer.gov/idtheft/
• Download the identity theft kit from the FTC at www.ftc.gov/idtheft
• Contact the fraud department of each of the three major credit bureaus
--Equifax (800) 685-1111 www.equifax.com
--Experian (888) 397-3742 www.experian.com
--Trans Union (800) 916-8800 www.tuc.com
• File a police report
• Contact the creditors for any accounts that have been tampered with or opened fraudulently

TEN STEPS TO PROTECT YOUR IDENTITY

• Be skeptical and don't trust that things online as always what they appear to be;
• Get and install a personal or corporate firewall before you connect any computer to the internet. Once a computer is connected to the internet it will be quickly compromised if there is no firewall in place.
• Get anti-virus, anti-spyware & anti-malware software.
• Don’t use Microsoft Explorer as your standard internet browser. Use one of the several alternatives. Most criminal networks target the Explorer users because Explorer is the most common browser.
• If you doubt a message's authenticity, verify it by contacting the institution itself;
• Avoid spoofed sites by entering Web addresses directly into the browser yourself or by using bookmarks you create;
• Avoid websites you don’t already know. Criminal gangs are creating fraudulent shopping sites that advertise low cost brand name goods merely to harvest your credit card data. Just landing on such a site if you are using a common internet browser can compromise your PC.
• When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't;
• Forward fraudulent spam to the Federal Trade Commission at spam@uce.gov and the Anti-Phishing Working Group at reportphishing@antiphishing.org;
• Don't buy anything promoted in a spam message. Even if the offer isn't a scam, you are helping to finance and encourage spam.

INTERVIEW WITH STEPHEN RANZINI
President & Chairman, University Bank

by Ben Bradley

TELL US A LITTLE ABOUT YOU

I’ve been head of my banking organization for 17 years now. Although I was a scholarship student at Exeter and Yale, when I was 23 I convinced BankOne to lend me the money to buy a bank in a leveraged buy-out and at that time became the youngest bank holding company President in the country. I’m deeply involved in banking technology and I’m the U.S. delegate to the United Nations global financial services standards setting body as well as the International Standards Organization global standards setting body.

WHAT KEEPS YOU UP AT NIGHT?

As a banker, “phishing” keeps me up at night. I’m involved with a number of groups studying what to do about it.

Phishing is the act of sending an email to an internet user falsely claiming to be a legitimate enterprise in an effort to trick the user into providing private information that will be used for identity impersonation.

More than any virus, phishing relies on the user to fall for a mechanized social engineering attack than can be highly personalized.

Phishing and spam and identity impersonation hurt legitimate business because they undermine the entire ecommerce channel.

The banking industry is working on ways to combat these threats by providing consumers with stronger identity management tools online.

But for business owners, our credibility and our ability to transact is negatively impacted because of the pervasive nature of these sophisticated risks. Fully 30% of all PCs in the world are compromised already by criminal hacker gangs who steal information. That means on average 30% of our customers’ PC are compromised. When compromised by Remote Access Trojans (RATs) these PCs become part of so-called zombie-bot networks.

PHISHING RELIES ON HUMAN NATURE, HOW DO YOU TRAIN YOUR PEOPLE TO BE SKEPTICAL?

We constantly share with our staff real life examples of fraud, show them what a virus or phishing email looks like and educate them about the many risks. Electronic fraud is usually quite similar to bunko artist cons that have been successful for decades in the real world. The internet merely allows greater anonymity to the criminals and increased efficiency through mass personalization that the criminals’ compromised networks of millions of zombie-bot computers enable.

HOW ARE PHISHING TECHNIQUES EVOLVING?

The technique we’ve all seen uses email with a link to a legitimate looking but fraudulent website where the user is asked to update personal information such as passwords and credit card, social security, and bank account numbers.

These e-mails are put out by criminals who prey on consumers who are naïve about the many risks of being online. No bank or credit card company or government regulator will ever send you an email about your account and ask you to do anything other than to call them. Be skeptical about e-mails and who they are really from because when the internet was designed, it wasn't designed to tell you for sure who was sending you an e-mail.

The sad thing is, approximately 5% of recipients respond to a phisher's request.

Thank goodness people are getting smarter.

Unfortunately, the criminals have lots of time to think about different and creative ways to separate you from your money.

That’s why almost anything online can be spoofed. Have you ever seen an account statement contained in an Adobe Acrobat file with a password that locks the file from being altered? Well, a free program available from a hacker site that can crack any Adobe password – allowing anyone to alter the account statement.

There is even a new type of fraud where criminals spoof caller ID to impersonate your bank and ask you to give your security password to the "bank" employee over the phone. You cannot trust your caller ID anymore. Even if your caller ID says "University Bank," hang up and call us back to verify.

Even going to an innocent looking website can get you in trouble. Criminals designed a website selling brand name bicycles cheaply that scored high on Google and Yahoo Shopping searches. If you entered your credit card information and "purchased" a bicycle at a great price, no bicycle ever came, and your credit card wasn't charged. Why? They just wanted to steal your identity, which is more valuable to criminals than a simple credit card and impossible to recover once it's been stolen. With an identity they can buy a house in your name, take out loans in your name and cause you endless mischief. One person I met was on the FBI's Top 10 Most Wanted List, not because she had done anything wrong but because a criminal had impersonated her identity.

IF YOU CAN’T TRUST ANYTHING, HOW DOES THAT IMPACT THE INTEGRITY OF THE BANKING INDUSTRY? HOW DOES THIS IMPACT BUSINESS OWNERS?

The banking industry is suffering increased losses from identity impersonation and identity fraud. Business owners are also getting hit with increased losses from credit card charge-backs, increased costs from mandates for new security services, fraudulent checks and fraudulent electronic transactions.

Reprinted with permission of CDW and http://www.biztechmagazine.com