February 10, 2016 By admin Leave a Comment

The FBI on Cyber Crime

We are building our lives around our wired and wireless networks. The question is, are we ready to work together to defend them?

The FBI certainly is. We lead the national effort to investigate high-tech crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud. To stay in front of current and emerging trends, we gather and share information and intelligence with public and private sector partners worldwide.

Key Priorities
– Computer and Network Intrusions
– Identity Theft
– Fraud: Internet Crime Complaint Center

Initiatives & Partnerships
– National Cyber Investigative Joint Task Force
– Cyber Task Forces
– iGuardian
– InfraGard: Protecting Infrastructure
– National Cyber-Forensics & Training Alliance
– Cyber Action Team

Cases & Takedowns
– Operation Ghost Click
– Coreflood Botnet
– 2,100 ATMs Hit at Once
– Operation Phish Fry
– Dark Market
– More

Wanted by the FBI
– Cyber’s Most Wanted

Cyber Threats & Scams
– Internet Crime Reports
– National Cyber Awareness System
– Threat Overview: Testimony
– E-Scams & Warnings
– Common Internet Frauds
– Peer-to-Peer Networks
– Ransomware

Protections
– Report a Cyber Incident
– Law Enforcement Cyber Incident Reporting (PDF)
– Get Educated on Internet Fraud
– How to Protect Your Computer
– Parent’s Guide to Internet Safety

More Resources
– DOJ Computer Crime & Intellectual Property Section
– National Strategy to Secure Cyberspace
– Secret Service Electronic Crimes Task Forces
– Stop.Think.Connect. Campaign

Source: U.S. Department of Transportation, “Cyber Crime” https://www.fbi.gov/ website. Accessed February 10, 2016. https://www.fbi.gov/about-us/investigate/cyber

© Copyright 2016. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

February 10, 2016 By admin Leave a Comment

Combating Cyber Crime

Today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud, and abuse. As Americans become more reliant on modern technology, we also become more vulnerable to cyberattacks such as corporate security breaches, spear phishing, and social media fraud. Complementary cybersecurity and law enforcement capabilities are critical to safeguarding and securing cyberspace. Law enforcement performs an essential role in achieving our nation’s cybersecurity objectives by investigating a wide range of cyber crimes, from theft and fraud to child exploitation, and apprehending and prosecuting those responsible. The Department of Homeland Security (DHS) works with other federal agencies to conduct high-impact criminal investigations to disrupt and defeat cyber criminals, prioritize the recruitment and training of technical experts, develop standardized methods, and broadly share cyber response best practices and tools. Criminal investigators and network security experts with deep understanding of the technologies malicious actors are using and the specific vulnerabilities they are targeting work to effectively respond to and investigate cyber incidents.

DHS components such as the U.S. Secret Service and U.S. Immigration and Customs Enforcement (ICE) have special divisions dedicated to combating cyber crime.

U.S. Secret Service

The U.S. Secret Service maintains Electronic Crimes Task Forces, which focus on identifying and locating international cyber criminals connected to cyber intrusions, bank fraud, data breaches, and other computer-related crimes. The Secret Service’s Cyber Intelligence Section has directly contributed to the arrest of transnational cyber criminals responsible for the theft of hundreds of millions of credit card numbers and the loss of approximately $600 million to financial and retail institutions. The Secret Service also runs the National Computer Forensic Institute, which provides law enforcement officers, prosecutors, and judges with cyber training and information to combat cyber crime.

U.S. Immigration and Customs Enforcement (ICE)

The U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) Cyber Crimes Center (C3) delivers computer-based technical services to support domestic and international investigations into cross-border crime. C3 is made up of the Cyber Crimes Unit, the Child Exploitation Investigations Unit, and the Computer Forensics Unit. This state-of-the-art center offers cyber crime support and training to federal, state, local, and international law enforcement agencies. C3 also operates a fully equipped computer forensics laboratory, which specializes in digital evidence recovery, and offers training in computer investigative and forensic skills.

Law Enforcement Cyber Incident Reporting

The Law Enforcement Cyber Incident Reporting resource provides information for state, local, tribal, and territorial (SLTT) law enforcement on when, what and how to report a cyber incident to a federal entity. The document also provides information on federally sponsored training opportunities and other useful resources available to SLTT law enforcement.

