According to Canadian Anti-Fraud Centre reports, there were 16,970 victims of identity theft in 2020, making it the second most common scam affecting Canadians — second only to extortion. However, Canada’s actual number of identity theft cases is likely much larger, as fewer than 5% of victims file a report.
Identity theft is when someone steals your personal information, such as birthdate, social insurance number (SIN), credit information, address, health card number or login information for any online services.
Scammers can then use that information to pose as you and commit identity fraud. Common crimes include taking out credit in your name, stealing your money, applying for jobs or government benefits, using subscription services and, more recently, ordering goods in your name.
There are two types of identity theft: unsophisticated and sophisticated. Unsophisticated methods include dumpster diving and mail theft, while more sophisticated techniques include database breaches and phishing.
Within these catch-all umbrellas, there are several ways scammers can steal your identity.
Suppose your purse or wallet is lost and picked up by an unscrupulous individual or stolen directly from you. In that case, they can use the cards inside like your driver’s licence, health card, credit and debit cards to steal your identity. Criminals can also collect personal information from lost or stolen unlocked cell phones, laptop computers and other portable devices.
Some identity thieves go through the trash to find personal or financial information. They may find credit card statements, credit reports, addresses and private letters that could reveal your bank account or credit card number and personal details like your birth date or SIN.
This can happen by breaking into mailboxes directly or obtaining discarded mail from trash or recycling bins. Mail provides a wealth of personal details and potentially financial information.
It’s relatively easy for thieves to have your mail redirected to them through Canada Post’s Change of Address Service. All the thief needs is a new address, an old address, a credit card number, email, birthdate and knowledge of credit history — which they can con a victim into giving them beforehand.
This scam preys on people who want to work remotely and is popular during the holiday season. What happens might go like this: you agree to receive packages that need to be gift wrapped before they are reshipped to another person. Unfortunately, those packages are often stolen goods which could make you an accessory to the crime.
In addition, you may be asked to fill out a payroll form so that you can get paid. If you even get those paycheques, they will likely bounce. Plus, you’ve just given a thief your personal and banking details by filling out the form.
Phishing is when a victim is convinced to click on a link given to them via email, text or social media, taking them to a legitimate-looking website where they enter their login details, personal or financial information. Once the information is submitted, it is provided to the thieves who sent the link. That information can then be used to obtain services, merchandise, loans, apply for jobs or open accounts in the victim’s name.
Also known as domain name spoofing, pharming is similar to phishing but dupes users with a fake version of a real website. When a person types in a legitimate website into their browser’s address bar, they are redirected to an illegitimate version of the requested site. This dummy site entices them to enter personal information.
A data breach is the hacking of a large company storing scores of personal information to acquire that information or sell it on the dark web.
A potential victim can be tricked into downloading a virus, malware or spyware that can log their keystrokes, monitor their browsing and obtain their contacts to steal financial or personal information.
Often referred to as drive-by identity theft, wardriving involves the thief driving around a neighbourhood using an antenna to intercept Wi-Fi signals on unsecured internet networks. Once an unsecured network is found, a thief can log on to the unsecured network and fraudulently obtain access to the computers using it and steal personal or financial information stored on those computers.
Though the schemes above only scratch the surface when it comes to the number of ways criminals can steal identity, there are also several steps you can take to make your identity much harder to steal.
Aaron Broverman has been a personal finance journalist for over a decade. His work has appeared on such outlets as Yahoo Finance Canada, Bankrate and Creditcards.com, Money Under 30, Wealth Rocket, CBC.ca and Greedyrates.ca. This former Toronto transplant via Vancouver now lives in Waterloo with his wife and son.