company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
2. Canadian Identity Theft Support Centre
Preventing Identity Theft: A Guide
Page
• Introduction
1
• What Is Identity Theft
1
• What Do Identity Thieves Want?
1
• How Do Identity Thieves Get Information
About Their Victims?
2
• How Do Identity Thieves Use This Information
To Commit Identity Fraud?
3
• Who Are Identity Thieves?
3
• Reducing The Risk: How Can I Avoid
Becoming A Victim?
3
• At Home
3
• Out And About
4
• Transacting With Other People
And Businesses 4
• Protecting Your Computer
5
• Online Activity
5
• Online Shopping
6
• Smartphones
7
• Tell Your Friends And Family
7
Canadian Identity Theft Support Centre
1.866.436.5461
www.idtheftsupportcentre.org
entity
theft
3. Introduction
Although you can never protect yourself
entirely from identity theft, you can take
steps that will minimize your chances
of becoming a victim. The information
below is designed to help you protect
yourself from this crime.
What is identity theft?
We use the term “identity theft” to mean not
just the stealing of personal information,
but also the fraudulent use of that
information to access your bank account,
credit card or other account without your
authorization, to obtain loans, services,
government benefits, employment or
other benefits in your name, or to evade
authorities by assuming your identity.
Both “identity theft” and “identity fraud”
are criminal offences in Canada. Related
activities such as redirecting mail and
selling fraudulent identity documents are
also criminal offences.
The damage to victims of identity theft
varies widely, from mere inconvenience
such as having to replace a credit card,
to financial and personal devastation.
Victims may even be arrested for crimes
committed by an impostor. Given the
potential consequences of identity theft,
it is worth making an effort to avoid
becoming a victim.
1
What do identity thieves
want?
Most identity thieves want money. Some
want employment or free services. Others
want to evade authorities. In all cases,
identity thieves pretend to be other people
in order to achieve their goals.
The types of information most useful to
identity thieves are:
1. Full Name and Address
2. Date of birth
3. Social Insurance Number
4. Drivers Licence number
5. Passport number
6. Other government-issued ID numbers
7. Student ID numbers
8. Credit card, debit card, bank account
and other financial account numbers
9. Typical passwords or security question
answers – e.g., mother’s maiden name
10. Information about your family, work
and personal life
4. How do identity thieves
get information about
their victims?
Identity thieves use many methods to
gather personal information about their
victims that they can then use to commit
identity fraud. These methods include:
10. Surreptitiously installing spyware on
your computer that gathers information
such as your passwords
Thieves can also gather your information
from other sources that you cannot
control, such as:
1. The garbage of corporations with whom
you do business or government agencies
1. Stealing your wallet, purse, cheques or
mail
2. The computers and databases of
corporations and governments
2. Gathering information from records in
your home
3. Unintentional security breaches of
corporations and governments
3. Sifting through your trash to find useful
information such as account details
4. Websites that have information about
you posted on them
4. Posing as a legitimate company by
email, over the phone or at your door and
asking you for your account information
(this is called “pretexting”, or if done by
email, “phishing”)
5. Employees of corporations or
government who are fooled into providing
your information to the imposter
5. Taking your credit card or debit card
out of your sight and “skimming” it (i.e.,
capturing the information on it via a
special device)
6. Employees of corporations or
government who are part of a criminal
ring or who are bribed to provide your
information to criminals
6. Watching you enter your pin or
password
7. Eavesdropping on insecure wireless
communications
8. Gathering information about you from
social networking sites, blogs, online
‘payday loan’ applications, and other
online sources
9. Hacking into your computer via a virus
or other method
2
5. How do identity thieves
use this information to
commit identity fraud?
Once they have enough information to
pretend to be you, identity thieves can
do all sorts of damage to you and your
financial and personal reputation. Such
damage includes (but is not limited to):
1. Making charges on your credit card or
debit card (bank account)
2. Using, altering, or copying your
cheques and drawing money from your
bank account
Who are identity thieves?
Just as there is no typical victim of identity
theft, people who engage in this criminal
activity range from family members with
no criminal history to international crime
organizations. Depending on the nature
of the crime, the fraudster could be
someone you know or an anonymous
criminal operating from another part of the
world. There is no typical identity thief.
