Reader's Digest (Canada)

Protect Yourself Against Identity Theft

With cybersecur­ity breaches at big companies and a range of scams targeting unknowing consumers, your personal informatio­n is more vulnerable than ever


The alarming call came one wintry February day last year while Melissa*, an IT analyst, was at work. She didn’t recognize the number, and when she answered, a sales associate at a jewellery retailer in Mississaug­a thanked her for joining the store’s credit card program. Confused, Melissa explained that she hadn’t applied for it. “So you weren’t just here in the store?” the associate probed.

The 34-year-old wasn’t experienci­ng short-term memory loss. As it turned out, a much younger woman in possession of Melissa’s social insurance number, address and birthdate was impersonat­ing her. Over five days, armed also with fake photo identifica­tion, this mysterious fraudster used Melissa’s name to sign up for two cellphone accounts, apply for credit cards and take out a payday loan from Money Mart. She’d planned to walk out of the jewellery store with several expensive baubles, but a shrewd employee, sensing something was off about the nervous young customer, refused to initiate the account and, after the woman left, obtained Melissa’s phone number from a credit bureau.

The thief disappeare­d without a trace, getting away with about $1,000 in merchandis­e and loans. It could have been worse had she not been discovered before the credit cards were mailed to her, but it was still a huge headache for Melissa. Though she wasn’t on the hook for any money, she had to call every retailer the fraudster visited, supplying proof of identity in order to cancel the accounts. “I’ve spent over 100 hours clearing my name, and my credit is still terrible,” she says. “Why is this my fault?”

STORIES LIKE MELISSA’S are becoming more common. In 2016, approximat­ely 36,000 Canadians were victims of identity theft or identity fraud—up over 20 per cent from the previous year. According to statistics from the Canadian Anti-Fraud Centre (CAFC)—our national agency that collects and analyzes data from these crimes—losses in 2016 totalled almost $14 million.

Meanwhile, with security breaches regularly making headlines, it can seem as if our personal informatio­n is in constant danger of being stolen by thieves. Last September, Equifax

disclosed that 8,000 Canadian victims were included in the high-profile hack that compromise­d the personal informatio­n of more than 145 million Americans. In May, Bell Canada announced that hackers had threatened to expose 1.9 million customer records, and the company refused to pay to stop them (a portion of the data was subsequent­ly leaked online). Breaches have also affected WestJet, Uber, Loblaws and Canadian Tire— all in the past year.

While those large-scale thefts are out of your control, and it’s impossible to track which individual frauds come from them, there are ways to make your personal informatio­n difficult for thieves to get their hands on.


#1: Your Digits

Your social insurance number (SIN) is the key to a kingdom of personal records, from your credit report to your tax return, so you’re wise to keep it secure. The nine-digit SIN was created in 1964 as a unique client identifier for the Canada Pension Plan and various employment insurance programs, but its use has expanded to virtually all transactio­ns between you and the government. However, with no legal restrictio­ns on who employs it, your SIN may also be requested by private-sector organizati­ons—and that’s where the problems start.

Even if you’re asked for it, you don’t have to give your SIN to your landlord, your doctor’s office, your cellphone provider or when filling out a credit card or employment applicatio­n. The more it’s floating around, the more likely it’ll be stolen and sold on the so-called “dark web.” (This sinister underbelly of the Internet, which can only be accessed with special software, hosts marketplac­es and eBay-like auction sites where identities are bought and sold.) So if you’re not sure whether it’s really necessary to provide your SIN, ask why it’s being requested and if you can provide an alternate form of identifica­tion.

Melissa still doesn’t know how her SIN got leaked, but the thief who targeted her used it to request a credit report in her name and then pieced together all the informatio­n they needed in order to impersonat­e her on credit applicatio­ns.

If you think your SIN has been stolen, file a complaint with police and make sure you get a case reference number and the officer’s name and telephone number. Contact the CAFC for further advice. Every few months, you’ll need to request a copy of your credit report from one of Canada’s two national credit bureaus, Equifax and TransUnion, and review it for any suspicious activity. Credit alerts can be placed on your file, requiring that you be contacted if anyone tries to open a new account in your name.


#2: Your Log-ins

Canadians, like most of the world’s Internet users, are abysmally poor at keeping their online profiles secure. Three researcher­s from the University of Ontario Institute of Technology—Dr. Christophe­r Collins, Rafael Veras and Dr. Julie Thorpe— analyzed 32 million passwords leaked from a social gaming company, using them as a large representa­tive sample of North American social media users. Hilariousl­y—or perhaps depressing­ly—they found the most commonly used passwords involved strings of sequential numbers (“123456”) and painfully obvious word choices (“password”).

They also parsed semantic patterns and found common themes, such as “I love” followed by a person’s name (male names were four times more common than female names). References to food, money, sex, profanity and royalty also cropped up most frequently, says Thorpe, an associate professor of IT security. As for digits, people tend to favour dates, such as holidays and notorious events (like 4/15/12, the day the Titanic sank).

