According to Canadian Anti-Fraud Centre reports, there were 16,970 victims of identity theft in 2020, making it the second most common scam affecting Canadians — second only to extortion. However, Canada’s actual number of identity theft cases is likely much larger, as fewer than 5% of victims file a report.
Identity theft is when someone steals your personal information, such as birthdate, social insurance number (SIN), credit information, address, health card number or login information for any online services.
Scammers can then use that information to pose as you and commit identity fraud. Common crimes include taking out credit in your name, stealing your money, applying for jobs or government benefits, using subscription services and, more recently, ordering goods in your name.
How does identity theft happen?
There are two types of identity theft: unsophisticated and sophisticated. Unsophisticated methods include dumpster diving and mail theft, while more sophisticated techniques include database breaches and phishing.
Within these catch-all umbrellas, there are several ways scammers can steal your identity.
Unsophisticated methods of identity theft
Suppose your purse or wallet is lost and picked up by an unscrupulous individual or stolen directly from you. In that case, they can use the cards inside like your driver’s licence, health card, credit and debit cards to steal your identity. Criminals can also collect personal information from lost or stolen unlocked cell phones, laptop computers and other portable devices.
Some identity thieves go through the trash to find personal or financial information. They may find credit card statements, credit reports, addresses and private letters that could reveal your bank account or credit card number and personal details like your birth date or SIN.
This can happen by breaking into mailboxes directly or obtaining discarded mail from trash or recycling bins. Mail provides a wealth of personal details and potentially financial information.
Change of address
It’s relatively easy for thieves to have your mail redirected to them through Canada Post’s Change of Address Service. All the thief needs is a new address, an old address, a credit card number, email, birthdate and knowledge of credit history — which they can con a victim into giving them beforehand.
This scam preys on people who want to work remotely and is popular during the holiday season. What happens might go like this: you agree to receive packages that need to be gift wrapped before they are reshipped to another person. Unfortunately, those packages are often stolen goods which could make you an accessory to the crime.
In addition, you may be asked to fill out a payroll form so that you can get paid. If you even get those paycheques, they will likely bounce. Plus, you’ve just given a thief your personal and banking details by filling out the form.
Sophisticated identity theft
Phishing is when a victim is convinced to click on a link given to them via email, text or social media, taking them to a legitimate-looking website where they enter their login details, personal or financial information. Once the information is submitted, it is provided to the thieves who sent the link. That information can then be used to obtain services, merchandise, loans, apply for jobs or open accounts in the victim’s name.
Also known as domain name spoofing, pharming is similar to phishing but dupes users with a fake version of a real website. When a person types in a legitimate website into their browser’s address bar, they are redirected to an illegitimate version of the requested site. This dummy site entices them to enter personal information.
A data breach is the hacking of a large company storing scores of personal information to acquire that information or sell it on the dark web.
Spyware, malware and viruses
A potential victim can be tricked into downloading a virus, malware or spyware that can log their keystrokes, monitor their browsing and obtain their contacts to steal financial or personal information.
Often referred to as drive-by identity theft, wardriving involves the thief driving around a neighbourhood using an antenna to intercept Wi-Fi signals on unsecured internet networks. Once an unsecured network is found, a thief can log on to the unsecured network and fraudulently obtain access to the computers using it and steal personal or financial information stored on those computers.
How to prevent identity theft
Though the schemes above only scratch the surface when it comes to the number of ways criminals can steal identity, there are also several steps you can take to make your identity much harder to steal.
- Do not share sensitive personal details with anyone unless you can verify they and their purposes are legitimate. This includes passwords, login details, addresses, banking information, birthdays and credit history. In all but very few cases, legitimate companies, such as your bank or credit card company, will never ask for this information via text, email or over the phone (unless you initiated the call).
- Shred documents and destroy expired credit cards, but do so in a way that enterprising criminals cannot easily reconstruct them.
- Change your usernames and passwords frequently and never use the same ones on multiple sites. It can be helpful to use a password manager, which will maintain your passwords within a secured database so you don’t have to remember them.
- Do not keep original identification documents in your wallet. Keep only your driver’s licence or ID card in your wallet along with one credit card and debit card. Leave your birth certificate, passport or SIN card at home.
- Do not click unsolicited links. Don’t click links that you randomly receive via text message, direct message or email.
- Secure your Wi-Fi network and mobile devices. Make sure your internet network, computer, phone and other devices are password-protected.
- Lock your credit and debit card when lost. When you lose your wallet or it is stolen, lock or freeze your cards to prevent credit card fraud.
- Monitor your credit report. Keep a close eye on your credit report and look closely for any changes you didn’t make, particularly new lines of credit that you did not open. Contact Equifax or TransUnion to report any suspicious activity you see.
- Don’t answer unsolicited phone calls from suspicious phone numbers. You may get a call saying you owe money to the government or suspicious purchases have been made on your credit card. Ignore these phone calls and recordings at all costs.
- Keep computer security, anti-malware, anti-spyware and anti-virus software up to date. Though not foolproof, keeping anti-virus software up to date can go a long way to protect your computer from being compromised by hackers.