Showing papers on "Identity theft published in 2017"

The Consequences of Identity Theft Victimization: An Examination of Emotional and Physical Health Outcomes

Abstract: Identity theft—one of the fastest growing crimes—results in considerable financial losses as well as time spent to restore credit and prevent future attacks. While scholars have begun to devote more attention to identifying the factors that increase risk of identity theft, little is known about the aftermath for victims. Using data from the Identity Theft Supplement to the National Crime Victimization Survey, we address this gap in the literature. Results indicate that, in addition to financial losses and loss of time, victims also experience emotional (e.g., depression) and physical (e.g., poor health) symptoms. The implications of these findings for theory, research, and policy are discussed.

Blur vs. Block: Investigating the Effectiveness of Privacy-Enhancing Obfuscation for Images

Abstract: Computer vision can lead to privacy issues such as unauthorized disclosure of private information and identity theft, but it may also be used to preserve user privacy. For example, using computer vision, we may be able to identify sensitive elements of an image and obfuscate those elements thereby protecting private information or identity. However, there is a lack of research investigating the effectiveness of applying obfuscation techniques to parts of images as a privacy enhancing technology. In particular, we know very little about how well obfuscation works for human viewers or users' attitudes towards using these mechanisms. In this paper, we report results from an online experiment with 53 participants that investigates the effectiveness two exemplar obfuscation techniques: "blurring" and "blocking", and explores users' perceptions of these obfuscations in terms of image satisfaction, information sufficiency, enjoyment, and social presence. Results show that although "blocking" is more effective at de-identification compared to "blurring" or leaving the image "as is", users' attitudes towards "blocking" are the most negative, which creates a conflict between privacy protection and users' experience. Future work should explore alternative obfuscation techniques that could protect users' privacy and also provide a good viewing experience.

Equifax and the Latest Round of Identity Theft Roulette

Abstract: The Equifax data breach has exposed nearly half of the US adult population to identity theft, but that’s not the real story.

A Survey of Authentication Schemes in Telecare Medicine Information Systems

Abstract: E-Healthcare is an emerging field that provides mobility to its users. The protected health information of the users are stored at a remote server (Telecare Medical Information System) and can be accessed by the users at anytime. Many authentication protocols have been proposed to ensure the secure authenticated access to the Telecare Medical Information System. These protocols are designed to provide certain properties such as: anonymity, untraceability, unlinkability, privacy, confidentiality, availability and integrity. They also aim to build a key exchange mechanism, which provides security against some attacks such as: identity theft, password guessing, denial of service, impersonation and insider attacks. This paper reviews these proposed authentication protocols and discusses their strengths and weaknesses in terms of ensured security and privacy properties, and computation cost. The schemes are divided in three broad categories of one-factor, two-factor and three-factor authentication schemes. Inter-category and intra-category comparison has been performed for these schemes and based on the derived results we propose future directions and recommendations that can be very helpful to the researchers who work on the design and implementation of authentication protocols.

Online Social Networks Security: Threats, Attacks, and Future Directions

Abstract: A list of well-known Online Social Networks extend to hundreds of available sites with hundreds of thousands, millions, and even billions of registered accounts; for instance, Facebook as of April 2016 has around two billion active users. Online Social Networks made a difference in many people’s lives and helped in opening avenues that were not possible before. However, as in any success story there is a downside. Cyber-attacks that used to have a small or limited effect can now have a huge distributed effect through utilizing those social network sites. Some attacks are more apparent than others in this context; hence this chapter discusses how serious attacks are possible in online social networks and what has been done to encounter them. It will discuss privacy, Sybil attacks, social engineering, spam, malware, botnet attacks, and the trade-off between services, security, and users’ rights.

