Identity Theft is on the Rise Across Canada—Here’s How to Protect Yourself
More than 35,000 Canadians are the victims of identity theft every year. Beef up your security with these five strategies.
How to Prevent Identity Theft: 5 Smart Strategies to Bolster Your Defenses
Protect Your Digits
Your social insurance number (SIN) is the key to a kingdom of personal records, from your credit report to your tax return, so you’re wise to keep it secure. The nine-digit SIN was created in 1964 as a unique client identifier for the Canada Pension Plan and various employment insurance programs, but its use has expanded to virtually all transactions between you and the government. However, with no legal restrictions on who employs it, your SIN may also be requested by private-sector organizations—and that’s where the problems start.
Even if you’re asked for it, you don’t have to give your SIN to your landlord, your doctor’s office, your cellphone provider or when filling out a credit card or employment application. The more it’s floating around, the more likely it’ll be stolen and sold on the so-called “dark web.” (This sinister underbelly of the Internet, which can only be accessed with special software, hosts marketplaces and eBay-like auction sites where identities are bought and sold.) So if you’re not sure whether it’s really necessary to provide your SIN, ask why it’s being requested and if you can provide an alternate form of identification.
If you think your SIN has been stolen, file a complaint with police and make sure you get a case reference number and the officer’s name and telephone number. Contact the Canadian Anti-Fraud Centre (CAFC) for further advice. Every few months, you’ll need to request a copy of your credit report from one of Canada’s two national credit bureaus, Equifax and TransUnion, and review it for any suspicious activity. Credit alerts can be placed on your file, requiring that you be contacted if anyone tries to open a new account in your name.
Strengthen Your Log-ins
Canadians, like most of the world’s Internet users, are abysmally poor at keeping their online profiles secure. Three researchers from the University of Ontario Institute of Technology—Dr. Christopher Collins, Rafael Veras and Dr. Julie Thorpe—analyzed 32 million passwords leaked from a social gaming company, using them as a large representative sample of North American social media users. Hilariously—or perhaps depressingly—they found the most commonly used passwords involved strings of sequential numbers (“123456”) and painfully obvious word choices (“password”).
They also parsed semantic patterns and found common themes, such as “I love” followed by a person’s name (male names were four times more common than female names). References to food, money, sex, profanity and royalty also cropped up most frequently, says Thorpe, an associate professor of IT security. As for digits, people tend to favour dates, such as holidays and notorious events (like 4/15/12, the day the Titanic sank).
You might feel like the above options are fairly airtight, but using any recognizable words or strings of numbers instantly makes your accounts vulnerable to hackers, who employ guessing software that can run through millions of possible passwords per second. The most secure and memorable password is one that uses a string of letters, numbers and characters derived from a phrase that’s been altered to include something personal. For example, you might log into an airline site with “1loajpwK&S,dkwibba”—which stands for “I’m leavin’ on a jet plane with Kristof and Sven, don’t know when I’ll be back again.”
In theory, you’ll need to come up with dozens of these. “As soon as you use the same one for multiple sites, hacks can happen,” Thorpe warns. But since remembering them all isn’t realistic, she suggests using free password managers like iCloud Keychain, LastPass, Dashlane, KeePass and 1Password. Although these tools can themselves be hacked, Thorpe says you’re ultimately far more secure using them than being a lazy person with only one password for everything.
Find out the worst passwords you could possibly use.
Beware of Common Scams
Every day, the CAFC gets calls from consumers who’ve been targeted by scammers, and about half of these swindles involve trawling for personal information rather than simply demanding cash, says acting team leader Allan Boomhour. “The data itself is valuable,” he says, explaining that criminals not only use it to open financial accounts in your name, but can sell it on that dark web.
A common scheme, email phishing, has grown more sophisticated than cordial entreaties from Nigerian princes seeking your help to transfer vast sums of money. Typically, you’ll get an email from what appears to be your bank or the Canada Revenue Agency (CRA) asking you to “authenticate” your account or receive a tax refund by clicking on a link. You’ll be asked to enter your information in a fake website that often looks very convincing. “It’s almost a mirror copy of the original, but when you try some of the links on the page, like the ‘Contact Us,’ they don’t work,” Boomhour says.
Remember that reputable institutions will never ask for personal information of any kind via email. For its part, the CRA doesn’t send tax refunds by e-transfer—only by cheque or direct deposit.
Here are 10 online scams you need to be aware of.
Secure Your Mail
In May 2017, Toronto Police announced that they’d arrested the leader of a $10-million identity theft ring in a massive investigation dubbed Project Royal. The enigmatic Torontonian, who called himself Johnson Chrome, flaunted his lavish lifestyle at nightclubs, displaying a predilection for glitter-encrusted designer shoes and fine wines. But his modus operandi was surprisingly simple—he and his associates would steal mail from condo buildings, painstakingly piecing together their victims’ identities until they had enough information to apply for credit. For 10 years, Chrome had evaded detection by only stealing small amounts at a time—mostly between $100 and $5,000.
Indeed, intercepting snail mail is a fairly easy way to steal an identity, especially if your victim receives paper financial statements. Tactics can include Dumpster diving, but also the slightly more sophisticated mail-forwarding fraud—for this, all a thief has to do is input your address, a new one and a credit card number at Canada Post’s website in order to reroute your mail to a vacant, abandoned or for-sale property.
Switching to e-billing and online payments can eliminate this risk, as can renting a PO box where you can retrieve letters and packages at your convenience.
Here’s expert advice on how to outsmart porch pirates.
Keep an Eye on Your Accounts
Too many Canadians don’t check their bank and credit card statements thoroughly every month, says personal finance educator Kelley Keehn, author of Protecting You and Your Money: A Canadian’s Guide to Avoiding Identity Theft and Fraud. This is especially true of seniors, who tend to slow down their consumer spending as they age and aren’t as likely to need loans. “If you don’t care what your credit score is, you’re not going to be checking your credit file for fraudulent activity,” she says.
Keehn recommends a little-known trick for spotting suspicious transactions: through your online banking profile, you can opt to receive an e-mail or text message every time your debit or credit card is used. If you see a purchase you don’t recognize, you’ll be able to report it right away and won’t be on the hook for any stolen money. (Most banks have a 30- to 60-day limit for reporting fraudulent transactions.) There are also a range of phone apps, such as Credit Karma and LifeLock, that can help you monitor your accounts for suspicious activity.
Of course, even if you put this safety measure in place and follow all of the other advice above, you’re still not immune to identity theft. “The reality is, you can take every precautionary step possible and still become a victim. It’s just that big of a problem,” warns Boomhour, before adding one welcome note of reassurance: “At the end of the day, though, you’re not responsible for anything the criminals do in your name.”
To learn more about common scams and frauds, visit the Royal Canadian Mounted Police (RCMP) website.
Now that you know how to prevent identity theft, find out why you need to stop commenting on those viral Facebook memes.