Showing papers on "Identity theft published in 2018"

Big Data and Service Operations

Abstract: This study discusses how the tremendous volume of available data collected by firms has been transforming the service industry. The focus is primarily on services in the following sectors: finance/banking, transportation and hospitality, and online platforms (e.g., subscription services, online advertising, and online dating). We report anecdotal evidence borrowed from various collaborations and discussions with executives and data analysts who work in management consulting or finance, or for technology/startup companies. Our main goals are (i) to present an overview of how big data is shaping the service industry, (ii) to describe several mechanisms used in the service industry that leverage the potential information hidden in big data, and (iii) to point out some of the pitfalls and risks incurred. On one hand, collecting and storing large amounts of data on customers and on past transactions can help firms improve the quality of their services. For example, firms can now customize their services to unprecedented levels of granularity, which enables the firms to offer targeted personalized offers (sometimes, even in real‐time). On the other hand, collecting this data may allow some firms to utilize the data against their customers by charging them higher prices. Furthermore, data‐driven algorithms may often be biased toward illicit discrimination. The availability of data on sensitive personal information may also attract hackers and gives rise to important cybersecurity concerns (e.g., information leakage, fraud, and identity theft).

Securing the Internet of Things (IoT): A Security Taxonomy for IoT

Abstract: In Internet of Things (IoT), there is a vast number of connected devices that exist These devices are collecting and transmitting great volumes of data from device to device, device to enterprise systems, and occasionally from device to humans Due to the billions of connected devices, there is a great risk of identity and data theft, device manipulation, data falsification, server/network manipulation, and subsequent impact to application platforms While the number of these interconnected devices continues to grow every day, so does the number of security threats and vulnerabilities posed to these devices Security is one of the most paramount technological research problems that exist today for IoT Security has many facets - security built within the device, security of data transmission, and data storage within the systems and its applications There is an extensive amount of literature that exists on the subject with countless problems as well as proposed solutions; however, most of the existing work does not provide a holistic view of security and data privacy issues within the IoT The primary goal of this research work is to advance the current state of the art in IoT research by identifying (a) the critical domains where IoT is heavily used, (b) the security requirements and challenges that IoT is currently facing, and (c) the existing security solutions that have been proposed or implemented with their limitations

Keeping a Low Profile?: Technology, Risk and Privacy among Undocumented Immigrants

Abstract: Undocumented immigrants in the United States face risks of discrimination, surveillance, and deportation. We investigate their technology use, risk perceptions, and protective strategies relating to their vulnerability. Through semi-structured interviews with Latinx undocumented immigrants, we find that while participants act to address offline threats, this vigilance does not translate to their online activities. Their technology use is shaped by needs and benefits rather than risk perceptions. While our participants are concerned about identity theft and privacy generally, and some raise concerns about online harassment, their understanding of government surveillance risks is vague and met with resignation. We identify tensions among self-expression, group privacy, and self-censorship related to their immigration status, as well as strong trust in service providers. Our findings have implications for digital literacy education, privacy and security interfaces, and technology design in general. Even minor design decisions can substantially affect exposure risks and well-being for such vulnerable communities.

An Artificial Intelligence Approach to Financial Fraud Detection under IoT Environment: A Survey and Implementation

Abstract: Financial fraud under IoT environment refers to the unauthorized use of mobile transaction using mobile platform through identity theft or credit card stealing to obtain money fraudulently. Financial fraud under IoT environment is the fast-growing issue through the emergence of smartphone and online transition services. In the real world, a highly accurate process of financial fraud detection under IoT environment is needed since financial fraud causes financial loss. Therefore, we have surveyed financial fraud methods using machine learning and deep learning methodology, mainly from 2016 to 2018, and proposed a process for accurate fraud detection based on the advantages and limitations of each research. Moreover, our approach proposed the overall process of detecting financial fraud based on machine learning and compared with artificial neural networks approach to detect fraud and process large amounts of financial data. To detect financial fraud and process large amounts of financial data, our proposed process includes feature selection, sampling, and applying supervised and unsupervised algorithms. The final model was validated by the actual financial transaction data occurring in Korea, 2015.

