PPT 05

Computer Forensics and Cyber
Crime
CHAPTER 5
Identity Theft and
Identity Fraud
Computer Forensics and Cyber Crime, 3 rd ed. Copyright © 2013 by Pearson Education, Inc.
Marjie T. Britz All Rights Reserved
Learning Objectives
• Gain a quick clarification of terms related

to identity theft and fraud.
• Understand the difference between

identity theft and identity fraud.
• Explore the five types of identity

theft/fraud.
Learning Objectives
• Understand the difference between

identity theft and identity fraud.
• Explore the five types of identity

theft/fraud.
Introduction
• Identity theft is traditionally used to describe

ANY use of stolen personal information.
• Identity fraud includes identity theft within its
purview.
• Many illegal activities involve fraudulent use of

identifying information of a real/fictitious person.
• Committed when a credible identity is created
through access to credit cards, financial or
employment records, etc.
Typologies of Internet Theft/Fraud
• Assumption of Identity
§ Involves one person assuming all aspects of
the other’s life
§ Rare, because of the difficulty in accomplishing
it
• Theft for Employment and/or Border Entry

§ Fraudulent use of stolen or fictitious personal
information to get work or to gain entry into
the U.S.
§ Growing from increase in illegal immigration,
alien smuggling
§ Fraudulent documents here include alien
registration cards; nonimmigrant visas,
passports, and citizenship documents; and
border crossing cards
• Criminal Record Identity Theft/Fraud

§ Aim: evading capture, criminal prosecution
§ Often involves lying to police upon arrest
§ Another version: Reverse criminal record
identity theft, using a victim’s identity just to
get work
• Virtual Identity Theft/Fraud

§ Use personal, professional, or other aspects of
identity to develop fraudulent virtual
personality
§ Easy to accomplish, since it requires little
effort
§ For innocent or malevolent reasons
• Credit Identity Theft/Fraud

§ Use of stolen personal, financial information
leading to creation of fraudulent accounts
§ Most common & most feared
Prevalence and Victimology
• Difficult to measure because of lack of

consistency and accuracy, the latter due to:
§ Perceptions of apathy
§ Lack of reporting by local, state law enforcement to
federal agencies
§ Jurisdictional discrepancies regarding how to
measure these activities
§ Selective enforcement based on community
standards & departmental resources
§ Delayed notification or awareness of victimization
§ Vested interest of private companies to exploit

consumer fear
§ Lack of mandatory reporting and inconsistent
prosecution by federal agencies
§ Lack of national standards in measurement
• Primary information sources:

§ Credit reporting agencies
§ Software companies
§ Popular and trade media
§ Government agencies
• All have agendas:

§ Credit reporting agencies, software companies
want to sell you services, products for
protection
§ Popular press thrives on consumer fears
• Victims and the costs associated with

victimization are especially difficult to
measure because the losses take the form
of more than just a dollar amount.
• Factors:
§ Loss of consumer confidence
§ Delay in victim awareness
§ General lack of reporting
• Expected to see sharp increases, especially in

virtual methods, due to:
§ Increasing globalization of communication and
commerce
§ Lack of cooperation by lenders and consumer
reporting agencies
§ Lenders don’t want to alienate consumers by
creating time-consuming safety measures
§ Credit bureaus make money by selling
protection
§ Increased outsourcing of information and
services
Physical Methods of Identity Theft
Mail Theft
• Information stolen from mailboxes, including credit card
offers, government documents, like Social Security
statements and passports, for example.
• Popcorning: steal information by looking for raised flags
which signal outgoing mail
Dumpster Diving
• Searching waste receptacles for identification information
• Theft of Computers
§ Physical theft of computers, especially laptops,
from airports, hotel rooms, homes, and offices,
because they contain personal information
• Bag Operations
§ Theft of intelligence
§ By governmental intelligence operatives
§ Often committed in hotel rooms
§ Often done by using corrupted hotel
employees
§ Easier to do because of portable mass storage
media
• Child Identity Theft
§ Typically committed by parents
§ Dramatically increasing
§ Problems include delayed identification; also,
not within the purview of child welfare
agencies
• Insiders
§ Since committed by employees, intentionally
or accidentally, perhaps the greatest threat
• Fraudulent/Fictitious Companies
§ Very sophisticated
§ Involves the creation of shell companies to
gather personal information
• Card Skimming
§ Theft of personal information encoded on the
magnetic strip of credit/debit card
• ATM Manipulation
§ Includes stealing personal information, like
PIN, through use of fraudulent ATM
Virtual or Internet-Facilitated
Methods
• Capitalizes on the nature of the world wide
web, built for efficiency and not security
• International nature opens up a huge

