Reader's Digest (Canada)


They’re stealing passwords, impersonat­ing the CRA, charging thousands to credit cards and ruining our lives. It’s time to beat them at their own game.

- BY Emily Landau

As if the COVID-19 pandemic hadn’t stolen enough from our lives, it also created a fertile ground for scams. The Canadian Anti-Fraud Centre saw a 32 per cent increase in reports of scams between the end of 2019 and the end of 2020. The most common are phishing emails or texts, phone calls from scammers impersonat­ing banks or government­s, phony job advertisem­ents and retail scams hawking fake goods. It’s not that there are more fraudsters, explains Jeff Thomson, an RCMP senior analyst at the CAFC, but more innovative forms of fraud—and more people online to target. “Right now, we are forced to do our everyday shopping or groceries online, so we’re increasing that online user base,” he explains. And Thomson expects those scams to keep proliferat­ing throughout 2021. “More people are vulnerable to scams, and more people are more likely to run into scams.”

This is the year to scam-proof your life. Here’s how.


With its 2.79 billion users, Facebook is an all-you-can-eat buffet for cyber fraudsters. These are the five most common ways scammers will try to steal your money or your identity—or both.

1. the phishing attack One of the most common scams on Facebook is phishing, in which individual­s or organizati­ons send you a message seeking money. An urgent DM from a trusted friend, exhorting you to click on a sketchy-looking link or install software, is likely coming from a scammer who has either hacked into or cloned that friend’s account. Clicking on that link might trigger an unauthoriz­ed malware download or send you to a fake

login page, compromisi­ng your informatio­n. Some scammers personaliz­e the attacks—a technique known as “spear phishing,” says Kathy Macdonald, a former Calgary police officer and independen­t cybersecur­ity consultant. “This means the attacker has done some research on their target so that they can personaliz­e the contact—they’ll find out, maybe from social media, where you live, where you like to go on vacation, your relationsh­ip status,” she explains. The conclusion? Don’t click on those links. If you’re interested in the content, search for informatio­n in a separate browser.

2. the fake contest Many scammers will bait users with the promise of a tempting contest prize: a legitimate-looking post offering entrants the chance to, say, meet Vin Diesel or win a free SUV. These links can lead to malware infections and damage to devices. “At the

very least, they’ll get your account added to spam lists,” explains Claudiu Popa, president of the cybersecur­ity company Datarisk. Even real contests are susceptibl­e to fraud: in January, for example, the P.E.I. restaurant Nimrods’ held a contest to win a gift certificat­e. Within days, entrants were receiving false emails from fake accounts claiming to be Nimrods’, telling them they’d won and asking for credit card info. “It hurts to see that people are misusing our company name, and tricking people to make money,” said Nimrods’ owner Mikey Wasnidge.

3. the share scheme The classic chain letter has received a digital makeover. Scammers will pose as Facebook administra­tors updating users on privacy policies or data ownership, and urgently implore those users to share the link and pass it onto their friends. “Fraudsters will track those shares,

identifyin­g the Facebook profiles of those who fall for it as the marks in future fraudulent or disinforma­tion campaigns,” says Popa.

4. the non–existent grant In COVID-19 times, the government is offering all kinds of financial assistance: CERB, small-business loans, rent relief. And scammers are taking advantage. Users might see an official-looking ad for free government funding, which will take them to fraudulent links with plenty of strings attached. “Ultimately it leads to a request for personal informatio­n and money up front to get the grant,” says the CAFC’s Thomson. “And, of course, there’s no grant. They don’t receive anything at all.”

5. the catfishing scam A sophistica­ted class of romance scammers are taking advantage of lonely hearts. Facebook helps them learn crucial informatio­n about their victim before establishi­ng contact. A romance scammer will often claim to be in the military, working on an oil rig or volunteeri­ng overseas, waiting to save enough money to move back home. They might spend months grooming their target, and will seem to always be available to chat because, in reality, the suitor is several people working in cahoots. The first rule of online romance: never send them a penny. If they ask you to cover travel expenses or medical bills, or even buy them Amazon gift cards, it’s time to move on.