Detection of phishing attacks

Abstract: Phishing is a form of cybercrime where an attacker imitates a real person / institution by promoting them as an official person or entity through e-mail or other communication mediums. In this type of cyber attack, the attacker sends malicious links or attachments through phishing e-mails that can perform various functions, including capturing the login credentials or account information of the victim. These e-mails harm victims because of money loss and identity theft. In this study, a software called “Anti Phishing Simulator” was developed, giving information about the detection problem of phishing and how to detect phishing emails. With this software, phishing and spam mails are detected by examining mail contents. Classification of spam words added to the database by Bayesian algorithm is provided.

Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks

Abstract: One of the most difficult challenges in information security today is phishing. Phishing is a difficult problem to address because there are many permutations, messages, and value propositions that can be sent to targets. Spear phishing is also associated with social engineering, which can be difficult for even trained or savvy employees to detect. This makes the user the critical point of entry for miscreants seeking to perpetrate cyber crimes such as identity theft and ransomware propagation, which cause billions of dollars in losses each year. Researchers are exploring many avenues to address this problem, including educating users and making them aware of the repercussions of becoming victims of phishing. The purpose of this study was to interview security professionals to gain better insight on preventing users and employees from succumbing to phishing attack. Seven subject-matter experts were interviewed, revealing nine themes describing traits that identify users as vulnerable to attack or strongly resistive to attack, as well as training suggestions to empower users to resist spear phishing attacks. Suggestions are made for practitioners in the field and future research.

General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management

Abstract: Surveillance and secrecy breaching incidents of users' privacy questioned the current third-parties data collection procedure. Massive amounts of Personally Identifiable Information (PII) are being exploited due to malpractice, identity theft, spamming, phishing and cyber-espionage. A large amount of data flow from users to enterprises for data-driven market analysis and prediction. Consequently, it is tough to track the flow and genuineness of PII. Blockchain technology, an ‘immutable’ distributed ledger which can efficaciously track PII exchange, store, and distribution. In contrast, ongoing EU General Data Protection Regulation (GDPR) demands ‘right to forget’ and ‘should be erasable’ rights. However, this paper proposes an off-chain Blockchain architecture which uses both local database and distributed ledgers to preserve a trustable PII life cycle. Considering the key factors of GDPR, prevailing Blockchain architecture were modified and a prototype was created to validate our proposed architecture using multichain 2.0. Proposed architecture stores PII and Non-PII physically separated location. Finally, with proposed architecture user will realm privacy and rigidity of Blockchain along with the privacy regulation of GDPR. Validation is done by comparing proposed system with existing methodology from technical aspects, future research scopes is also well advocated.

Impact of fear of identity theft and perceived risk on online purchase intention

Abstract: Background and Purpose: Online activities are present in almost every aspect of people’s daily lives. Online purchases are also increasing each year and therefore it is important to investigate what influences online purchase intentions. Online purchase intentions are among everything else, influenced by the fear of identity theft and perceived risk. Design/Methodology/Approach: The online survey was conducted among 190 participants from Slovenia. The relations between the constructs of fear of financial losses, fear of reputational damage, perceived risk and online purchase intention were investigated. Results: The research showed that the relations between the constructs of fear of financial losses, fear of reputational damage, perceived risk are positive and the relation between the constructs of perceived risk and online purchase intention were negative. All of the relations were statistically significant. Conclusion: Understanding the impact of fear of identity theft and perceived risk on online purchase intention can be helpful for online sellers, because with these findings they can manage this fear and perceived risk to increase online purchase intention and address the risks accordingly. Online sellers should therefore regard new findings from the field of online sales. If an online store wants to have success in sales, they should consider all sides of customers’ desires as well as their restraints. Keywords: e-commerce; fear of identity theft; online purchase intention; perceived risk; SEM

Crooked Spirits and Spiritual Identity Theft: A Keener Response to Crooks?

