Tip:
Highlight text to annotate it
X
Attorney General Martha Coakley: We haven’t – that is a convenience for
people, and people use it. What causes the problem though is when you get an email from
what purports from to be your bank. And Tom, and tell me if you can address this: what
is, if you can get an email that reports to be your bank or an insurance company looking
for either payment or confidential information. What is the first thing you should do?
Assistant Attorney General Tom Ralph: Ignore it. That’s the first thing you should
do. You should not respond to it. You shouldn’t actually try to click unto a link that would
pretend to take you back to the bank’s site. After that you might want to actually contact
the bank by looking up their number and reaching out to them and talking to a live person at
the bank. But as a general rule, banks will never send unsolicited emails to you asking
to take any type of action online.
Coakley: I remember a common scam that I’ve received
that says, “We think someone has tried to access your account, we’re trying to protect
you.” And they prey on people’s concern about it and said give us your information.
In that instance, the best recourse is to actually call somebody at the bank, use the
old fashioned telephone.
Director Dave Papargiris: They use words like “validate.” “We
are trying to validate your account is safe,” and stuff like that.
Coakley: But the general rule is that the bank –
a legitimate inquiry like that, would never come to you online, and so you should be careful
of that.
Ralph: And if you think about it, the bank already
has your information and they wouldn’t need to contact you to as you to give them the
information that you have already given them.
Coakley: If you do get such an email or if you have
answered it, again, it is appropriate to report it to the bank or law enforcement authorities?
John, what’s your sense on it?
Special Agent John MacKinnon: Actually both. If you also have the ability
to capture as much information by copying and pasting what’s on the screen, printing
out what is on the screen so if there is some technical language on there you can bring
it to law enforcement. The more information that law enforcement has at the beginning
of a tip, it’s more helpful to us to try to figure out what to do with it. At the same
time, financial institutions have their own investigative arms that know the inner workings
of their banks and companies better than we do and may be able to make something out of
it a lot quicker and then refer it to law enforcement.
Coakley: And they can also tell because they will have
the data from everybody, if you report it, that someone is trying a particular same or
targeting either a financial institution so it does make sense. I think that we should
encourage people to report both to us at the state and at the federal level as well as
the institution itself. And what – let’s talk a little bit about – because you’ve
worked at the local level, at the local police department, and Tom, you’ve had experience
as both an Assistant District Attorney and now as an Assistant A.G., and John, you’ve
been a federal agent but you’ve had the opportunity to work with state officials,
including – we worked a long time, a long time ago together when we were first looking
at computer issues and Internet safety in the Child Abuse Unit. What are some of the
challenges that face law enforcement around problems that arise here, in terms of jurisdiction
of other issues you’ve seen?
MacKinnon: At ICE, we are actually an international law
enforcement agency, so some of the cases we deal with are on U.S. soil, and with Internet
investigations, many times it takes us overseas. One of the biggest challenges we’ve had
for the 21 years that I have been doing this is that evidence is outside the country. So,
the quicker that we can get information and data in working with our foreign counterparts,
that work out of embassies to work with foreign law enforcement, that have to work with foreign
banks or foreign Internet service providers … I think you get the picture that it could
be a quite complex investigation to put together and solve. On the other hand, in New England
and in particular our state, there is an excellent network, if you will, of law enforcement and
corporate security that have become quite nimble to adapt and interact with citizens
on getting information. We need help adapting to the technology and how criminals exploit
it. But more importantly, with just about any criminal intake, getting as much information
from the public on suspicious activity, on their own computers or others, is always helpful.
Coakley: And I think we encourage people to report,
I know sometimes it’s frustrating to people because even though they report it there may
not be anything we can do in the short run, but certainly in the long run having information
to be able to spot patterns and trends makes it easier. What are some of the challenges
Tom on the state level in trying to pursue, for instance, the theft of a credit card number,
or identity theft that we see? If someone reports it to the AG’s office, what are
some of the concerns that we have in trying to pursue that?
Ralph: We actually have a lot of concerns at the
state level that John was talking about at the federal level. The challenges are actually
identifying someone in Massachusetts who is behind the theft or whatever the illegal activity
is, and then after you have found the person, figuring out some way to actually get jurisdiction
over them. If they are for instance directing their conduct from Eastern Europe or from
Africa, as a practical matter, it is very difficult for anything to happen to them in
Massachusetts. So, just by default, it ends up going to the federal authorities. Also,
these investigations can be very complex and time consuming and labor intensive.
Coakley: Well given those challenges, I think we probably
feel the best way for people to stay safe first is prevention. Making sure they understand
what are some of the risks are using credit cards or using communications online, and
secondly, there are some tools available to people in the state if they believe that information
has been stolen or that their identity information has been breached. Do you want to talk about
that briefly too, Tom? What someone can do in the state? What they should do if they
believe, for instance, credit card or personal information has been stolen?
Ralph: Sure. There are a variety of things that people
can and should do. The first thing that they want to do is they want to notify their credit
card company to make sure that the credit card is cancelled so that further theft can’t
happen as a result of it. They should also consider notifying their local police department.
As part of the Cyber Crime Initiative, we’ve done a lot of outreach and education to the
local police departments to educate them on how to respond to these incidents, and who
should be reported, or what types of crime should be reported, and what steps they can
take in response to that. In addition to that, there is an organization called I-C-3. Anyone
who is potentially affected by one of these type of scams can just Google “I-C-3,”
and click on the I-C-3 website and then report that to I-C-3. I-C-3 is a quasi-federal agency
that actually compiles this data and then will then refer it to the appropriate agency.
Coakley: And that’s important, again, to have people
report, even if there is not anything we can do immediately. What do you see as some of
the trends in the future in terms of the importance of cooperation between the federal and state
level? Where do we… we’re going to clearly continue to do work and business online, communication
online. What do you think we need to be able to do, John, going forward?
MacKinnon: A little bit closer working relationships
between private sector security arms and law enforcement, particularly in their abilities
to train law enforcement. There’s a lot of fortune 500 companies that have footprints
in Massachusetts that have very good relationships with us on investigations, but providing their
training and expertise discretely to law enforcement so that others don’t know what our new tools
are, new skill sets. I think that one of the challenges we see not only internationally
or nationally is parents that are still trying to get familiar with the technology and their
children that are a little bit better. And we’d be definitely remiss in talking about
Internet safety, or computer safety, to make sure that the child users are an integral
component of the protective package of the computer household.
Coakley: And kids know a lot more, in most cases, than
parent do, maybe except for Dave’s kids, not that his kids aren’t savvy. But, you
know, it’s the equivalent of a generation who didn’t speak the language and the children
kind of ran the household. So maybe for the next generation law enforcement will be easier.
But as we wind up here, we have covered a lot of ground. I want to refer folks to our
website for more information, for questions. But if there is one tip that each of you want
to give to our viewers around what they should do to keep safe online. Tom, I’ll start
with you.
Ralph: If it’s too good to be true, or if it looks
too good to be true, it is too good to be true.
Coakley: It probably is. Dave?
Papargiris: I would say they have to keep their system
up to date with patches and antivirus and spyware, and they’ll be ahead of the game.
Coakley: Tom?
MacKinnon: Always be careful when you are online and
don’t be afraid to ask for help before you press that next key.
Coakley: Okay. And I’m sure we could keep talking
about this for a lot of more time. It’s interesting for folks. I think I am afraid
we are out of time. But we have gotten a lot of good information and, again, I think people
should continue to ask questions. They should come to our website, they talk to their kids,
and there is a lot of good about technology. We just want to stay ahead of it to keep people
safe. Thank you.