<img src="http://i.imgur.com/DFwPEZN.png" width="600px">
<hr></hr>
What’s the fastest growing crime in the United States?
Fraud.
With technology becoming more pervasive in our everyday lives, we entrust more and more personal information to the Internet. Simultaneously, criminals are becoming more creative in how they attack and steal the identity of naive Americans. Fraud can happen to anyone, but there are steps you can take to minimize the chance of becoming a victim of fraud.
This game serves as a simulation, where the decisions you make ultimately affect how and whether or not you become a victim of fraud. You will be forced to make decisions that affect the security of your identity in the physical and digital world, and see how small mistakes and naivety can lead to the extreme consequences of getting your identity stolen.
[[Start your journey.|Welcome to the beginning of the end]]
It’s April of your final year at [[Dravrah University->Dravrah University]], an average liberal arts college in Maine, where you studying business. Graduation is fast approaching in June, and you're getting overwhelmed just thinking about everything that comes with leaving the bubble that’s your college.
[[Life is starting to get real.]]
A friend informed you how it’s good idea to start building credit early, so you think about getting another credit card made. Your laptop’s dead and you forgot your charger, so you log into a computer at the library. Speaking of credit cards, you’ve got emails from CapitalOne and American Express. They’re offering you pretty decent credit card deals.
<img src="https://www.cranecu.org/wp-content/uploads/photodune-1567420-colored-credit-cards-s.jpg" alt="credit cards" width="500px">
You take a look at the form, but first, your old habits are killing you.
[[Log in to Facebook to check up on today's news |Facebook feed]]
You know you have several important upcoming things to take care of. For one, your parents keep nagging you about your [[job prospects->Jobs]]. For another, you know the state of [[your finances->Finances]] isn't looking too hot.
What do you do?
[[Check out your finances|Your finances]]
[[Apply to jobs | Your job situation]]
[[Log in to Facebook to avoid your problems |Facebook feed]]
You get back to worrying about filling out those credit card applications.
You click on the AMEX email link and begin to fill out the required credit card form. The requirements are what you’d expect: Name, Date of Birth, Email Address, Social Security Number, and other personal information.
You nonchalantly fill out the form with your basic info. After you’ve completed most of the form and are on the last page, you are asked to pick a security question. You have 3 options:
[[What street did you grow up on? |Childhood...]]
[[What is your first pet’s name? | Pets?]]
[[What is your mother's maiden name? |Maiden Name]]
(set: $question to 'What is your first pet’s name?')Ah, Rufus. Your first dog. You smile as you recall all of the cute pictures you took of him growing up.
[[Finish form | Password]]
(set: $question to 'What is your mother’s maiden name?')Lancelot. Your remember your mother being very proud of her maiden name.
[[Finish form | Password]]
Now you’re being asked to create a password for your account. You usually use the same password for all your online profiles, but you begin to wonder if you should try a different password.
[[Yeah, it’s definitely best to use a new password in case something weird happens. | Are You Sure?]]
You enthusiastically create a new, long, and complicated password for your account. The website asks you to sign in with the password. You begin typing it in, and you realize that you can’t remember what the hell it is. Was it Unicorns437, 321Unicorns, or IHateUnicorns893?
[[Forgot Password? | Password]]
[[I’ll stick with something I can remember. | Yay, New Card!]]
You decide to use the same password you use for your Facebook, Twitter, and Instagram accounts because it’s the easiest to remember. Later, you get an email: "Congratulations! You have been approved for the AMEX Blue card. Your credit limit is $5000. You will receive your new card in the mail within 7-10 business days." You receive the card the following week. Curiously, it's in your neighbor's mailbox—but you don’t think much of it since your mail often ends up there.
[[Sounds good! | Phone Call]]
[[Actually, I think I'll call the AMEX to cancel the card. |Smart Move!]]
You activate your new card. It came at the right time - You’re about to go on a spring break trip to Jamaica. You excitedly post on Facebook and Twitter “I feel like an adult now that I have a credit card - I’ll try not to spend too much in Jamaica!” Fortunately, you’re responsible, so you limit your purchases during the trip. After a week of partying, you fly into the airport exhausted. You walk into your room and collapse on your bed, but just as soon as you’re about to doze off, your phone rings. You peek at the caller ID, and it’s not a number you recognize.
[[Answer the phone, it could be really important! | Is it THAT Important?]]