Abstract: Mark Crooks’ article offers a new paradigm for exploration: namely, that many instances in the transcultural phenomenon of spirit possession reflect the activity of genuine and harmful spirits. Although subsequent research may refine a number of points, the activity of genuine spirits reflects the most common indigenous explanation and makes sense of a significant part of the data that is more difficult to explain on some other academic paradigms. Indigenous explanations do not always view all spirits as harmful, but they usually treat many spirits as harmful, and a case can be made that this is true of much other spirit activity as well. Crooks’ explanatory model brings coherence to many points of data less well served by some competing models, and thus merits continuing exploration.

Towards privacy preserving data provenance for the Internet of Things

Abstract: As the Internet of Things evolves, security and privacy aspects are becoming the main barriers in the development of innovative and valuable services that will transform our society. One of the biggest challenges in IoT lies in the design of secure and privacy-preserving solutions guaranteeing privacy properties such as anonymity, unlinkability, minimal disclosure of personally identifiable information, as well as assuring security properties, such as content integrity and authenticity. In this regard, this paper provides a data provenance solution that meets those properties, enabling a privacy-preserving identity auditing of the IoT sensor's exchanged data, whereas allowing de-anonymization of the real owner identity of the associated IoT shared data in case of law enforcement inspection is needed, (e.g. identity theft or related cyber-crimes). This research is built on the foundations of the ARIES European identity ecosystem for highly secure and privacy-respecting physical and virtual identity management processes.

Cybercrime and You: How Criminals Attack and the Human Factors That They Seek to Exploit

Abstract: Cybercrime is a significant challenge to society, but it can be particularly harmful to the individuals who become victims. This chapter engages in a comprehensive and topical analysis of the cybercrimes that target individuals. It also examines the motivation of criminals that perpetrate such attacks and the key human factors and psychological aspects that help to make cybercriminals successful. Key areas assessed include social engineering (e.g., phishing, romance scams, catfishing), online harassment (e.g., cyberbullying, trolling, revenge porn, hate crimes), identity-related crimes (e.g., identity theft, doxing), hacking (e.g., malware, cryptojacking, account hacking), and denial-of-service crimes. As a part of its contribution, the chapter introduces a summary taxonomy of cybercrimes against individuals and a case for why they will continue to occur if concerted interdisciplinary efforts are not pursued.

Social Engineering Threat and Defense: A Literature Survey

Abstract: This article surveys the literature on social engineering. There are lots of security application and hardware in market; still there are several methods that can be used to breach the information security defenses of an organization or individual. Social engineering attacks are interested in gaining information that may be used to carry out actions such as identity theft, stealing password or gaining information for another type of attack. The threat lies with the combinations of social engineering with another type of attacks like Phishing and Watering hole attack which make it hard to defense against. This research aims to investigate the impact of modern Social Engineering on the organization or individual. It describes the categories of Social Engineering, and how the attacker takes advantage of human behavior. At the same time, I also discuss the direct and indirect attack of social engineering and the defense mechanism against this attack.

Victim Compensation Policy and White-Collar Crime: Public Preferences in a National Willingness-to-Pay Survey

Abstract: We use survey data from a nationally representative sample to explore public support for government-run victim compensation programs for financial fraud, consumer fraud, identity theft, and burglary. We use contingent valuation (willingness to pay) methodology to infer preferences for compensation programs, and also explore predictors of those preferences. Overall, findings suggest that the public strongly supports the implementation of victim compensation programs. However, our results also indicate that this support may be driven in part by perceptions of benefiting from this program directly in the future. Additionally, a small but notable minority of respondents exhibit preferences for programs without compensation. Our findings suggest that the general public is supportive of restitutive compensation programs, not only as paid for by offenders, but by the government. We suggest that policy makers may embrace some principles of restorative justice for white collar crimes, which may otherwise be more financially damaging than traditional crimes.