Victim Reporting Behaviors Following Identity Theft Victimization: Results From the National Crime Victimization Survey:

Abstract: The current study investigates the decision by victims to report the crime to the police following identity theft victimization. Potential influences on the reporting decision are framed around two criminal justice theories—focal concerns theory and Gottfredson and Gottfredson’s theory of criminal justice decision making. The data used to examine this decision were collected from a nationally representative sample of U.S. adults as a supplement to the 2012 National Crime Victimization Survey. Results suggest that the decision to contact law enforcement is based on the seriousness of the offense, the victim’s knowledge of who committed the crime and how it was perpetrated, as well as practical considerations. These findings parallel other research into victim decision making generally, while also highlighting factors that may be unique to identity theft, notably the effects of income. The results also support the use of criminal justice theory to study and understand victim decision making.

Perspective analysis of telecommunication fraud detection using data stream analytics and neural network classification based data mining

Abstract: With the growing advancements in technology, the lives of the people have become easier and convenient, but at the same time it also mushrooms sophisticated practices through which the fraudsters can infiltrate an organization. Telecommunication industry, being one of the major sectors in the world, is also infiltrated by frauds. Telecommunication fraud is a combination of variety of illegal activities like unauthorized and illegitimate access, subscription identity theft and international revenue share fraud etc. Frauds have proven to be detrimental to the prosperity of a company and impacts customer relations and shareholders. This paper presents the implementation details for detecting telecommunication fraud using Data Stream Analytics and Neural Network classification based Data Mining. For detection using Data Stream Analytics, Event Hub and Stream Analytics components of Microsoft Azure have been used whereas for detection using Data Mining Neural Network Pattern Recognition tool as well as a self-coded algorithm in Matlab has been used. Based on the results, the accuracy of both the techniques have been compared and the situations for selection of a suitable technique based on the user requirements and the flow of data has been narrowed down. The findings can elucidate upon other cloud analytics systems and provide a basis for big data analytics and mining.

A new cryptography algorithm to protect cloud-based healthcare services

Abstract: The revolution of smart devices has a significant and positive impact on the lives of many people, especially in regard to elements of healthcare. In part, this revolution is attributed to technological advances that enable individuals to wear and use medical devices to monitor their health activities, but remotely. Also, these smart, wearable medical devices assist health care providers in monitoring their patients remotely, thereby enabling physicians to respond quickly in the event of emergencies. An ancillary advantage is that health care costs will be reduced, another benefit that, when paired with prompt medical treatment, indicates significant advances in the contemporary management of health care. However, the competition among manufacturers of these medical devices creates a complexity of small and smart wearable devices such as ECG and EMG. This complexity results in other issues such as patient security, privacy, confidentiality, and identity theft. In this paper, we discuss the design and implementation of a hybrid real-time cryptography algorithm to secure lightweight wearable medical devices. The proposed system is based on an emerging innovative technology between the genomic encryptions and the deterministic chaos method to provide a quick and secure cryptography algorithm for real-time health monitoring that permits for threats to patient confidentiality to be addressed. The proposed algorithm also considers the limitations of memory and size of the wearable health devices. The experimental results and the encryption analysis indicate that the proposed algorithm provides a high level of security for the remote health monitoring system.

Growing a cyber-safety culture amongst school learners in South Africa through gaming

Abstract: Virtually all school learners today have access to ICT devices and the internet at home or at school. More and more schools are using ICT devices to improve education in South Africa. ICT devices and internet access have enormous advantages and assist learners in learning and teachers in teaching more successfully. However, with these advantages come numerous ICT and cyber-risks and threats that can harm learners, for example cyber-bullying, identity theft and access to inappropriate material. Currently, South Africa does not have a long-term plan to grow a cyber-safety culture in its schools. This research therefore proposes a short-term initiative in the form of a game-based approach, which will assist school learners in becoming more cyber safe and teach learners about the relevant cyber-related risks and threats. The research is based on a quantitative survey that was conducted among primary school learners to establish if the game-based approach would be a feasible short-term initiative. The aim of the research is to establish if a game based approach can be used to improve cyber-safety awareness. This approach was plotted into the required ICT and cyber-safety policy required by all schools.