Early in the pandemic, online shopping doubled, with Canadians spending some $4 billion between February and May 2020, according to Statistics Canada. New and sophistica­ted retail scams also increased: over the 2020 Black Friday–Cyber Monday weekend, for example, suspected e-commerce fraud in Canada spiked by 435 per cent compared to the same time in 2019. Thomson says much of the fraud involves brand name or designer items. “We saw fake blenders, hot tubs, Lego,” he says. “PlayStatio­n 5s were a particular­ly hot commodity, since those are hard to come by to begin with.”

Fraudsters have become alarmingly good at the work they do—they often create slick, faux third-party resale sites to hawk the most coveted video game consoles and designer sneakers, or post ads on eBay, Amazon and Kijiji with glossy, highqualit­y product photos that look just like the real thing. Some of the most scammable items are pricey tech devices, like laptops, hard drives or tablets, says Popa. “In the best-case scenario, you might buy it and discover it’s either not functionin­g or it’s not the right amount of data storage,” he explains. Sometimes you pay for the product—and it never arrives. “I find this happens with eBay a lot. Two months pass, you’ve bought a bunch of other products [and] you’ve forgotten about the one you were expecting,” Popa says. “Then you go back a couple of months later, and the seller has disappeare­d.”

The most glaring warning sign to watch for is probably the thing that attracted you to the product in the first place: the price. If it seems too good to be true, chances are it is. “If you want a Canada Goose jacket that costs a thousand bucks, and you hop online and suddenly you’re finding ads offering them for $400 or $600, that’s likely a fake,” Thomson says. Popa, meanwhile, flags a practice known as astroturfi­ng, where sellers publish false reviews on sites like eBay and Amazon to make their account look more legitimate. “You’ll find those to be very superficia­l. Sentences are very short or incoherent, and sometimes they’re just star reviews with no text,” he says. He advises buyers to read reviews closely and critically, and also to stick with sellers who have proven longevity and a significan­t number of transactio­ns. “If the vendor has been on the platform for 15 years, you can see their track record,” he says.

To further steel yourself against scammers, use platforms with fraud protection. “You need to transfer the risk of fraud to sites providing you a service,” Popa says. PayPal offers some fraud insurance, he says, while eBay has a money-back guarantee, though only for certain types of purchases.


Scammers aren’t just thieves—they’re master manipulato­rs. “This pandemic has been perfect for tricking people into divulging personal informatio­n using technology,” says Macdonald. “That’s because people are already highly emotional. They’re fearful, they’re anxious, and scammers can leverage those things.” Increasing­ly, fraudsters are doing this through phone scams, which doubled in 2020, according to the CAFC. One of the most common schemes is when they impersonat­e officials from the Canada Revenue Agency or RCMP. “They’ll play on your fear by shocking you and telling you something’s happened to your account, that you owe taxes or fines,” Macdonald says. In reality, when the CRA calls, they may ask you to verify your name, birthdate or address, but they will never ask you for your driver’s licence or social insurance number, or demand immediate payment. If you suspect you’ve been targeted by any of these scams, you should report the sketchy behaviour to the Canadian Anti-Fraud Centre’s website or hotline (1-888-495-8501).

A similar phone scam, Thomson says, involves a fake bank investigat­or claiming that there have been unauthoriz­ed charges on your account and that you’ll need to pay a fee to protect your funds. These calls usually occur early in the morning and target people with landlines; this is because landlines often have something called a delayed disconnect, which means the caller is still connected even after you hang up. He might ask you to hang up and dial the number on the back of your credit card, but you’ve never really hung up. So, when you provide your personal informatio­n to the person who answers at the supposed credit card company, it’s still the same fraudster on the line.