Do you really want to? It’s probably some telemarketer anyway. And if it’s REALLY something important, they’ll leave a message. Plus, you could use some sleep right now.
[[Yes, Actually Answer the Phone! | Shocking Discovery]]
[[Mehh, I’m tired… | Good Choice!]]
(set: $phonecall to true)Yeah, the phone call can wait. It’s probably just a wrong number. And you’ll definitely need to catch up on sleep before the week starts again.
[[What could possibly go wrong? | The Fateful Day]]
It’s a normal Saturday, about two weeks after you've returned from your trip to Jamaica. It’s raining outside, and you don’t feel like leaving outside to go buy groceries. After all, yesterday was a late night. You open up your laptop to order on GrubHub, and suddenly, you receive an email notice regarding a recent credit card transaction in Carson City, Nevada.
Huh? I’ve never been there before. Then you see the charge… $500 on <b> ammonium nitrate </b>. Not only is that an absurd charge, but you might have just become part of an FBI investigation.
<img src="http://ecx.images-amazon.com/images/I/51qDVvlbOIL._SX425_.jpg" alt="powder">
In the meanwhile, you're getting a ton of notifications on your smartphone.
[[Check Twitter | Social Media Hack]]
Hmm, what’s this? you have a couple of retweets? What????
What…. <em> Hey everyone, here are all of the photos from my phone” </em> Why is that on your Twitter?
Then the real kicker: <em> the photos... </em> your entire digital life, taken from your phone and placed onto Twitter, thrown into the public domain. Hey, what’s the worst case? Maybe someone will make a meme out of you?
[[Check Mailbox | Letter from Dean]]
<img src="http://i2.cdn.turner.com/cnnnext/dam/assets/120606094003-twitter-logo-change-story-top.jpg" alt="twitter">
<img src="http://i.imgur.com/442adYs.png" alt="imgur">
Hmm, what is this, a letter in your mailbox? Do people still do that on a regular basis?
Oh wait, it’s from the Dean of Student Life, Stephen Laffonde. Lets open it:
<em>
...We have recently seen that you have accessed protected resources on campus that represent illicit material and have committed various other transgressions named below. Unfortunately, we are calling for a review board to determine whether your actions follow the Dravarh Code of Ethics, and at this point, due to your actions, we feel that your student status at the universtiy and pending graduation are called into question.
</em>
Evidently,
* Your tuition for this semester was not paid and you are incurring interest on the remaining payment. Your student account balance is negative.
* Your school username was used to sign into university computers prior to a 5 TB download of illicit materials that could incur a 20-year prison sentence and a lawsuit against the university
But wait...none of this is true. You do remember paying the university tuition and you never used the school computer to download illegal material.
[[Could this day get any worse? | Bank Hack]]
A call from your parents - one of your recent checks just bounced? How did that happen? You just received your paycheck from Starbucks!
<img src="http://i.imgur.com/AFxY7Kx.png" alt="imgur" width="400px">
Then you check your bank account online... it says $0. <em> No way, that’s gotta be a computer bug... </em>
You call the bank --- <em> “What happened?” </em> Huh? Apparently, you can’t even reach customer support anymore, you’re number isn’t recognized. You go to your profile online, but what - the phone number linked to your account has changed?!
You check your credit score—down to an abysmal ''460''! Last week it was above ''700''...
In one day, it’s all gone away: your social media accounts, your bank account, your credit score, your identity. All are gone...
[[Wait, what?! | Conclusion]]
How could all this have possibly happened to you?!
[[The explanation]]
(set: $job to true)You drag yourself to your computer and bring yourself to check your email inbox, though you know you shouldn't expect any replies from your most recent round of applications.
Most of your friends already have jobs, and you have yet to land an interview. You're feeling pretty desperate at this point.
—
You open your inbox to see two interesting emails: the [[first email->Subject: Introducing Jobs.com, the best job search platform you'll ever use!]] advertises a new job search platform called Jobs.com. This looks promising. The [[second email->Subject: Hello from ThrowBox!]] is a recruiter from a random company you've never heard of who saw your LinkedIn through a mutual connection.
[[Check out Jobs.com |Jobs.com]]
[[Reply to the recruiter |Landing an interview]]
You decide to sign up for Jobs.com - after all, it can't hurt, right? You're pretty desperate for any good opportunities you can find, especially given how late it is into recruitment season and how unqualified you feel at this point, even after four years at Dravrah. Man, those four years sure were tough.