Reporting behaviors of identity theft victims: an empirical test of Black’s theory of law

Abstract: Purpose This paper aims to examine factors that influence the decision to report by victims of identity theft victimization. The study of victim decision-making is not new within the field of criminology; however, a majority of the research has focused on decision-making surrounding victims of intimate partner violence and other violent offenses. With the increase of identity theft, knowledge on how a growth in such a crime influences victims is of great concern. Design/methodology/approach Guided by Donald Black’s theory of the behavior of law, this study will use the 2012 Identity Theft Supplement of the National Crime Victimization Survey to identify factors that influence whether victims of identity theft report the crime to credit agencies and/or authorities. Findings This study finds that measures that influence reporting behaviors differ based on the method of reporting (i.e. reporting to a credit card company, law enforcement or a credit bureau). These findings provide little support for Black’s theory of law, but have several theoretical and policy implications. Originality/value This study provides a partial test of Black’s theory of law, as it applies to identity theft victims. While providing little support for the theory, the findings identify many areas that agencies and researchers can use to help further inform their studies and practices.

Identity Theft Detection in Mobile Social Networks Using Behavioral Semantics

Abstract: User behavioral analysis is expected to be a key technique for identity theft detection in the Internet, especially in mobile social networks (MSNs). While traditional methods prefer to use explicit behaviors, a series of behaviors implicit in user's texts can probably provide much more accurate identity. And these implicit behaviors can be digged from texts by LDA. Besides the latent feature in texts, a behavior also include other features (e.g., spatial and temporal features). A joint feature including these features can be a better evidence for identity theft detection. In this paper, we use a probabilistic generative model to detect identity theft in MSNs. We are going to conduct experiments on two real-life datasets: Foursquare and Yelp. A early experiment shows that semantic features achieve better performance than spatial features and we are conducting our main experiment to see a better performance with joint behavioral feature.

The Council of Europe Convention on Cybercrime

Abstract: The Internet is often referred to as the new "Wild West". This maxim holds true, because the Internet is so similar to the turn of the century Western Frontier. This chapter is intended to expand upon the existing wealth of knowledge regarding cybercrimes. Cybercrimes are not limited to businesses. The Federal Trade Commission reported that identity theft and bogus Internet scams topped the list of consumer fraud complaints in 2001. "The Department of Justice ("DOJ") defines computer crimes as 'any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution'". Identity theft is now being called "the signature crime of the digital era". "Identity theft is the illegal use of another's personal identification numbers". In the United States, laws intended to combat cybercrimes are already in place. Due to the nature of cybercrimes and an undeveloped international body of law on the topic, cybercrimes often occur internationally.

Formalisation of a data analysis environment based on anomaly detection for risk assessment : Application to Maritime Domain Awareness

Abstract: At sea, various systems enable vessels to be aware of their environment and on the coast, those systems, such as radar, provide a picture of the maritime traffic to the coastal states. One of those systems, the Automatic Identification System (AIS) is used for security purposes (anti-collision) and as a tool for on-shore bodies as a control and surveillance and decision-support tool.An assessment of AIS based on data quality dimensions is proposed, in which integrity is highlighted as the most important of data quality dimensions. As the structure of AIS data is complex, a list of integrity items have been established, their purpose being to assess the consistency of the data within the data fields with the technical specifications of the system and the consistency of the data fields within themselves in a message and between the different messages. In addition, the use of additional data (such as fleet registers) provides additional information to assess the truthfulness and the genuineness of an AIS message and its sender.The system is weekly secured and bad quality data have been demonstrated, such as errors in the messages, data falsification or data spoofing, exemplified in concrete cases such as identity theft or vessel voluntary disappearances. In addition to message assessment, a set of threats have been identified, and an assessment of the associated risks is proposed, allowing a better comprehension of the maritime situation and the establishment of links between the vulnerabilities caused by the weaknesses of the system and the maritime risks related to the safety and security of maritime navigation.