Mitigating Online Sexual Grooming Cybercrime on Social Media Using Machine Learning: A Desktop Survey

Abstract: Cyber threats such as identity deception, cyber bullying, identity theft and online sexual grooming have been witnessed on social media These threats are disturbing to the society at large Even more so to minors who are exposed to the Internet and might not even be aware of these threats This paper describes a brief overview of different developments on cybersecurity methodologies that have been implemented to ensure safety of minors on social media, particularly; online sexual grooming A desktop survey on Machine Learning technologies that have used to detect online sexual grooming is presented in this paper The aim is to consolidate most of the work done in the past by scholars in this area of research, in order to develop insights on various algorithms that have been proposed and the reported performance results

Cyber Security Awareness Among College Students

Abstract: This study reports the early results of a study aimed to investigate student awareness and attitudes toward cyber security and the resulting risks in the most advanced technology environment: the Silicon Valley in California, USA. The composition of students in Silicon Valley is very ethnically diverse. The objective was to see how much the students in such a tech-savvy environment are aware of cyber-attacks and how they protect themselves against them. The early statistical analysis suggested that college students, despite their belief that they are observed when using the Internet and that their data is not secure even on university systems, are not very aware of how to protect their data. Also, it appears that educational institutions do not have an active approach to improve awareness among college students to increase their knowledge on these issues and how to protect themselves from potential cyber-attacks, such as identity theft or ransomware.

MeDI: Measurement-based Device Identification Framework for Internet of Things

Abstract: IoT systems may provide information from different sensors that may reveal potentially confidential data, such as a person’s presence or not. The primary question to address is how we can identify the sensors and other devices in a reliable way before receiving data from them and using or sharing it. In other words, we need to verify the identity of sensors and devices. A malicious device could claim that it is the legitimate sensor and trigger security problems. For instance, it might send false data about the environment, harmfully affecting the outputs and behavior of the system. For this purpose, using only primary identity values such as IP address, MAC address, and even the public-key cryptography key pair is not enough since IPs can be dynamic, MACs can be spoofed, and cryptography key pairs can be stolen. Therefore, the server requires supplementary security considerations such as contextual features to verify the device identity. This paper presents a measurement-based method to detect and alert false data reports during the reception process by means of sensor behavior. As a proof of concept, we develop a classification-based methodology for device identification, which can be implemented in a real IoT scenario.

Comparative Analysis of Machine Learning Algorithms through Credit Card Fraud Detection

Abstract: With the increase of e-commerce and online transactions throughout the twenty-first century, credit card fraud is a serious and growing problem. Such malicious practices can affect millions of people across the world through identity theft and loss of money. Data science has emerged as a means of identifying fraudulent behavior. Contemporary methods rely on applying data mining techniques to skewed datasets with confidential attributes. This paper examines numerous classification models trained on a public dataset to analyze correlation of certain attributes with fraudulence. This paper also proposes better metrics for determining false negatives and measures the effectiveness of random sampling to diminish the imbalance of the dataset. Finally, this paper explains the best algorithms to utilize in datasets with high class imbalances. It was determined that the Support Vector Machine algorithm had the highest performance rate for detecting credit card fraud under realistic conditions.

To reveal or not to reveal: balancing user-centric social benefit and privacy in online social networks

Abstract: Online Social Network (OSN) profiles help users to create first impressions on other users and therefore lead to various social benefits. However, users can become the victims of privacy harms such as identity theft, stalking or discrimination due to the personal data revealed in these profiles. So they have to carefully select the privacy settings for their profile attributes, keeping in mind this trade-off between privacy and social benefit. Since a profile consists of several attributes and users usually do not fully understand how the revelation of different attribute combinations can lead to privacy harms, this task is not easy. Without any support, privacy concerned users may take decisions that lead to sub-optimal social benefits or expose them to privacy risks or both. Therefore, in this paper, we develop a user-friendly model, based on Integer Programming (IP), to aid in this decision process. More precisely, our model provides an OSN user with easy-to-implement suggestions about the privacy settings of his profile attributes such that he can achieve the maximum social benefit while protecting himself from all or at least some major privacy risks. We propose methods to evaluate the privacy risks based on harm trees and the social benefits based on existing studies on the benefits of data sharing in OSNs. They form the founding pillars of our model.