You open up your browser and navigate to Jobs.com. A flashy, bootstrapped website with diverse stock imagery and headlines pronouncing searches for "rockstar code ninjas" and "business gurus" overwhelms your senses.
You click on the big red <b>"Register Now!"</b> button in the center of the screen. On the registration page, you're presented with two options:
[[Sign up with Facebook]]
[[Sign up with Email]]
You've never heard of ThrowBox before, so you're not super excited about this opportunity, but you decide to respond anyway.
You head over to your school's library and log in to one of the computers in the study room to reply to ThrowBox's email with your resume.
You get in touch with the recruiter, and schedule your interview. A few days later, you have your interview over the phone with one of their business operations managers.
Sweet, now that you've got a job interview, you check out the next thing on your to-do list.
[[Check out the state of your finances|Your finances]]
--
from: [email protected]
to: [email protected]
date: Mon, Nov 23, 2015 at 8:12 AM
subject: Subject: Introducing Jobs.com, the best job search platform you'll ever use!
Hi,
We're proud to introduce our new job search platform, <b>Jobs.com</b>! Jobs.com has the biggest and most extensive list of job openings out there in a variety of fields. Here are a list of jobs currently listed on Jobs.com relevant to you and your interests:
- Business development specialist - Core Inc., <i>Philadelphia, PA</i>
- Business associate - McKinley & Co., <i>New York, NY</i>
- Business operations assistant - Silverman Sachs, <i>New York, NY</i>
Sign up for an account today on Jobs.com to apply to these, <b>and more!</b> It takes only three easy steps and two minutes to make an account, so what are you waiting for?!
Much love,
The Jobs.com team
--
from: [email protected]
to: [email protected]
date: Mon, Nov 23, 2015 at 9:46 AM
subject: Subject: Hello from ThrowBox!
Hey there,
It's Matt from ThrowBox. I came across your LinkedIn profile through our mutual friend, Lauren, who I believe is a classmate of yours at Dravrah. I was impressed by your past experience working as a finance operations intern at Moogle, and wanted to chat about similar positions open at ThrowBox. If you're interested, I can set you up for an interview this week - just shoot me your resume, and I'll be in touch.
Looking forward to hearing from you,
Matt
You click on the <b>"Sign up with Facebook"</b> button, and Jobs.com authenticates through Facebook, pulling your public profile, email, and basic info into a handy little Jobs.com profile for you.
How convenient.
[[Onto the job search!]]
You never really trusted Facebook, and you don't feel comfortable connecting your personal life with your professional. After all, Jobs.com was a site full of professional opportunities for you. You can't mess this up.
You sign up by entering all your information from scratch - your name, email, phone number, and basic details.
[[Onto the job search]]
Wow, Jobs.com is awesome! You browse through hundreds and hundreds of job listings, dropping off your resume at every listing that matches what you're looking for. There's so many great jobs on here, so you apply to your favorites.
[[Now, to wait for callbacks]]
Wow, Jobs.com is awesome! You browse through hundreds and hundreds of job listings, dropping off your resume at every listing that matches what you're looking for. There's so many great jobs on here, so you apply to your favorites.
[[Now, to wait for callbacks...]]
Two weeks after you initially signed up for Jobs.com, you still hadn't received any correspondence back from any of the companies you applied to. You started to lose hope - maybe Jobs.com wasn't as great as it made itself out to be.
--
However, this morning was different. You woke up to an email in your inbox from one of the companies you applied to, offering you a chance to interview with them! Looks like things are making a turn for the better.
--
You get in touch with the recruiter, and schedule your interview. A few days later, you have your interview over the phone with one of their business specialists!
The next day, your recruiter shoots you an email. She wants to chat with you over the phone about something. Could this be it?!
[[Chat with your recruiter]]
Two weeks after you initially signed up for Jobs.com, you still hadn't received any correspondence back from any of the companies you applied to. You started to lose hope - maybe Jobs.com wasn't as great as it made itself out to be.
--
However, this morning felt different. You go for a stroll through campus and stop by the library. There, you decide to check your email in case any recruiters got back to you. As it turns out, there's a new email in your inbox from one of the companies you applied to, offering you a chance to interview with them! Looks like things are making a turn for the better.
Now, to worry about those other things on your to-do list...
[[Your finances]]
Your phone rings, it's your recruiter. You pick up.