Source: U.S. Department of Transportation, “Combating Cyber Crime” http://www.dhs.gov/ website. Accessed February 10, 2016. http://www.dhs.gov/cybersecurity-insurance

February 10, 2016 By admin Leave a Comment

Cyber Risk Management & Cybersecurity Insurance

Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack. In recent years, the Department of Homeland Security National Protection and Programs Directorate (NPPD) has engaged key stakeholders to address this emerging cyber risk area.

Cyber Risk Management and Cybersecurity Insurance

Traditional commercial general liability and property insurance policies typically exclude cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand alone” line of coverage. That coverage provides protection against a wide range of cyber incident losses that businesses may suffer directly or cause to others, including costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Few cybersecurity insurance policies, however, provide businesses with coverage for an area of growing private and public concern: the physical damage and bodily harm that could result from a successful cyber attack against critical infrastructure.

Since 2012, NPPD has engaged academia, infrastructure owners and operators, insurers, chief information security officers (CISOs), risk managers, and others to find ways to expand the cybersecurity insurance market’s ability to address this emerging cyber risk area. More broadly, NPPD has sought input from these same stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates. NPPD is currently facilitating dialogue with CISOs, Chief Security Officers (CSOs), and insurers about how a cyber incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.

DHS Cybersecurity Insurance Working Sessions

From 2012 through 2014, DHS hosted four separate working sessions where cybersecurity professionals examined the existing cybersecurity insurance marketplace, described obstacles to expanding and improving it, and identified three key ideas for overcoming the most pervasive of those obstacles:

Cyber incident information sharing. An anonymized cyber incident data repository could foster the voluntary sharing of data about breaches, business interruption events, and industrial control system attacks needed for enhanced risk mitigation and risk transfer (insurance) approaches.
Cyber incident consequence analytics. The development of new cyber risk scenarios, models, and simulations – based on repository data – could help promote understanding about how a cyber attack might cascade across infrastructure sectors and where opportunities for risk mitigations might exist.
Enterprise Risk Management (ERM). An accepted approach for fusing cyber risk into traditional ERM programs could help organizations of all sizes better prioritize and manage their top business risks.

Additional information about the working sessions, including Readout Reports summarizing session discussions and findings, can be found on the Insurance Industry Readout Reports webpage.

Benefits of a Cyber Incident Data Repository

Cybersecurity Graphic

Following the working sessions and based on the recommendations of the participants, NPPD continues to explore the benefits and feasibility of a cyber incident data repository that creates a trusted environment for enterprise risk owners to anonymously share sensitive cyber incident data. Conceptually, that data, once aggregated and analyzed, will result in increased awareness about current cyber risk conditions and longer-term cyber risk trends. New analytics products, rooted in rich repository data, in turn will help inform more effective cyber risk management investments by both private and public sector organizations as well as better cybersecurity insurance products. As the culmination of this conceptual effort, NPPD will aim to find answers to three key questions:

Do existing repositories meet the cyber incident data needs of cybersecurity stakeholder groups?
Are owners and operators of existing repositories open to leveraging external cyber incident data and analysis knowledge and incorporating it into their existing structures?
If not, should a new cyber incident data repository be developed?

Cyber Incident Data and Analysis Working Group

As a follow-on to the working sessions, NPPD established a Cyber Incident Data and Analysis Working Group (CIDAWG), comprised of CISOs and CSOs from various critical infrastructure sectors, insurers, and other cybersecurity professionals, to deliberate and develop key findings and conclusions about:

The value proposition of a cyber incident data repository;
The cyber incident data points that should be shared into a repository to support needed analysis;
Methods to incentivize such sharing on a voluntary basis; and
A potential repository’s structure and functions.

The Value Proposition. Details how a cyber incident data repository could help advance the cause of cyber risk management and, with the right repository data, the kinds of analysis that would be useful to CISOs, CSOs, insurers, and other cybersecurity professionals.
Cyber Incident Data Points and Repository-Supported Analysis. Addresses the kinds of prioritized data points that should be shared among repository users to promote new kinds of needed cyber risk analysis.
Overcoming Perceived Information Sharing Obstacles. Identifies potential roadblocks to voluntary sharing into a repository and potential approaches for addressing those roadblocks.
Repository Structure and Operations Requirements. Will detail the requirements that a future repository must address in order to successfully meet the multiple needs of likely users.