number of potential victims
Methods
• Phishing
§ Involves fraudulent e-mails seeking
information (such as the infamous Nigerian
419 letter), use of fake web sites
§ Difficult to identify offenders
• Variations include:
§ Spoofing: Soliciting funds via false, but
apparently authentic, communications
§ Pharming: Redirecting connection from
legitimate IP address to redirect to a mirror
site
Methods
§ Redirector: Malware redirects traffic to
undesired site
§ Advance-fee/419 fraud: Strangers deceiving
people into providing financial information,
often due to a promise of a windfall
§ Phishing Trojans or spyware, often to create
botnets
§ Floating windows, placed over address bar of a
browser, to site to steal personal info
§ Botnets: Change Web site IP address without
changing domain name, to steal info and
spread malware
Methods
• Spyware and Crimeware
§ Spyware: takes control of computer's
interactions with users to capture info
§ Crimeware: spyware to achieve identity theft,
other economically motivated crimes
• Keyloggers and Password Stealers

§ Keyloggers record key strokes, like passwords;
could be hardware or software
Methods
• Trojans
§ Can have an apparently legitimate purpose;
often, keyloggers, password-stealers, or
installers of back doors
Crimes Facilitated by Identity
Theft/Fraud
• Aim: Anonymous entry into private areas
to transfer resources
• Typically a four-phase process:
§ Procure stolen identifiers
§ Create or secure of a breeder document (birth
certificate, driver's license, etc.)
§ Use breeder document to create additional
fraudulent documents and solidify an identity
§ Employ fraudulent identity to commit criminal
act
Crimes Facilitated by Identity
Theft/Fraud
• Insurance and Loan Fraud
§ Get government loans, enroll at legitimate
institution, drop out, pocket the moneys,
disappear
• Immigration Fraud and Border Crossings

§ Fraud includes the goal to secure a border
crossing, obtain immigration benefits, engage
in acts of terror
§ Example: Three hundred employees arrested
at Swift & Company, the world’s second-
largest meat processing plant
Conclusions and
Recommendations
• Expand the definition of personal identifying
information to include unique biometric data.
• Establish a central repository of vital statistics.
• Develop alternate means to authenticate identity
authentication.
• Prohibit the exportation of personal information
to foreign countries.
• Provide victims with the ability to petition the
court for a finding of factual innocence.
• Provide for consumer-initiated credit “freezes” or
“blocks.”
Conclusions and
Recommendations
• Restrict access and publication of social security
numbers.
• Ban the sale of social security numbers.
• Require the oversight of data-selling companies.
• Require enhanced identity authentication
practices.
• Develop a standardized police report.
• Develop civil remedies and criminal penalties
directly proportionate to the loss suffered.
• Provide civil remedies for victims.
Conclusions and
Recommendations
• Develop incentives for businesses, financial
institutions, and consumer reporting agencies.
• Hold credit reporting agencies and lenders
responsible for their mistakes.
• Provide for ongoing funding for research,
enforcement, and public education ID theft/fraud.
• Mandate incident reporting.
• Create a centralized incident database.

PPT 05

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PPT 05

Uploaded by

Copyright:

Available Formats

Computer Forensics and Cyber

• Gain a quick clarification of terms related

• Understand the difference between

• Explore the five types of identity

• Understand the difference between

• Explore the five types of identity

• Identity theft is traditionally used to describe

• Many illegal activities involve fraudulent use of

• Theft for Employment and/or Border Entry

• Criminal Record Identity Theft/Fraud

• Virtual Identity Theft/Fraud

• Credit Identity Theft/Fraud

• Difficult to measure because of lack of

§ Vested interest of private companies to exploit

• Primary information sources:

• All have agendas:

• Victims and the costs associated with

• Expected to see sharp increases, especially in

• International nature opens up a huge

• Keyloggers and Password Stealers

• Immigration Fraud and Border Crossings

You might also like