Spike in fraud worries experts
Heartbleed virus, government breaches increase vulnerability
When Bell Canada first contacted Shereen Zink in late 2012 to say she owed $3,500 on an overdue account, she didn’t believe it.
“I hung up on them because I thought it was a scam and they were trying to get money from me,” said Zink, a communications student in Edmonton.
When Bell kept calling back and threatened to send the outstanding bill to collections, Zink checked her credit report and realized she was the victim of identity fraud.
Thieves used Zink’s name, social insurance number and date of birth to open an account with the phone company. For eight months, they made hundreds of local and international calls, and even made a few minimum payments to keep the service going.
“There were names and numbers for people I didn’t know,” said Zink, who later obtained copies of the bills from Bell. “The bills ran for 35 pages.”
Zink filed a police report. It took “a lot of time and effort” to prove to Bell Canada that she was not responsible for the bill.
“It was a really stressful time,” Zink said, “It shows what someone can do with your SIN.”
Zink is not alone. Her story is one example of identity theft — where thieves steal your personal information and use it for fraudulent activity — a trend that security experts say is on the rise in Canada.
Canada Revenue Agency is in the process of sending registered letters to 900 Canadians whose Social Insurance Numbers were removed from its database because of a security flaw that was revealed last week.
The tax agency was one of dozens of websites that admitted it was vulnerable to the Heartbleed bug, a flaw in commonly-used software that left sensitive personal information vulnerable to hackers.
Experts say that it will take weeks or months to gauge the impact of the damage caused by Heartbleed. But thousands of Canadians are already all-too-familiar with the damage that identity theft can cause.
Equifax Canada received nearly 31,400 reports of true name fraud cases in 2013. That’s up from about 18,500 in 2010.
Victims reporting this type of case to the credit bureau and placing a fraud alert on their credit file are required to provide an affidavit swearing that their name has been used for fraudulent activity, John Russo, vice-president, legal counsel and chief privacy officer at Equifax Canada Co. confirmed.
“We’ve seen a severe increase in these numbers in the last three months,” Russo said, adding that approximately 16,500 cases have already been reported in 2014.
Russo believes the sharp rise is tied to a spike in the number of government and other recent information breaches.
Government departments reported 219 breaches to the federal Privacy Commissioner from April 2013 to January 2014, more than double the 109 breaches reported the previous fiscal year.
“It’s par for the course. We think the increase in data breaches leaves more people prone to identity theft. The two go hand in hand,” Russo said.
A study by U.S. telephone giant Verizon released last year found that in instances of data loss, one in four will eventually be a victim of identity fraud, he added.
Security experts say that breaches involving social insurance numbers can leave victims particularly vulnerable.
“Your SIN is a key component to stealing your identity. A lot can be done with that,” said Kelley Keehn, personal finance expert and author of Protecting You and Your Money: a Guide to Avoiding Identity Theft and Fraud, published by CPA Canada.
SINs are known as a unique identifier — one name, one number. Thieves can use a valid SIN and first and last name to apply for credit cards or loans and buy things in your name, without your knowledge. Victims and companies are left on the hook for the bills, and it can be months before they realize that fraud took place.
“People think, ‘Who am I that they have my SIN?’ These are organized criminals that are very sophisticated,” Keehn said.
“The thieves need your name, address and date of birth, but these things can be easily collected from social media, from dumpster diving or from stealing your mail.”
The Canadian Anti-Fraud Centre logs as many as 25,000 calls each year about everything from identity theft to phishing schemes and employment scams.
Last year, it received 6,275 complaints about ID fraud with victims reporting losses of $11.1 million. Already this year, it has received 1,808 complaints about identity fraud with losses reaching $2.6 million.
Identity fraud is “massive and has been for years. It’s an enormous money maker for scammers,” said Daniel Williams, a senior supervisor at the Canadian AntiFraud Centre.
“The Internet has made life so easy for the criminals. Where before they had to plant a dirty employee somewhere to steal information, now they can do it from thousands of miles away.”
Zink, says she doesn’t know how thieves got her SIN, but says she’s now more careful about revealing personal information on social media.
Bell Canada, which declined to comment on the incident involving Zink, gives its customers similar advice.
While there’s nothing consumers can do about a breach of a database that’s storing your information, carefully checking over your bank and credit card statements can help mitigate the risk, Williams said.