At the completion of the CIDAWG’s work, NPPD will seek opportunities to solicit input on and promote understanding of CIDAWG ideas and recommendations to support the cyber risk management needs of both the private and public sectors.

Source: U.S. Department of Transportation, “Cybersecurity Insurance” http://www.dhs.gov/ website. Accessed February 10, 2016. http://www.dhs.gov/topic/combating-cyber-crime

February 10, 2016 By admin Leave a Comment

IN: Cyber Risk Management & Cybersecurity Insurance

Dear Valued Customer,

Today’s world is more interconnected than ever before. Yet, for all its advantages, increased connectivity brings increased risk of theft, fraud, and abuse. In this issue of the “———————-“ we’re including information and tips that can ensure you are protected in many ways.

We appreciate your continued business and look forward to serving you.

Kind regards,

February 10, 2016 By Insurance News Editor Leave a Comment

The FBI on Cyber Crime

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. The threat is incredibly serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators. Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks.

Key Priorities

Computer and Network Intrusions

The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.

Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights…to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black markets…to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.

Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are the paramount priorities of our cyber program because of their potential relationship to national security.

Combating the threat. In recent years, we’ve built a whole new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. That includes:

A Cyber Division at FBI Headquarters “to address cyber crime in a coordinated and cohesive manner”;
Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with “agents and analysts who protect against investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud”;
New Cyber Action Teams that “travel around the world on a moment’s notice to assist in computer intrusion cases” and that “gather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;”
Our 93 Computer Crimes Task Forces nationwide that “combine state-of-the-art technology and the resources of our federal, state, and local counterparts”;
A growing partnership with other federal agencies, including the Department of Defense, the Department of Homeland Security, and others—which share similar concerns and resolve in combating cyber crime.

Ransomware

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items— including family photos, videos, and other data—can be devastating for individuals as well.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. And in newer instances of ransomware, some cyber criminals aren’t using e-mails at all—they can bypass the need for an individual to click on a link by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI doesn’t support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization that it will get its data back—there have been cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.

So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
The creation of a solid business continuity plan in the event of a ransomware attack.

Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):

Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
Disable macro scripts from office files transmitted over e-mail.
Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
Back up data regularly and verify the integrity of those backups regularly.
Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

Related Priorities

Going Dark

Law enforcement at all levels has the legal authority to intercept and access communications and information pursuant to court orders, but often lacks the technical ability to carry out those orders because of a fundamental shift in communications services and technologies. This scenario is often called “Going Dark” and can hinder access to valuable information that may help identity and save victims, reveal evidence to convict perpetrators, or exonerate the innocent.

Read more about the FBI’s response to the Going Dark problem.

Identity Theft

Identity theft—increasingly being facilitated by the Internet—occurs when someone unlawfully obtains another’s personal information and uses it to commit theft or fraud. The FBI uses both its cyber and criminal resources—along with its intelligence capabilities—to identify and stop crime groups in their early stages and to root out the many types of perpetrators, which span the Bureau’s investigative priorities.

More on the FBI’s efforts to combat identity theft.

Online Predators

The FBI’s online predators and child sexual exploitation investigations are managed under our Violent Crimes Against Children Program, Criminal Investigative Division. These investigations involve all areas of the Internet and online services, including social networking venues, websites that post child pornography, Internet news groups, Internet Relay Chat channels, online groups and organizations, peer-to-peer file-sharing programs, bulletin board systems, and other online forums.

Initiatives and Partnerships

The Internet Crime Complaint Center

The mission of the Internet Crime Complaint Center (IC3) is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated fraud schemes and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.

Visit the IC3’s website for more information, including IC3 annual reports.

Cyber Action Team

It can be a company’s worst nightmare—the discovery that hackers have infiltrated their computer networks and made off with trade secrets, customers’ personal information, and other critical data. Today’s hackers have become so sophisticated that they can overcome even the best network security measures. When such intrusions happen—and unfortunately, they occur frequently—the FBI can respond with a range of investigative assets, including the little-known Cyber Action Team (CAT). This rapid deployment group of cyber experts can be on the scene just about anywhere in the world within 48 hours, providing investigative support and helping to answer critical questions that can quickly move a case forward.