REDUCING THE RISK:
How can I avoid becoming
a victim?
3. Opening up new credit card, cell phone
or other accounts in your name and
running up bills without paying them
There are many things you can do to
minimize the risk of identity theft. The
following are some of the most important:
4. Sending a change of address to
creditors to divert your mail so that
you don’t notice the unauthorized bills
mounting up
At Home
5. Obtaining loans (even mortgages!) In
your name
6. Transferring title to property from you
to them
7. Getting a tax refund or other benefit in
your name
8. Leasing an apartment in your name
9. Getting a job in your name
10. Pretending to be you when arrested
by police
3
1. Keep identification documents in a
safe place at home and only take them
with you when you need them. Consider
storing important documents that you use
infrequently in a safety deposit box at a
bank. Keep copies of your passport, birth
certificate and other government-issued
ID in separate files (for reference if you
lose the original).
2. If you have an unsecured mailbox,
pick up your mail as soon as possible
after delivery. If you are going away, stop
delivery or arrange for someone to pick
up your mail.
3. Be aware of when your bills normally
arrive in the mail and if they don’t arrive,
contact the bank or creditor and find out
what happened.
6. 4. Review your bank and credit card
statements carefully when they arrive and
report immediately any activity you do not
recognize as your own.
5. Keep financial records in a safe, secure
place. Don’t leave them lying around
the house. Shred (or burn) old records
once you know that you won’t need them
for tax or other purposes. Use a crossshredder to ensure that thieves cannot
piece together any information from the
garbage.
6. Order a copy of your credit file from
the two Canadian credit bureaus (Equifax
and TransUnion) annually and review it
carefully to confirm that no one has been
applying for credit or incurring debts in
your name.
Checklist of documents you
should keep secure
• Credit card statements
• Bank and other financial
statements
• Insurance policies
• Medical documents
• Tax records
• Government benefit statements
• Passport
• Legal documents
• Wills
Out and About
1. Don’t carry identification documents
(e.g., birth certificate, passport, SIN card,
health card) or blank cheques in your
wallet, purse or otherwise with you unless
you need them.
2. Don’t store unnecessary personal
information on your smartphone or other
handheld device. Password-protect your
mobile devices with a strong password
that can’t be guessed by someone else.
Transacting with other people and
businesses
1. Don’t give any information about
yourself or your accounts to anyone over
the phone, through the mail or over the
Internet unless you initiated the contact.
Unsolicited requests for your personal
information are likely to be scams. If
the caller (or message) asking you for
information purports to be from your bank
or another institution with which you do
business, hang up and call the institution
yourself using the phone number on your
account statements, and ask if they were
trying to contact you.
2. Don’t give your Social Insurance
Number unless it is required by your
employer, financial institution or the
government.
Other businesses don’t
need it and cannot legally insist that you
provide it.
3. Never use a cheque to pay someone
you don’t know and trust. Instead, use
cash, credit card, debit card, money order
or bank draft.
4. Don’t let your debit card or credit card
out of your sight when using them to
4
7. pay for services. Cover the pad when
entering your PIN.
5. When selecting service providers to
whom you will be entrusting your personal
information, look into their privacy policies
and their track records with respect to
data security. Don’t do business with
a company you can’t trust to keep your
personal information confidential and
secure. Let companies know that this is
important to you.
Protecting Your Computer
1. Set up your computer with a username
and password that you have to enter each
time the computer is turned on and after a
certain period of inactivity. Only let people
you trust know your password.
Passwords should be at least 8
characters long and include a mix
of upper- and lower-case letters,
numbers, and/or non-alphabetical
characters.
Do not use easilyavailable information such as your
mother’s maiden name or your birth
date.
2. Do not store passwords on your
computer.
3. Ensure that all computers you use to
connect to the Internet are protected by
both a firewall and anti-virus software.
4. Keep your computer’s anti-virus
software current: set it to update and scan
regularly, and don’t let your subscription
lapse.
5. Turn off your computer when it is not
5
in use. When your computer is shut off
it is also disconnected from the Internet,
preventing access to potential thieves.
6. If you use a wireless system to connect
to the Internet, you should take extra
precautions against unauthorized access.
