Identity theft is not a new phenomenon, but has evolved with the advent of information technology. Nowadays, access to a large amount of information available on the Internet, the exploitation of IT or the use of various scams allow fraudsters to obtain private or confidential information about their victims in order to steal their identity and then commit malfeasance.
Information sought for identity theft includes social insurance numbers, birthdates or birth certificates, identity cards, passports, resident cards, driver's licenses, health insurance cards, credit or bank cards, passwords, etc.
Here are some examples of how malicious individuals obtain your personal information, as well as recommendations or measures to reduce the risks of fraud or identity theft.
Obtaining or intercepting mail
- Use a mailbox with a lock and make sure you receive any expected mail.
- Subscribe to e-services for your statements.
Rummaging or retrieval of information in the trash
- Shred any paper containing personal or confidential information prior to discarding it in the trash or burn these documents.
Data recovery following the loss, neglect or theft of a mobile device (e.g. laptop, smartphone, removable media, etc.)
- Use a strong password and lock your session during your absence.
- Set up a data encryption mechanism to make the information unusable for a thief.
- Do not store sensitive personal information on these components.
Data recovery from a computer or removable media that have been disposed of (e.g. sale, donation, trash, etc.)
- Permanently destroy ("wipe") the data on the computer using specialized software (e.g. KillDisk) or physically destroy the hard drive.
- Never throw removable media in the trash (e.g. CD-ROM, USB, etc.) without permanently destroying their contents.
Intercepting contactless card data with RFID technology
- Use an aluminium case or film to prevent the waves from propagating.
Intercepting information during online transactions
- Never enter sensitive personal information on an unsecured website (which does not start with https ://)
- Never click on a link embedded in an e-mail to perform a transaction with banking or credit card e-payment sites.
- Be careful when using free wireless networks, as some, although they may seem legitimate, are fake networks ("hot-spot").
Obtaining information through the discovery of a password
- Use strong and easy to remember passwords; do not make them accessible.
- Use a secure password management tool (e.g. KeePass) to avoid writing or saving them in an unsecure manner.
- Do not use the same passwords for work and personal use.
Theft of information from your computer following a remote assistance request from a third party
- Never provide information (e.g. IP address) or accept remote assistance of your computer from a stranger (e.g. fake Microsoft technician).
Obtaining personal information via social networks or storage sites
- Be aware that the confidentiality of the information submitted on social networks may not be guaranteed and that storage sites may be hacked.
Obtaining information through phishing techniques
- Be aware of and educated on the various social engineering techniques in order to detect them and avoid providing personal information to strangers.
- Be vigilant and suspicious of the various emails received or websites that require you to provide personal information.
Hacking or malware infection
- Install a personal firewall and maintain updated reputable antivirus software.
- Update the operating system, all software, applications or software components to ensure vulnerability patches are applied.
If you are a victim of identity theft, it is recommended to follow the following steps as quickly as possible to reduce the impacts, to re-establish your credit and restore your reputation:
- Make a list of all compromised identification cards along with their numbers.
- Obtain and review bank account and credit card statements to pinpoint unauthorized transactions.
- Contact credit bureaus (e.g. Equifax) to obtain a credit report and inform them of the identity theft.
- Contact local police and report the theft.
- Report the theft to the Canadian Anti-Fraud Call Centre.
- Communicate with the entities whose accounts have been compromised and make an identity theft statement.
For more information on identity theft, please click on the following links:
- Canadian Anti-Fraud Centre
- Office of the Privacy Commissioner of Canada: Identity Theft and You
- Equifax
Terranova Training offers information security awareness which deals with identity theft. For more information, contact Terranova Training. By Patrick Paradis, Information Security Advisor