Established by the FBI’s Cyber Division in 2006 to provide rapid incident response on major computer intrusions and cyber-related emergencies, the team has approximately 50 members located in field offices around the country. They are either special agents or computer scientists, and all possess advanced training in computer languages, forensic investigations, and malware analysis. And since the team’s inception, the Bureau has investigated hundreds of cyber crimes, and a number of those cases were deemed of such significance that the rapid response and specialized skills of the Cyber Action Team were required. Some of those cases affected U.S. interests abroad, and the team deployed overseas, working through our legal attaché offices and with our international partners.

Members of the team make an initial assessment, and then call in additional experts as needed. Using cutting-edge tools, the team look’s for a hacker’s signature. In the cyber world, such signatures are called TTPs—tools, techniques, and procedures. The TTPs usually point to a specific group or person. The hackers may represent a criminal enterprise looking for financial gain or state-sponsored entities seeking a strategic advantage over the U.S.

National Cyber Forensics & Training Alliance

Long before cyber crime was acknowledged to be a significant criminal and national security threat, the FBI supported the establishment of a forward-looking organization to proactively address the issue. Called the National Cyber-Forensics & Training Alliance (NCFTA), this organization—created in 1997 and based in Pittsburgh—has become an international model for bringing together law enforcement, private industry, and academia to build and share resources, strategic information, and threat intelligence to identify and stop emerging cyber threats and mitigate existing ones.

Since its establishment, the NCFTA has evolved to keep up with the ever-changing cyber crime landscape. Today, the organization deals with threats from transnational criminal groups including spam, botnets, stock manipulation schemes, intellectual property theft, pharmaceutical fraud, telecommunications scams, and other financial fraud schemes that result in billions of dollars in losses to companies and consumers.

The FBI Cyber Division’s Cyber Initiative and Resource Fusion Unit (CIRFU) works with the NCFTA, which draws its intelligence from the hundreds of private sector NCFTA members, NCFTA intelligence analysts, Carnegie Mellon University’s Computer Emergency Response Team (CERT), and the FBI’s Internet Crime Complaint Center. This extensive knowledge base has helped CIRFU play a key strategic role in some of the FBI’s most significant cyber cases in the past several years.

Violent Crimes Against Children/Online Predators

Even with its post-9/11 national security responsibilities, the FBI continues to play a key role in combating violent crime in big cities and local communities across the United States…

Because of the global reach of cyber crime, no single organization, agency, or country can defend against it. Vital partnerships like the NCFTA are key to protecting cyberspace and ensuring a safer cyber future for our citizens and countries around the world.

For more information visit the National Cyber-Forensics & Training Alliance website.

iGuardian

With cyber threats continuing to emerge at the forefront of the FBI’s criminal and national security challenges, engaging public-private partners in information exchange alongside law enforcement and intelligence communities…

National Cyber Investigative Joint Task Force

As a unique multi-agency cyber center, the National Cyber Investigative Joint Task Force (NCIJTF) has the primary responsibility…

Cyber Task Forces: Building Alliances to Improve the Nation’s Cybersecurity

Each Cyber Task Force synchronizes domestic cyber threat investigations in the local community through information sharing, incident response…

eGuardian

In 2007, eGuardian was developed to help meet the challenges of collecting and sharing terrorism-related activities amongst law enforcement agencies across various jurisdictions. The eGuardian system is a sensitive but…

Protections

How to Protect Your Computer

Below are some key steps to protecting your computer from intrusion:

Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Safe Online Surfing

The FBI Safe Online Surfing (FBI-SOS) program is a nationwide initiative designed to educate children in grades 3 to 8 about the dangers they face on the Internet and to help prevent crimes against children.

It promotes cyber citizenship among students by engaging them in a fun, age-appropriate, competitive online program where they learn how to safely and responsibly use the Internet.

The program emphasizes the importance of cyber safety topics such as password security, smart surfing habits, and the safeguarding of personal information.

For more information, visit the Safe Online Surfing website.

External Links & Resources

Source: U.S. Department of Justice, “Cyber Crime” https://www.fbi.gov/ website. Accessed January 25, 2016. https://www.fbi.gov/about-us/investigate/cyber

© Copyright 2017. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

February 5, 2016 By Insurance News Editor Leave a Comment

Recovering from Identity Theft

Is someone using your personal information to open accounts, file taxes, or make purchases?

