Of all the things people can be afraid of, identity theft is often at the top of the list of public anxieties, Orange County Sheriff’s Department Investigator Adam Sandler told an audience of about 75 at the agency’s recent presentation on cyber crimes.
In fact, a 2015 Gallup poll found that about seven in 10 Americans said they “occasionally” or “frequently” worry about being an identity theft victim. According to the article on gallup.com, the same percentage of people are concerned about having their credit card information that they used in stores stolen by computer hackers.
OCSD’s Cyber Crimes Detail, which launched in July 2016, has made community outreach and education a priority to address such concerns. OCSD is the only agency in Orange County to have a dedicated cyber crimes detail.
The detail has held similar presentations for city managers, their own patrol deputies and other employees – as well as members of the public like the Laguna Woods elderly community and this more recent Feb. 23 presentation to the agency’s Citizens’ Academy alumni, said Cyber/Computer Crimes Sgt. Carol Almaguer.
The new detail is responsible for handling cyber crime cases for 13 cities, as well as all unincorporated areas of Orange County – approximately 750,000 residents.
The goal of the team presentations – one sergeant and two investigators run them – is to inform law enforcement and the general public about what criminal hackers are capable of, but also how people can protect themselves.
“We can help,” Almaguer told Behind the Badge, adding that the unit has many resources at its disposal to help solve cyber crimes on a local level.
“We just try to get the word out there,” Almaguer said.
During the two-hour presentation at the agency’s Regional Training Academy in Tustin, Sandler led an interactive discussion on everything from ransomware, vishing and phishing to the dark Web and Bitcoin’s use by cyber criminals.
Ransomware, he explained, gains access to an individual’s work or home computer via an attachment in an email.
When the person clicks on the email link – the attachment also may automatically open when the email is opened – the ransomware locks the computer and all its files. The victim then will see a notification on his or her computer to pay in Bitcoins to have the files unlocked. Time is of the essence, since the ransom amount may increase over time. This is where the OCSD’s Cyber Crimes Detail can help.
Though the FBI only will typically handle cyber crimes over $100,000, those that are high-profile or connected to terrorism, CCD investigators are connected to the bureau and other resources that can help in these cases.
“Most of us worked in fraud before we came here, so we have a lot of good contacts,” said Sandler.
Vishing involves phone solicitation to extract enough information to get into a person’s online account. Phishing, on the other hand, refers to gaining access to a person’s accounts by sending emails with links.
“And they’re hoping somebody clicks on that link,” Sandler said.
The dark Web is a small percentage of the Internet frequented by criminals. It only can be accessed through a specific browser, which is completely anonymous.
“This is just hidden content that you can’t get to,” Sandler said.
Whereas the “surface Web” – where Google and the rest of the world reside – has registered domain names and indexed pages, things don’t work like this in the dark Web.
“None of that happens down here,” Sandler said. “This is totally word of mouth.”
Sandler took the audience through a dark Web site on his computer, projected on the conference room screen. It was a sale page listing items under subheadings, including cannabis, erotica and fraud. He advised the more curious among the audience not to take it upon themselves to check out the dark Web.
“As soon as you enter the dark Web … everybody is basically pinging and looking for you,” he said, adding that this will open up visitors to a cyber attack.
Sandler offered several tips for audience members to protect themselves from cyber crimes. He said it’s important to set complex – at least 12-character –passwords using upper and lower cases, numbers and special characters. The login that is most important to protect is that of email because hackers can use an email login and password to get into all other accounts.
“Passwords (are) everything,” he said. “Pick something good.”
Computer data backup also is important in case of a cyber attack. But Sandler said to make sure to disconnect your backup device after each backup or you’ll risk having your backup device also being infected during an attack.
Also, keep your devices locked by code, fingerprint or some other secure locking mechanism – and that means turning off Siri for when the phone is locked. (He told the audience about a case where a cell phone thief used Siri to text the victim’s wife for their ATM pin code even when the phone was otherwise locked.)
Sandler said one of the best things people can do to help prevent identity theft is place a credit freeze with each of the three credit reporting agencies: Equifax, Experian and TransUnion. This will prevent credit checks unless an authorization code is put in to give temporary access – meaning you will have control over who runs your credit.
Make it a challenge for would-be hackers, Sandler advised.
“They’re not going to target you if it takes more than a couple minutes,” he said of the importance of setting a complex password.