You might feel like the above options are fairly airtight, but using any recognizab­le words or strings of numbers instantly makes your accounts vulnerable to hackers, who employ guessing software that can run through millions of possible passwords per second. The most secure and memorable password is one that uses a string of letters, numbers and characters derived from a phrase that’s been altered to include something personal. For example, you might log into an airline site with “1 lo ajpwK&S,dkwib ba ”— which stands for “I’m leavin’ on a jet plane with Kristof and Sven, don’t know when I’ll be back again.”

In theory, you’ll need to come up with dozens of these. “As soon as you use the same one for multiple sites, hacks can happen,” Thorpe warns. But since rememberin­g them all isn’t realistic, she suggests using free password managers like iCloud Keychain, LastPass, Dashlane, KeePass and 1Password. Although these tools can themselves be hacked, Thorpe says you’re ultimately far more secure using them than being a lazy person with only one password for everything.

Beware of

#3: Common Scams

Every day, the CAFC gets calls from consumers who’ve been targeted by scammers, and about half of these swindles involve trawling for personal informatio­n rather than simply demanding cash, says acting team leader Allan Boomhour. “The data itself is valuable,” he says, explaining that criminals not only use it to open

financial accounts in your name, but can sell it on that dark web.

Leah*, 36, was shopping at No Frills in Toronto’s east end one day when a well-dressed man with a clipboard approached her, offering to sign her up for a new PC Financial MasterCard. She filled out the applicatio­n form, including her birthdate and SIN, but the card never arrived. After a while, she became curious, so she called the bank and was told that they had no record of her at all. “They said that they didn’t have anybody signing people up in No Frills grocery stores anywhere in the GTA,” she says.

Leah called her regular bank and discovered that someone had managed to get access to her account, most likely by having a duplicate copy of her current credit card sent to a different address, and was using it to make a slew of small purchases.

Another common scheme, email phishing, has grown more sophistica­ted than cordial entreaties from Nigerian princes seeking your help to transfer vast sums of money. Typically, you’ll get an email from what appears to be your bank or the Canada Revenue Agency (CRA) asking you to “authentica­te” your account or receive a tax refund by clicking on a link. You’ll be asked to enter your informatio­n in a fake website that often looks very convincing. “It’s almost a mirror copy of the original, but when you try some of the links on the page, like the ‘Contact Us,’ they don’t work,” Boomhour says.

Remember that reputable institutio­ns will never ask for personal informatio­n of any kind via email. For its part, the CRA doesn’t send tax refunds by e-transfer— only by cheque or direct deposit.


#4: Your Mail

In May 2017, Toronto Police announced that they’d arrested the leader of a $10-million identity theft ring in a massive investigat­ion dubbed Project Royal. The enigmatic Torontonia­n, who called himself Johnson Chrome, flaunted his lavish lifestyle at nightclubs, displaying a predilecti­on for glitter-encrusted

designer shoes and fine wines. But his modus operandi was surprising­ly simple—he and his associates would steal mail from condo buildings, painstakin­gly piecing together their victims’ identities until they had enough informatio­n to apply for credit. For 10 years, Chrome had evaded detection by only stealing small amounts at a time—mostly between $100 and $5,000.

Indeed, intercepti­ng snail mail is a fairly easy way to steal an identity, especially if your victim receives paper financial statements. Tactics can include Dumpster diving, but also the slightly more sophistica­ted mail-forwarding fraud—for this, all a thief has to do is input your address, a new one and a credit card number at Canada Post’s website in order to reroute your mail to a vacant, abandoned or for-sale property.

Switching to e-billing and online payments can eliminate this risk, as can renting a PO box where you can retrieve letters and packages at your convenienc­e.

#5: Watch Your Accounts

Too many Canadians don’t check their bank and credit card statements thoroughly every month, says personal finance educator Kelley Keehn, author of Protecting You and Your Money: A Canadian’s Guide to Avoiding Identity Theft and Fraud. This is especially true of seniors, who tend to slow down their consumer spending as they age and aren’t as likely to need loans. “If you don’t care what your credit score is, you’re not going to be checking your credit file for fraudulent activity,” she says.

Keehn recommends a little-known trick for spotting suspicious transactio­ns: through your online banking profile, you can opt to receive an e-mail or text message every time your debit or credit card is used. If you see a purchase you don’t recognize, you’ll be able to report it right away and won’t be on the hook for any stolen money. (Most banks have a 30- to 60-day limit for reporting fraudulent transactio­ns.) There are also a range of phone apps, such as Credit Karma and LifeLock, that can help you monitor your accounts for suspicious activity.

Of course, even if you put this safety measure in place and follow all of the other advice above, you’re still not immune to identity theft. “The reality is, you can take every precaution­ary step possible and still become a victim. It’s just that big of a problem,” warns Boomhour, before adding one welcome note of reassuranc­e: “At the end of the day, though, you’re not responsibl­e for anything the criminals do in your name.”

 ??  ??
 ??  ??

Newspapers in English

Newspapers from Canada