A theoretical review of social media usage by cyber-criminals

Abstract: Social media plays an integral part in individual's everyday lives as well as for companies. Social media brings numerous benefits in people's lives such as to keep in touch with close ones and specially with relatives who are overseas, to make new friends, buy products, share information and much more. Unfortunately, several threats also accompany the countless advantages of social media. The rapid growth of the online social networking sites provides more scope for criminals and cyber-criminals to carry out their illegal activities. Hackers have found different ways of exploiting these platform for their malicious gains. This research englobes some of the common threats on social media such as spam, malware, Trojan horse, cross-site scripting, industry espionage, cyber-bullying, cyber-stalking, social engineering attacks. The main purpose of the study to elaborates on phishing, malware and click-jacking attacks. The main purpose of the research, there is no particular research available on the forensic investigation for Facebook. There is no particular forensic investigation methodology and forensic tools available which can follow on the Facebook. There are several tools available to extract digital data but it's not properly tested for Facebook. Forensics investigation tool is used to extract evidence to determine what, when, where, who is responsible. This information is required to ensure that the sufficient evidence to take legal action against criminals.

Business email compromise and executive impersonation: are financial institutions exposed?

Abstract: Purpose To explain the fraud schemes known as business email compromise (BEC) and executive impersonation that are growing in popularity, and the threat they pose to financial institutions. Design/methodology/approach This article explains BEC and executive impersonation and how they are carried out, and discusses how regulations and practical operational steps are trying to address this fraud issue. Findings Financial institutions should understand the potential for legal and regulatory risks posed by BEC and executive impersonation, and consider taking steps to create a proactive, culture of skepticism and heightened awareness to combat this type of fraud. Originality/value This article is adapted from the original report issued by the American Institute of CPAs and has been updated to address specifics concerning financial institutions.

Bot or not

Abstract: In recent years, Twitter, a social networking website, has been affected by a steady rise in spam on its network. Hijacking of social media accounts has become a modern-day danger. Motivations for this can range from attempts in identity theft to simply skewing the perception of an audience. In this paper, we extend our previous work, Engineering Your Social Network to Detect Fraudulent Profiles, by doing an investigation of spam bots on Twitter. We propose an algorithm that will distinguish a spam bot, from a genuine user account by using a JavaScript testing framework that consumes Twitter's REST API. We ran a dataset of 700 Twitter accounts through our algorithm and identified that roughly 11% of the dataset were bots.

Protecting Critical Infrastructure at the State, Provincial, and Local Level: Issues in Cyber-Physical Security

Abstract: The issue of cyber-security is currently having and will continue to have a major impact on organized society. Cyber-threats to infrastructure, and other assets, are of growing concern to policymakers throughout the world. For example, the President of the United States (US), in 2009, declared cyber threats to be among “the most serious economic and national security challenges we face as a nation” and stated that “America’s economic prosperity in the 21st century will depend on cyber-security.” Cyber-attacks might include denial of service, theft or manipulation of data. Information and communications technology (ICT) is becoming ubiquitous and many ICT devices and other components are interdependent. Therefore disruption of one component may have a negative, cascading effect on others. It is clear that cyber-security issues include not only the threats associated with information technology but also involves physical threats to Critical Infrastructure (CI). Damage to critical infrastructure through a cyber-based attack could have a significant impact on security at the national level, the economy, and the livelihood and safety of citizens. It is therefore important that national governments develop comprehensive strategies to deal with issues related to cyber-security. As critical infrastructure becomes more dependent on computer technology and increasingly tied to the internet, cyber-attacks against communication networks and system are growing in number and are becoming more sophisticated. Several examples are presented, that illustrate the impact of cyber-attacks on international security as well as attacks on critical infrastructure. In addition, a number of approaches that might help deal with cyber-security are suggested including the development of public-private partnerships.