Visit IdentityTheft.gov, the federal government’s one-stop resource to help you report and recover from identity theft.

Data Breach? Lost Info?

Did you get a notice that says a company lost your personal information in a data breach? Did you lose your wallet? Or learn that an online account was hacked? Here are steps you can take to help protect yourself from identity theft.

Protecting Your Identity

What can you do to keep your personal info secure? Are identity protection services worth the cost? What about credit freezes? Check out the FTC’s identity theft articles to find out.

Free Resources for Your Community

You can help people learn about identity theft — whether you’re chatting with friends and family, sharing info on a social networking site, or taking resources to a religious group or PTA meeting. It’s easy to use and share these free resources from the FTC.

Free Identity Theft Resources
Free booklets — in English and Spanish — can help people in your community protect their identity and recover if an identity thief strikes.
IdentityTheft.gov Presentation
Use this PowerPoint to show how IdentityTheft.gov makes it easier to report and recover from identity theft.
IdentityTheft.gov Video

For Law Enforcement

Local police can help identity theft victims by:

helping them file a police report
sharing free identity theft resources from the FTC

Credit bureaus and other businesses often require that identity theft victims provide a police report to remove fraudulent debts. Please share our memo to law enforcement with fellow officers so they understand how they can help.

For Attorneys and Advocates

The FTC’s Guide for Assisting Identity Theft Victims is designed to assist attorneys who counsel identity theft victims. The guide highlights the rights and remedies available to identity theft victims under federal law, and provides other useful resources, like sample letters.

For Businesses

Many companies keep sensitive information about customers or employees in their files or on their network. The FTC has free data security resources — including free publications, videos, and tutorials — to help businesses of any size protect their customers and meet their legal obligations.

Source: The Federal Trade Commission, “Recovery From Identify Theft” http://www.iii.org/ website. Accessed January 25, 2017. http://www.consumer.ftc.gov/features/feature-0014-identity-theft

February 5, 2016 By Insurance News Editor Leave a Comment

Identity Theft and Cybercrime

THE SCOPE OF IDENTITY THEFT

The 2016 Identity Fraud Study, released by Javelin Strategy & Research, found that $15 billion was stolen from 13.1 million U.S. consumers in 2015, compared with $16 billion and 12.7 million victims a year earlier. In the past six years identity thieves have stolen $112 billion.

Following the introduction of microchip equipped credit cards in 2015 in the United States, which make the cards difficult to counterfeit, criminals focused on new account fraud. This type of fraud more than doubled and now accounts for 20 percent of all fraud losses. New account fraud occurs when a thief opens a credit card or other financial account using a victim’s name and other stolen personal information.

IDENTITY THEFT AND FRAUD COMPLAINTS

The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. Of the 3.1 million complaints received in 2015, 16 percent were related to identity theft. Identity theft complaints increased by more than 47 percent from 2014, they were the second most reported after illegal debt collection. The FTC identifies 30 types of complaints. In 2015 debt collection complaints displaced identity theft in the top spot among complaint categories for the first time in 16 years, due in large part to a surge in complaints related to unwanted debt collection mobile phone calls.

Identity Theft And Fraud Complaints, 2012-2015 (1)

169_2017.gif

(1) Percentages are based on the total number of Consumer Sentinel Network complaints by calendar year. These figures exclude “Do Not Call” registry complaints.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Graphs

How Victims’ Information Is Misused, 2015 (1)

Type of identity theft fraud	Percent
Government documents or benefits fraud	49.2%
Credit card fraud	15.8
Phone or utilities fraud	9.9
Bank fraud (2)	5.9
Attempted identity theft	3.7
Loan fraud	3.5
Employment-related fraud	3.3
Other identity theft	19.2

(1) Percentages are based on the total number of complaints in the Federal Trade Commission’s Consumer Sentinel Network (490,220 in 2015). Percentages total to more than 100 because some victims reported experiencing more than one type of identity theft.
(2) Includes fraud involving checking, savings, and other deposit accounts and electronic fund transfers.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Tables