Concern But No Action: Consumers' Reactions to the Equifax Data Breach

Abstract: Following the 2017 Equifax data breach, we conducted four preliminary interviews to investigate how consumers view credit bureaus and the information flows around these agencies, what they perceive as risks of the Equifax breach, and how they reacted in practice. We found that although participants could properly articulate the purpose of credit bureaus, their understanding of credit bureaus' data collection practices was divided and incomplete. Although most of them conceptualized identity theft as the primary risk of data breaches disclosing credit information, and noted a lack of trust/self-efficacy in controlling their data collected by credit bureaus, they did not take sufficient protective actions to deal with the perceived risks. Our findings provide implications for the design of future security-enhancing tools regarding credit data, education and public policy, with the aim to empower consumers to better manage their sensitive data and protect themselves from future data breaches.

Cyberthreats under the Bed

Abstract: Internet-connected toys provide an often-overlooked avenue for breaching personal data, especially of those most vulnerable. Government and private measures can minimize the risks, but responsibility for monitoring smart toy usage ultimately lies with parents.

PIAnalyzer: A Precise Approach for PendingIntent Vulnerability Analysis

Abstract: PendingIntents are a powerful and universal feature of Android for inter-component communication. A PendingIntent holds a base intent to be executed by another application with the creator’s permissions and identity without the creator necessarily residing in memory. While PendingIntents are useful for many scenarios, e.g., for setting an alarm or getting notified at some point in the future, insecure usage of PendingIntents causes severe security threats in the form of denial-of-service, identity theft, and privilege escalation attacks. An attacker may gain up to SYSTEM privileges to perform the most sensitive operations, e.g., deleting user’s data on the device. However, so far no tool can detect these PendingIntent vulnerabilities.

Balancing Privacy and Information Disclosure in Interactive Record Linkage with Visual Masking

Abstract: Effective use of data involving personal or sensitive information often requires different people to have access to personal information, which significantly reduces the personal privacy of those whose data is stored and increases risk of identity theft, data leaks, or social engineering attacks. Our research studies the tradeoffs between privacy and utility of personal information for human decision making. Using a record-linkage scenario, this paper presents a controlled study of how varying degrees of information availability influences the ability to effectively use personal information. We compared the quality of human decision-making using a visual interface that controls the amount of personal information available using visual markup to highlight data discrepancies. With this interface, study participants who viewed only 30% of data content had decision quality similar to those who had full 100% access. The results demonstrate that it is possible to greatly limit the amount of personal information available to human decision makers without negatively affecting utility or human effectiveness. However, the findings also show there is a limit to how much data can be hidden before negatively influencing the quality of judgment in decisions involving person-level data. Despite the reduced accuracy with extreme data hiding, the study demonstrates that with proper interface designs, many correct decisions can be made with even legally de-identified data that is fully masked (74.5% accuracy with fully-masked data compared to 84.1% with full access). Thus, when legal requirements only allow for de-identified data access, use of well-designed interface can significantly improve data utility.

Does fear of victimization deter online shopping

Abstract: This paper aims to address the relationship between fear of identity theft/fraud and online shopping, while identifying the most important factors affecting online shopping.,This study uses a mixed method approach in which the quantitative analysis identifies patterns in the data, whereas the qualitative analysis offers in-depth interpretation.,More fear actually predicts more online shopping but shoppers’ trust in the website’s willingness to redress financial harm and risk-benefit analysis are the real factors in online shopping.,The sample consists of Amazon users mostly so the findings may not apply to those who never shop on Amazon or never shop online at all.,To encourage online shopping, online shopping websites should focus on maximizing the benefit and minimizing the risk, but without addressing the risk by reassuring shoppers of their financial security, emphasizing the benefit alone is ineffective.,This is the first study addressing online shopping in terms of fear of victimization. It is also the first study that addresses risk and benefit in relative terms as in risk-benefit analysis measured by both quantitative and qualitative methods.