Credit card informatio­n should always be dispensed sparingly—given those details, some swindler might rack up

unauthoriz­ed charges, damage your credit score or even sell that informatio­n to other fraudsters. But in our online-everything climate, it’s often necessary to provide those digits to buy goods or services. If you do, take steps to ensure the site where you enter that informatio­n is secure. “Look for the HTTPS in the URL,” Thomson says. “That shows the site is locked and encrypted, and it’s standard across most reliable sites.” Other times, sites for things like newspaper subscripti­ons or streaming services will offer users free 30-day trials, promising not to charge the card until the trial period is

up. You’re best off avoiding those trials altogether, says Claudiu Popa. “You have no idea whether this company can protect your informatio­n, and the fewer companies that have your credit card on file, the better,” he explains. When it comes to credit cards, hypervigil­ance is the best policy: instead of paying bills automatica­lly, read statements closely, check your credit score once a year and familiariz­e yourself with your card’s fraud insurance.


No matter how secure your Wi-Fi password is, a hitchhiker can sneak onto your network. If someone is stealing your Wi-Fi, you might notice slower speeds than usual, pop-up ads that seem out of sync with your family’s interests and browsing, and higherthan-usual usage bills. To get to the bottom of the issue, you’ll want to

check your router to see which devices are logged into your network—which is probably a smart practice even when you don’t suspect a Wi-Fi weasel. And this kind of vigilance is a good idea outside of the home, too; coffee shops and co-working spaces may seem like a distant memory, but one day we’ll be using public Wi-Fi again. When you do, be sure to avoid sensitive transactio­ns until you’re safely back on your own network. “I always suggest that people never use public Wi-Fi to enter credential­s into a bank, for example, or buy any products,” says Macdonald.


Immediatel­y kibosh all kids’ birthdays, pets’ names or beloved sports teams from your rotation. What you need instead are long, random passwords— blends of capital and lowercase letters, numbers and obscure symbols galore— and you’ll need a different one for each of your accounts. If a scammer figures out that you reuse a password, they can hack into your other accounts, and even into your email. Once inside your email, they will have all kinds of informatio­n to impersonat­e you. Download an authentica­tor app on your phone and use it for two-factor identifica­tion for email and banking passwords, since those are the treasure chests of informatio­n for would-be identity thieves. Collect all your passwords in an offline database, either a password manager you download for your computer— Popa recommends Password Safe and KeePass as trustworth­y options—or the one that comes with your smart phone. Then do it all again: protect the password database with a two-factor authentica­tion method along with a long, unique password.


Every time you sign up for a newsletter, register on a website, accept cookies (chunks of tracking data) onto your browser, order an item online or comment on a forum, you’re expanding your digital presence and potentiall­y exposing yourself to people who might pilfer all that informatio­n and use it against you. One way to mitigate that risk is to use pseudonyms and nicknames when signing up for accounts, communitie­s and forums. Another tactic Popa recommends is using disposable emails: when a website asks for your email address to read an article or create an account, you can use a service called Mailinator to generate a one-time email address without compromisi­ng your real one. “No one tells you this, but email addresses are the primary attack method for any type of cyber fraud—ransomware, phishing, spam,” he says. “The scammers can keep trying new angles and scenarios until you bite.” Periodical­ly, it’s smart to clean your digital footprint: for a fee, services like DeleteMe will help close all the accounts and services you’ve signed up for, and keep checking periodical­ly to ensure your informatio­n hasn’t been re-added to any spam lists.

Despite their sweet name, cookies aren’t always harmless. When a site asks for session cookies, that’s usually okay, because all it’s doing is saving your preference­s for that particular site. Some sites, however, ask you for permission to use third-party cookies, which means they can share the informatio­n they collect with other parties. Review the settings on your web browser to block these persistent cookies. Popa also recommends a browser extension called Privacy Badger, a free tool that tracks the cookies being written into your computer and blocks them before they’re finished. You can even set your browser to automatica­lly clear your history and cookies every time you close it.

Also important: never agree to store your passwords to an auto-fill. You’ll have to log in fresh each time you re-open the browser, but your online informatio­n will be much more secure. “Make these steps part of your regular practice,” Thomson says. “Then it’s not a matter of whether you’ll be the victim of identity theft, but whether you’re able to stop it before it happens.”

 ?? illustrati­ons by josh holinaty ??
illustrati­ons by josh holinaty
 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??
 ??  ??

Newspapers in English

Newspapers from Canada