"Hello"?
<i>"Hi, it's Irene from Morgan Stanford. I wanted to call to chat with you quickly about your recent application with us regarding the business development associate position. We were impressed by your resume and got great feedback from your interviewer yesterday."</i>
"Oh that's aweso-"
<i>"But wait a second. We don't want you to get too excited, because this call probably isn't going to end well."</i>
(uh-oh)
<i>"We were looking at your Jobs.com profile since you applied through their site. Your profile photos on Jobs.com seems to link to some disturbing party behavior. And is that a photo of you using illegal drugs on the second page of your profile?!"</i>
(Crap! Those photos must have gotten pulled directly from Facebook when you created your account through your Facebook profile. They were back from when you were a stupid freshman and had just discovered what alcohol and other recreational substances were. Why were you so stupid as to not untag yourself from them?! Did you really think that just because you didn't friend anyone outside of your closest friends, no one else would see them?!)
<i>"Anyway, we cannot proceed with the interview process given this information. You might want to reconsider what you put on the Internet. Best of luck. *click*"</i>
--
Sigh. There goes that. Maybe that other email from that random company ThrowBox or whatever from a few weeks back is worth responding to.
[[Respond to ThrowBox|Landing an interview]]
Now that you've gotten your fair share of social media out of your system, you decide it's finally time to get down to business and deal with your other problems.
[[Get back to your finances | Begin Credit Card Form]]
<img src="http://i.imgur.com/zZ8QtwB.jpg" alt="Dravrah">
Eh. Average.
Hey, it's hard being a college student. All those days of ramen dinners and agonizing over your diminishing bank account have really taken a toll on you. You use a single student credit card, but rather sparingly, as you know you have pretty bad spending habits and thus try to avoid falling into debit to begin with.
You're a business major, so you know you want to do something business-related... but what exactly, you're not sure of. Maybe a business associate or business operationalist position? What do these words and titles even mean? You're interested in all those big-name firms out there: Silverman Sachs, J.T. Morgan, D.W. Shaw, just to name a few...
<img src="https://lh3.googleusercontent.com/ZZPdzvlpK9r_Df9C3M7j1rNRi7hhHRvPhlklJ3lfi5jk86Jd1s0Y5wcQ1QgbVaAP5Q=w300" alt="facebook" width="200px">
You maintain a pretty average Facebook account - you're friends with all your college friends and a few family members. You don't tend to post <i>too</i> often, though you've been trying to be more active lately as [[your mom->your mom]] complained that she doesn't hear from you often enough. You don't like how your mom is <i>always</i> commenting on your photos and writing on your wall, though, so you make sure to limit the content that she and other family members can see on your profile.
A pretty typical mother. She loves you a lot.
''It's a sad day. Your identity has been stolen.''
(if: $job is true)[That resume you sent in was actually not to a recruiter—but to the hands of a //fraud gang//. They used the basic personal information you provided on your resume to easily target you.]
(if: $job is not true)[You were the victim of a //fraud gang//.]
Remember that photo you posted on Facebook? Embedded in that photo was metadata about your location which was used to determine that you were not home. Creepy indeed. (if: $attending is true and $phonecall is true)[It also helped that you mentioned you'll be away in Jamaica for spring break.]
(if: $phonecall is true)[They went through your mail, intercepted your credit card number, and carefully put it back into the same package so you wouldn't notice. Mistakenly, they put it in your neighbor's box.]
After you activated your card, the //fraud gang// used [[social engineering]] to call up the credit card company—use the account number and information from your mail(if: $job is true)[, your resume] and public databases to verify they are you.
They were able to easily get the answer to the question you picked, "$question" using publicly availible information. (if: $friendedmom is true and $question is 'What is your mother’s maiden name?')[You being friends with your mom on Facebook (who uses her maiden name in her profile) made it too easy.](if: $question is 'What is your first pet’s name?')[Your Twitter stream was filled with pictures of Rufus—quite easily giving this one away.](if: $question is 'What street did you grow up on?')[Thes street that you grew up on was easily looked up in an online white pages directory.]
In fact, they used the same question to reset your email password. They logged into your email and reset your iCloud password. In your email, you had an attachment that contained a color copy of your passport as well as your social security number in some other school-related document.
The iCloud password gave them access to all of the photos on your iPhone.
Your social security number and passport gave them access to your identity.
Once they got into your account they reset all your questions and security mechanims to lock you out.