Strategies to Prevent and Reduce Medical Identity Theft Resulting in Medical Fraud

Abstract: Strategies to Prevent and Reduce Medical Identity Theft Resulting in Medical Fraud by Junior Vibert Clement MSA, Central Michigan University, 1992 BS, University of Maryland University College, 1990 Doctoral Study Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Business Administration

FakeBuster: A Robust Fake Account Detection by Activity Analysis

Abstract: Online social network is playing an important role in modern society. It not only significantly changed the way people communicate, but also provided a new way of potential attack, such as identity theft, false information, etc. Recently, fake accounts in online social networks (OSNs) have made several problems throughout online social network. With the massive creation of fake account, OSNs providers are suffered by overflooded advertisement, false information spread, etc. Traditional method such as cannot distinguish between real and fake account efficiently. Some previous work has studied the structure and composition of fake account that distribute spam messages, however the fast improvement of fake account creation made these previous works outdated or getting ineffective. We then target on new model of fake account that may not only automatically post or comment, but also spam with advertisement or spread false information. In this research, we proposed an innovative method to detect fake account in OSNs. This method based on user activity pattern through Facebook activities, and we leverage machine learning to predict if an account is controlled by fake user. We also provide an analysis of those account activity from the prediction result. This research may bring up to a whole new level in fake accounts detection

A Literature Survey on Authentication Using Behavioural Biometric Techniques

Abstract: With technological advancements and the increasing use of computers and internet in our day to day lives, the issue of security has become paramount. The rate of cybercrime has increased tremendously in the internet era. Out of the numerous crimes, identity theft is perhaps the one that poses the most dangers to an individual. More and more voices strongly declare that the password is no longer a reliable IT security measure and must be replaced by more efficient systems for protecting the computer contents. Behavioural biometrics is an emerging technology that resolves some of the major flaws of the previous scheme. This paper is the first stage of a project which aims to develop a novel authentication system using behavioural biometrics. It presents a comprehensive survey of various techniques and recent works in the respective fields.

Analyzing of e-commerce user behavior to detect identity theft

Abstract: One of the most common crime in cyber world is identity theft. In order to detect the identity theft there is need to analyze users’ behavior on different web platforms. In this study was investigated e-commerce users’ behavior in order to detect the identity theft. Survey data was used with different factors which are in relation to identity theft occurrences. Results were shown that the online and physical security and monitoring of account has negative impact on the frequency of this crime. Offline and online risk and victimization has positive influence on the crime frequency. Finally, information system of e-commerce for identity theft detection was presented and analyzed.

Organisational Behaviour and Culture : Insights from and for public safety management

Abstract: textLarge-scale migration, forced displacement, organised crime, terrorism and natural disasters, but also the proliferation of child pornography, hacking, identity theft and other types of cybercrime provide very concrete challenges to public safety and can trigger profound feelings of insecurity in the population. Threats to public safety are typically multi-level problems, with roots and impact at the individual, community, organisational, national and multi-lateral level. Properly addressing such grand societal challenges is crucial for immediate damage control, but also to sustain trust in the effectiveness of private and public governance. For sustainable solutions to public safety challenges, approaches are needed that involve not only established national and international crime and crisis response organisations, but also central and local government organisations, local members of affected communities and private institutions. Cultural norms about safety and security differ across communities and stakeholders. No single approach to public safety can prove successful for everyone all the time. This highlights the relevance of multi-contextual approaches to safety and security and the role of cultural norms. Collaborations within and across security organisations and diverse stakeholders such as in private-public partnerships can be hampered by frictions about priorities or ways of working. The consideration of social and cultural aspects is fundamental to overcoming such obstacles. Understanding diversity, embracing complexity and building new alliances are key for the development of inclusive security solutions with multiple stakeholder groups and within diverse cultural contexts.

Gathering and analyzing identity leaks for a proactive warning of affected users

Abstract: Identity theft is a common consequence of successful cyber-attacks Criminals steal identity data in order to either (mis)use the data themselves or sell entire identity collections of such data to other parties Warning the victims of identity theft is crucial to avoid or limit the damage caused by identity misuse However, in order to provide proactive warnings to victims in a timely fashion, the leaked identity data has to be available Within this paper we present a methodology to gather and analyze leaked identity data to enable proactive warnings of victims