Online Self-disclosure: From Users’ Regrets to Instructional Awareness

Abstract: Unlike the offline world, the online world is devoid of well-evolved norms of interaction which guide socialization and self-disclosure. Therefore, it is difficult for members of online communities like Social Network Sites (SNSs) to control the scope of their actions and predict others’ reactions to them. Consequently users might not always anticipate the consequences of their online activities and often engage in actions they later regret. Regrettable and negative self-disclosure experiences can be considered as rich sources of privacy heuristics and a valuable input for the development of privacy awareness mechanisms. In this work, we introduce a Privacy Heuristics Derivation Method (PHeDer) to encode regrettable self-disclosure experiences into privacy best practices. Since information about the impact and the frequency of unwanted incidents (such as job loss, identity theft or bad image) can be used to raise users’ awareness, this method (and its conceptual model) puts special focus on the risks of online self-disclosure. At the end of this work, we provide assessment on how the outcome of the method can be used in the context of an adaptive awareness system for generating tailored feedback and support.

Email phishing detection and prevention by using data mining techniques

Abstract: Social engineering has emerged as a serious threat in virtual communities and is an important means to attack information systems. The services used by today's knowledge workers prepare the base for complicated social engineering attacks. Phishing is a kind of technically generated social engineering attack and is the type of identity theft that uses the social engineering techniques and complex attack vectors to harvest financial information from unsuspecting consumers. It is a kind of attack in which phishers use spoofed emails and fraudulent web sites to trick people into giving personal information. Victims perceive these emails as trusted, while in reality they are the work of phishers interested in identity theft. Therefore, there is an urgent need for anti-phishing solutions and hereabout have been identified, a number of solutions to mitigate phishing attacks have been suggested. In this work, a phishing detection method is proposed by using machine learning and data mining techniques. Success rate of %89 has been achieved against phishing attacks coming from email messages.

Paraguayan Horses: The Entailments of Internet Policy and Law in Brazil

Abstract: In this paper I consider law and lawlessness as interpretive practices that seek both to unleash and control the Internet in Brazil. I analyze diverse institutions and actors: the government, lawyers, judges, NGOs, hackers, pirates, and police. Whereas users of “new” media frequently distance themselves from previous media forms along technological lines, in this Brazilian case, policy makers index their border with Paraguay. They also point to what they take to be a uniquely Brazilian corporate rapaciousness, arguing that that rapaciousness partakes of bordering practices much like those involved in Paraguay. In this sense, mediation is more about the nation and the corporation than it is about reference to previous technologies. I analyze all this through attention to media piracy, identity theft, and hacking. In order to understand the publics that are facilitated and foreclosed by the Internet, we must attend to durable, localized, border policing as well as mainstream understandings of business trans...

Combatting Identity Theft: A Proposed Ethical Policy Statement and Best Practices

Abstract: The purpose of this article is to explore the law related to identity theft, to review corresponding rights, and responsibilities of stakeholders involved in identity theft and to formulate a system of best practices businesses could engage in to prevent or reduce identity theft threats. Utilizing two ethical frameworks based on deontological approaches, the authors conclude that there should be a well-defined management scheme to prevent identity theft, which is easy to comprehend and comply with for all stakeholders. Our proposed management scheme incorporates both legal and ethical elements such that identity theft will be more difficult. Further, our proposal would also address business entities’ practices that are so careless that identity theft is made possible at all or made easier: ethical business practice can do much to reduce or eliminate identity theft.

Secure one-time biometrie tokens for non-repudiable multi-party transactions

Abstract: Numerous applications require users to interact with a multitude of entities in order to avail a service. In such applications, the identity of the user is typically verified through physical or digital tokens, which are prone to both identity theft (lost or stolen tokens) and repudiation claims by malicious users. The use of biometrics can provide non-repudiability by ensuring that a purchaser is the bonafide user of the service. However, in applications entailing multiple stakeholders, there may be privacy issues with sharing user's biometrics data. While this concern can be addressed by storing the user's biometric data on the token itself, strong mechanisms are required to ensure that token is both secure and tamper-proof. In this paper, we propose a single use biometric token that relies on Shamir's secret sharing algorithm and blockchain technology to ensure that the encrypted biometric template contained in the token is secure, tamper-proof, and any attempt to use the issued token is irrefutably logged to prove subsequently that the user indeed availed the service. We also analyze issues related to the system security, user privacy, and usability of the proposed solution.