They emptied out your student account and opened several bank and credit accounts in your name. They also proceeded to spend on their newly opened credit cards.
(if: $phonecall is true)[<b>Remember that phone call you ignored?</b> It turned out to the credit card company calling to check with you about some bizarre transactions under your account. Some things could have been avoided if you had answered it then.]
Better luck next time. [[So now what?]]
Ok, it’s back to square one... a new identity, a new social media image, a new university, a new financial start. You can’t go back to university, you can’t go back to your social media accounts, you can’t go back to your old life...
People think identity theft is about impersonation. No, theft involves the loss of something; identity theft causes us all to lose something, it causes us to lose <b> ourselves </b>.
[[Start over with a new identity|Start]]
<a href="http://www.consumer.ftc.gov/features/feature-0014-identity-theft/">Click here to learn more about identity theft</a>
You’re tired and want to go to bed, but you grudgingly answer the phone. “...This is George from American Express, and I wanted to call about some questionable purchases from your account…” Apparently, someone has gotten hold of your credit card number and has spent $350 in a gas station in a small town in New York. “... Do you wish to change your credit card number and cancel your current number?”
[[Yes, Definitely! | Partially solved]]
(set: $question to 'What street did you grow up on?')You grew up on 42 Wallaby Way. Hard to forget, right? If a fish with short-term memory could remember that, so can you.
[[Finish form | Password]]
It was a damn good thing that you answered the phone. Had you ignored it, it would be near impossible for you to cancel your credit card number later if the thief were somehow able to access and change your personal information. Fortunately, your credit card number has been cancelled and the mysterious costs have been nulled, but you still remain rather paranoid.
[[What else has been compromised besides your credit card? | The Fateful Day]]
You open up [[Facebook->Facebook]] as usual, and scroll down your news feed. It's the same content as usual... maybe you should post something so that your friends and family think you're actually doing something with your life. Check out your news feed or post your own status / photo:
(if: $attending is not true)[<hr>
Your friends Tonald and Drump are attending //Spring Break 2016 in Jamaica//. You're also looking forward to this trip!
[[Mark as attending.]]]
(if: $friendedmom is not true)[<hr>
Your mom sent you a friend request.
[[Accept friend request.]]]
<hr>
What's on your mind?
[[Post your own status or photo.]]
(set: $attending to true)Great! You're really excited for spring break in Jamaica and now all your Facebook friends can be jealous of you.
[[Go back to your Facebook news feed|Facebook feed]]
(set: $friendedmom to true)Great! Like a good child you've reluctantly accepted your mother's friend request.
(if: $attending is true)[Plus, now your mom can see all of the great things you'll be doing during Spring Break in Jamaica!]
[[Go back to your Facebook news feed|Facebook feed]]
(if: $attending is true)[Good thing you're going on vacation to Jamaica next week for spring break. It's a much needed break from all the stress at school. Ahhh, Jamaica! What an amazing place! The weather is so much better than the wintry mix plaguing Dravrah right now.
And what’s a vacation without Instagrammin’! You decide to Instagram a quick image of your vacation destination before you head out to let your friends know what you're up to.
<img src="http://i.imgur.com/4sVvPbH.jpg" alt="jamaica" width="500px">
Which status will you use?
[[Heading out to Jamaica for the week! |The card form]]
[[Yooooooo Helllooooooo Vacationnnn! |The card form]]]
(if: $attending is not true)[You look around for inspiration. Oh, an ice cream truck! Would you look at that! You haven’t seen one of those in a while - let’s post a quick photo.
<img src="http://i.imgur.com/RAJFRej.png" width="400px">
Ice cream trucks don’t come often to Dravrah.
<img src="http://i.imgur.com/ICYkCOS.jpg" width="500px" alt="icecream">
Which status will you use?
[[Look at that, an ice cream truck! |The card form]]
[[5 year old me wants! |The card form]]]
Smart move to be suspicious of your card being in the wrong box. Upon closer inspection, you notice that the packaging the card came in is slightly torn. It's possible that someone may have intercepted it and placed it back into the wrong box. Regardless, let's play it safe than sorry.
Speaking of being safe than sorry, you're getting a ton of notifications on your smartphone.
[[Check Twitter| Social Media Hack]]
"Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter."
[[Learn more abour social engineering|http://searchsecurity.techtarget.com/definition/social-engineering/]]