ID theft’s been growing in leaps and bounds in Canada during the pandemic. And investors may need to step up their efforts to protect themselves in the online era: where financial information is more vulnerable than ever to fraud.
According to the Canadian Anti-Fraud Centre (CAFC), during the three years preceding Covid, reports of ID fraud were quite stable at around 9,500. Then, in 2020, that average exploded to 17,377. And 2021 could double that.
More Data, More Fraud
The rise of ID theft “is mostly linked to the CERB (Canadian Emergency Response Benefit) program, explains Jeff Horncastle, supervisor, fraud prevention and intake unit, at the CAFC. “Criminals would log into their victim’s account to pick up their benefit and deposit the money into some other bank account. Usually, victims wouldn’t know about it until they received their year-end tax forms.”
ID theft is a subcategory of fraud, with the difference that it is “personalized”. “Fraudsters steal your personal identifiers (driver’s license number, social insurance number, passwords), allowing them to transact while pretending to be you, says Karen Wallace, director of investor education at Morningstar. They can buy clothes and furniture, invest money. It happened to me: someone filed a tax report with my social security number. Luckily, the government alerted me that someone had tried to hack my account.”
How it Happens
ID theft can be brutal: you go to your online banking account and, lo and behold, it has been drained. You didn’t see it coming. It’s insidious and may not have set off any alarms until then.
Most often, it happens unknown to you in the background for a few weeks or months. Then bam! It all unravels: you get a call from your credit card issuer because you have an unpaid balance of $25,000 (while your credit limit is only $10,000!) or your bank denies you a loan because your credit rating is too low (while you’ve always prided yourself in having an impeccable score).
When “bam!” happens, “it’s because things have been going on in your back for some time,” explains Julie Kuzmic, director of consumer advocacy at Equifax Canada, illustrating her point thus. Some ill-intentioned individual picked up a few identifiers from your wallet that you have left unattended. He calls a bank to get a new credit card, identifies himself as you, uses a few identifiers to confirm his “identity”, except for one last detail: he has the card sent to another address. At the outset, he uses the card very prudently, pays his bills on time, solidifies his creditworthiness, and then asks to increase the credit limit on the card. That’s when he maxes out the card – and disappears. Then, inevitably, bam: the bank calls you, asking you when you intend to pay an outstanding balance of $25,000 on purchases you never heard of.
Password Markets
However, with ID theft moving increasingly online, passwords become crucial identifiers, “what scammers are increasingly after,” notes Horncastle. In the digital world, financial information is more than ever vulnerable to fraud. With just the relevant password, scammers can get access to all your financial accounts and wipe you clean. And the market for identifiers and passwords is, of course, the Web itself, more specifically the dark web points out Wallace. “The fresher the data, the higher the price fetched,” she says.
Individuals should be on the lookout for early warning signs of potential fraud. For example, not receiving some bills through the mail, a merchant refusing your check, seeing withdrawals on your bank account that you can’t explain, receiving bills from service providers you have never been in contact with.
Dos and Don’ts
The experts we talked to suggest addressing a few things to avoid falling into a fraudster's crosshairs:
- Protect your computer with up-to-date virus and malware protection and don’t respond to any online solicitation that seems suspect, like urgent-looking messages that claim that your computer is infected with viruses.
- Create strong and diverse passwords. A key trick is to start from a word that is easy to remember for you, let’s say “solicitation” and transforming into “shollichittashon”, a term no computer sniffer armed with a dictionary can identify, and then add a few unusual characters to it: “!shollichit?tashon333”. And wherever it’s possible, resort to multi-factor authentication.
- Be frugal in the personal information you share over social media (email address, children’s names, birth dates). This is all material thieves can use to try and bait you into scams and phishing attempts.
- Beware of public wi-fi, a favoured hunting ground for fraudsters. Certainly don’t carry out any financial transactions, because these public networks are typically not secured.
- Ensure you’re regularly reviewing your transactions, especially your credit card bill, for any unauthorized activity.
- Safeguard personal information in your home, especially if you have service workers come in.
- Protect your mail and shred documents containing sensitive personal identifiers: credit card bills, bank cheques and statements, pre-approved credit applications.
- It seems needless to say, but it happens… Don’t leave your wallet or purse lying around outside. Ever. Scammers don’t just rob your credit card – something easily repaired. They rob the credit identifiers you’ve built with your card – something much more difficult to repair.
:quality(80)/cloudfront-us-east-1.images.arcpublishing.com/morningstar/Q3KIND5VXRCNHHH6JQHCCYBSSA.png)