Today's social network sites: An analysis of emerging security risks and their counter measures

Abstract: The concept of social networking sites boomed in this modern era of globalization as it opens the door for the people to communicate with each other despite thinking about geographical distances. Perceived benefits from these social networks are not limited to only connecting people but provide more than that such as sharing media contents, opinions about a topic, promoting business through digital marketing and staying up to date with recent stories around the world. A number of social network sites are available today, some of which are considered as giants in this domain such as Facebook, Twitter, Google+, LinkedIn, Friendster, and Tribe. The wide adoption of these social networking sites urged researchers to think about security concerns, as when the communication is over the internet; there is always a higher probability that confidentiality of personal information can be compromised. With the pursuit of security goals, existing studies share the knowledge about different types of attacks and techniques used by malicious entities to strike against these social sites. To defend these attacks, different security measures have been adopted by organizations providing social networking services. Substantial discussions about the adoption of social sites, possible attacks and their countermeasures in contemporary studies became the motivation for this research. In this paper, we have introduced a taxonomy of social websites attacks and provided our literature survey results that help to categorize possible attacks and preferred counteractions to defense against these attacks. For now, this categorization is based on the type of communication used and attacker'a s goals. Further, we are interested in investigating the security of social sites with respect to users.

A Mathematical Model for a Hybrid System Framework for Privacy Preservation of Patient Health Records

Abstract: Electronic Health Records sharing is extremely healthful for medical data analysis while preserving of patients' privacy also play a major role. While cloud computing and the emergence of big data phenomena presents significant opportunity for health care, they also elicit privacy concerns during the sharing of data for analysis and research. The privacy of the patients are at risk while using the electronic healthcare system for the submission of healthcare data through the internet for analysis. The leakage of personal health information can easily be compromise for medical insurance fraud or medical identity theft. These concerns indicate the need to ensure privacy protection when collecting medical data for analyzing or publishing. This study presents a mathematical model for identity based encryption protocol for privacy preservation of the patient during the collection of patient health data for analysis. This has become an integral part of human daily life in which health data are submitted for analysis. The model delinks the patient's identity from the examined data during data submission for the preservation of the patient's privacy.

Privacy Scoring of Social Network User Profiles Through Risk Analysis

Abstract: The social benefit derived from online social networks (OSNs) can lure users to reveal unprecedented volumes of personal data to a social graph that is much less trustworthy than the offline social circle. Although OSNs provide users privacy configuration settings to protect their data, these settings are not sufficient to prevent all situations of sensitive information disclosure. Indeed, users can become the victims of harms such as identity theft, stalking or discrimination. In this work, we design a privacy scoring mechanism inspired by privacy risk analysis (PRA) to guide users to understand the various privacy problems they may face. Concepts, derived from existing works in PRA, such as privacy harms, risk sources and harm trees are adapted in our mechanism to compute privacy scores. However, unlike existing PRA methodologies, our mechanism is user-centric. More precisely, it analyzes only OSN user profiles taking into account the choices made by the user and his vicinity regarding the visibility of their profile attributes to potential risk sources within their social graphs. To our best knowledge, our work is the first effort in adopting PRA approach for user-centric analysis of OSN privacy risks.

Identity Crime Detection Using Data Mining

Abstract: Identity Crime is considered as crimes which involve masquerading one's identity and steal confidential information with respect to the concerned person's identity. This paper mainly deals with identity crime related to credit card application, which nowadays is quite prevalent and costly even. The existing non data-mining techniques for eliminating identity theft have some flaws and to combat them a new data-mining layer of defence has been proposed. This novel layer makes use of two algorithms-Communal Detection and Spike Detection for detecting frauds in applications.