Install a Virtual Private Network (VPN) or
other proven system to encrypt the data
moving to and from your computer so that
it is unreadable.
Online Activity
1. Use strong passwords to protect your
financial accounts if you access them
online.
2. Do not open e-mail messages or
attachments if you do not recognize
the name of the sender. Delete them
immediately. Even messages from people
you know can be dangerous if they are
caused by computer viruses. If the
message seems strange, do not respond
to it. Attachments are most dangerous
– they can carry spyware that lodges in
your computer and sends your personal
data back to the criminal who can then
use it to perpetrate identity theft.
3. Do not download files unless you
are certain that they are safe (e.g., by
running them through your anti-virus
software). Other people’s computers may
be infected and used to send harmful
viruses and spyware to your computer
through email or downloads, even if the
other person is unaware of the infection.
4. Do not activate “pop-up” windows
that appear unexpectedly on your
computer. Just like email attachments
and downloads, they may contain viruses
or other malicious software.
8. 5. Don’t post information on your blog,
social network profile or website that
could be useful to an identity thief. See
above for a list of information most useful
to identity thieves.
6. If you engage in social networking
online (e.g., Facebook, MySpace), set
your privacy settings to the highest level;
don’t just accept the default settings.
Use a nickname rather than your official
name. Don’t accept invitations to connect
with people you don’t know.
7. Read the fine-print of Applications
(“Apps”) before you install them on your
computer. If the App requires access to
more personal information than it needs,
reconsider whether you really want to
install it.
8. Connect only to wireless (Wi-Fi)
networks that you absolutely trust. If/
when you use a wireless network, make
sure that your communication is secure
and disconnect from the network when
you stop using it.
9. Limit your activities while using public
Wi-Fi. Avoid making online purchases
or accessing email while using a public
Wi-Fi zone. Public Wi-Fi hotspots are
targeted by hackers since they can give
the hacker direct access to your mobile
device.
Online Shopping
1. Make purchases only from businesses
that you know are legitimate. Some
websites are designed for the sole
purpose of stealing your personal
information, especially credit card
numbers. If you are unsure about the
legitimacy of the business, research it via
the Internet (to see what others say about
it), call and ask questions to determine its
legitimacy, or contact the Better Business
Bureau to find out if it is a member.
2. Place orders only through secure
websites. You can tell if a site is secure: if
the web address begins with
“https://” and the web browser displayi a
locked padlock icon.
https://www.paypal.co
3. Pay for online purchases only with a
credit card or secure online system such
as PayPal. Never pay with a cheque as
cheques are easily copied and contain
too much personal information.
4. Don’t store your credit card information
or other personal information on shopping
sites. While this makes future purchases
from that site easier (because you won’t
have to enter the same information each
time), it puts your information at risk of
being stolen from the site or exposed
unintentionally through a security breach.
5. Read the fine print. Confirm that the
business does not share your personal
information with other businesses, or
opt out of such sharing if necessary.
You are legally entitled to “opt-out” of all
non-essential use and sharing of your
personal information.
6
9. Smartphones
Finally….
1. Use the same precautions as when
using your home computer online (see
above). Install security software specially
designed for mobile devices and update
it regularly. Double check URLs for
accuracy. Don’t open suspicious links.
Read the fine-print of applications before
installing them. Make sure a site is
secure (https) before giving any billing or
personal information.
Tell your friends and family about
what they can do to prevent
identity theft
2. Install a backup/wiping program that
will back up the information on your
mobile device to your home computer and
“wipe” your phone if it is lost or stolen so
that no data remains on the device itself.
These services are available through
device manufacturers and wireless
service providers. iPhones have a builtin “wipe” feature that if turned on will wipe
the phone after 10 failed log-in attempts.
For more information and tips on
Computer/Online protection, see the
companion
CITSC
guide
entitled
“Protecting Yourself from Online Identity
Theft”.
7
If more people take these steps to
prevent identity theft, criminals will find
it more difficult to succeed and we will
all benefit. Share the information in this
publication with other people. Don’t be
afraid to correct the habits of a friend or
family member if you see they are being
careless with their personal information.
Your few words could save them a lot of
grief.