Identity Theft By State, 2015

State	Complaints per 100,000 population (1)	Number of complaints	Rank (2)	State	Complaints per 100,000 population (1)	Number of complaints	Rank (2)
Alabama	102.3	4,973	30	Montana	87.2	901	43
Alaska	94.3	696	40	Nebraska	100.5	1,905	34
Arizona	133.8	9,136	14	Nevada	125	3,613	19
Arkansas	97.7	2,911	37	New Hampshire	142	1,890	9
California	141.3	55,305	10	New Jersey	125.8	11,266	17
Colorado	123.2	6,724	21	New Mexico	101.1	2,109	33
Connecticut	225	8,078	2	New York	122	24,157	23
Delaware	124.9	1,181	20	North Carolina	106	10,646	29
Florida	217.4	44,063	3	North Dakota	76	575	48
Georgia	149.1	15,230	7	Ohio	134.4	15,611	12
Hawaii	62.6	896	50	Oklahoma	120	4,695	24
Idaho	101.3	1,676	32	Oregon	126.1	5,081	15
Illinois	158.7	20,414	5	Pennsylvania	116.2	14,877	25
Indiana	93.9	6,217	41	Rhode Island	141.2	1,491	11
Iowa	89.7	2,803	42	South Carolina	102.3	5,010	30
Kansas	112.7	3,282	27	South Dakota	63.1	542	49
Kentucky	80.9	3,581	46	Tennessee	107.9	7,121	28
Louisiana	94.4	4,410	39	Texas	144.3	39,630	8
Maine	113.9	1,514	26	Utah	85.7	2,567	44
Maryland	183.2	11,006	4	Vermont	83.9	525	45
Massachusetts	125.5	8,530	18	Virginia	123.2	10,329	21
Michigan	158.1	15,684	6	Washington	126.1	9,043	15
Minnesota	97.8	5,368	36	West Virginia	79.9	1,474	47
Mississippi	98.8	2,955	35	Wisconsin	134.4	7,756	12
Missouri	364.3	22,164	1	Wyoming	96.6	566	38

(1) Population figures are based on the 2015 U.S. Census population estimates.
(2) Ranked by complaints per 100,000 population. The District of Columbia had 228.0 complaints per 100,000 population and 1,533 victims. States with the same ratio of complaints per 100,000 population receive the same rank.

Source: Federal Trade Commission, Consumer Sentinel Network.

View Archived Tables

See also the Identity Theft section of our Web site Click Here

CYBERCRIME

As businesses increasingly depend on electronic data and computer networks to conduct their daily operations, growing pools of personal and financial information are being transferred and stored online. This can leave individuals exposed to privacy violations, and financial institutions and other businesses exposed to potentially enormous liability if and when a breach in data security occurs.

Interest in cyber insurance and risk continues to grow as a result of high-profile data breaches and awareness of the almost endless range of exposure businesses face. A 2016 data leak, called the Panama Papers in the media, exposed millions of documents from the electronic files of Panamanian law firm Mossack Fonseka. In 2015, two health insurers, Anthem and Premera Blue Cross, were breached, exposing the data of 79 million and 11 million customers, respectively. The U.S. government has also been the target of hackers. Recent breaches at the Federal Deposit Insurance Corp. and the Internal Revenue Service follow multiple breaches in May 2015 of the Office of Personnel Management and the Department of the Interior where the records of 22 million current and former U.S. government employees were compromised.

Cyberattacks and breaches have grown in frequency, and losses are on the rise. In 2014 the number of U.S. data breaches hit a record 783, with 85.6 million records exposed, not counting Yahoo’s 2014 breach, announced in September 2016, which affected over 500 million users and was suspected of being a state-sponsored attack. The number of breaches in 2015 was about the same at 781, but the number of records exposed doubled to about 169 million. The majority of the data breaches in 2015 affected medical/healthcare organizations (66.7 percent of total breaches) and government/military (20.2 percent), according to the Identity Theft Resource Center. These figures do not include the many attacks that go unreported. In addition, many attacks go undetected. Despite conflicting analyses, the costs associated with these losses are increasing. McAfee and the Center for Strategic and International Studies (CSIS) estimated the likely annual cost to the global economy from cybercrime is $445 billion a year, with a range of between $375 billion and $575 billion.

The costs of cybercrime are growing. An annual study of U.S. companies by the Ponemon Institute cites estimated average costs at $15 million in 2015, up 21 percent from $12.7 million in 2014. These costs ranged among the 58 organizations surveyed from a low of $1.9 million to a high of $65 each year per company. Cyber insurance evolved as a product in the United States in the mid- to late-1990s as insurers have had to expand coverage for a risk that is rapidly shifting in scope and nature. More than 60 carriers offer stand-alone policies in a market encompassing $2.75 billion in gross written premiums in 2015. By mid-2016 gross premiums written was estimated at $3.25 billion.

Number Of Data Breaches And Records Exposed, 2006-2016

167_2017.gif

(1) As of September 27, 2016.

Source: Identity Theft Resource Center.

View Archived Graphs

Cybercrime Complaints, 2011-2015 (1)

168_2017.gif

(1) Based on complaints submitted to the Internet Crime Complaint Center.

Source: Internet Crime Complaint Center.

View Archived Graphs

Top 10 States By Percent of Total U.S. Cybercrime Victims, 2015

Rank	State	Percent
1	California	14.53%
2	Florida	8.47
3	Texas	7.67
4	New York	6.30
5	Illinois	3.51
6	Pennsylvania	3.31
7	Virginia	3.14
8	New Jersey	3.01
9	Washington	2.72
10	Ohio	2.69

(1) Based on the total number of complaints submitted to the Internet Crime Complaint Center via its website from each state and the District of Columbia where the complainant provided state information.

Source: Internet Crime Complaint Center.

Source: Insurance Information Institute, “Identify Theft and Cybercrime” http://www.iii.org/ website. Accessed January 26, 2017. http://www.iii.org/fact-statistic/identity-theft-and-cybercrime

February 5, 2016 By Insurance News Editor Leave a Comment

IN: Protection Against Identity Theft & Cybercrime

Dear Valued Customer,

Did you get a notice that says a company lost your personal information in a data breach? What can you do to keep your personal info secure? Are identity protection services worth the cost? These questions and many more are answered in this issue of the “——————–.”

While we continue to build our lives around wired and wireless networks, one new new identity fraud victim happens every two seconds. As a consumer, someone using your personal information to open accounts, file taxes, or make purchases, can potentially ruin you. As a business, you can be exposed to potentially enormous liability, if and when a breach in data security occurs. Please connect with us to discuss cyber insurance before it is too late.

We appreciate your continued business and look forward to serving you.

Kind regards,

August 5, 2014 By admin Leave a Comment

IN: Is Your Customer Information Properly Safeguarded Online?

Dear Valued Customer,

This issue of the “—————–” is focused on Cyber Security. Hundreds of millions of million data records of U.S. residents have been exposed due to security breaches, and businesses rely on their use of technology and access to the Internet. This reliance increases the potential for data security and privacy breaches.

Read on to understand the growing threat posed by high profile mega data breaches like those recently experienced at eBay, Target, Neiman Marcus and even the U.S. government. What does this mean to your personal security? And why most companies have cyber-risk gaps in their insurance coverage.

We appreciate your continued business and look forward to serving you.

Kind regards,

August 5, 2014 By admin Leave a Comment

Cyber Risks: The Growing Threat

Amid a rising number of high profile mega data breaches—most recently at eBay, Target and Neiman Marcus—government is stepping up its scrutiny of cyber security. This is leading to increased calls for legislation and regulation, placing the burden on companies to demonstrate that the information provided by customers and clients is properly safeguarded online.

Despite the fact that cyber risks and cyber security are widely acknowledged to be a serious threat, many companies today still do not purchase cyber risk insurance. However, this is changing. Recent legal developments underscore the fact that reliance on traditional insurance policies is not enough, as companies face growing liabilities in this fast-evolving area.

Specialist cyber insurance policies have been developed by insurers to help businesses and individuals protect themselves from the cyber threat. Market intelligence suggests that the types of specialized cyber coverage being offered by insurers are expanding in response to this fast-growing market need.

There is also growing evidence that in the wake of the Target data breach and other high profile breaches, the number of policies is increasing, and that insurance has a key role to play as companies and individuals look to better manage and reduce their potential financial losses from cyber risks in future.

For an analysis of the state of cyber risk and the insurance industry, download the full White Paper below.

Please click on the file name below to view the white paper in PDF format. You will need Adobe Acrobat Reader to view the file.

Download paper_cyberrisk_2014.pdf

Source: Insurance Information Institute, “Cyber Risks: The Growing Threat” http://www.iii.org website. Accessed August 5, 2014. http://www.iii.org/white-paper/cyber-risks-the-growing-threat

© Copyright 2014. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.