Protecting Yourself from Identity Theft and Fraud

Woman with credit card and tablet

After Thanksgiving, October is known for Halloween festivities. Who wouldn’t love the opportunity to go trick-or-treating, watch Halloween movies, and frighten family and friends? But October is also Cyber Security Awareness Month (CSAM). It can be terrifying when someone hacks into your accounts, so protecting your private information should be top of mind.

Identity theft can happen to anyone at any time, and often, a victim isn’t even aware until it’s too late. Believing you’re just not a target is often where the problem starts. Just think, in about the same amount of time it would take you to send your grandma a selfie from your vacation, someone intending to steal your identity could get all the information they need. The fact is identity thieves cast a wide net to ensnare people in ways they least suspect. Filling your tank at the gas station, shopping at the mall, or posting pictures from your vacation online can potentially expose you to having your identity compromised.

To help us all learn how to better protect ourselves, we spoke with John Pomeroy, Director, Cybersecurity and Compliance at Allstate Canada.

What Are Thieves Looking For?

According to John, someone trying to steal your identity only needs one thing – information. They explained this information can come in many different shapes and forms, including:

Personal Identification

  • Social Insurance Number
  • Passport
  • Driver’s License
  • Health Card

Financial Information

  • Bank statement
  • Credit card statement
  • Tax information

Other Personal Information

  • Vehicle Registration
  • Utility Bills
  • Insurance Documents
  • Prescription receipts and medication bottles

This list is by no means exhaustive. Some of these pieces on their own may not give a thief enough data to steal your identity, but identity thieves will go to great lengths to piece together the components of a new identity that they can use for fraudulent purposes. “Identity thieves will troll social media accounts, try to access your email, and engage in phishing schemes,” says John.

And of course, identity thieves are known for lurking online, using malware (spyware and other viruses) to help themselves to your online passwords and track your activity.

“Identity thieves have stepped up their efforts to get our information,” says John. “This means we have to step up our game when it comes to protecting ourselves”

Protecting Yourself Offline:

Keep documents “safe”: John suggests keeping all physical files stored safely in a secure location. This includes personal identification like passports and SIN cards, lease information, ownership certificates, insurance documents and tax documents. He points out that if you have a safe in your home, it’s probably the best place to keep those documents as they’ll be protected from fire, flooding, and prying eyes.

Beware of “social engineers”: This technique involves someone calling (or sometimes emailing) and asking for sensitive personal information while pretending to represent a company you do business with. He explained that “if someone contacts you and asks for personal information, it’s okay to say no. You can then contact the company directly yourself to verify the call. Legitimate businesses will never ask for you for personal information, particularly account numbers.”

Make caution a habit: It’s not enough to only be wary. John suggests making securing your personal information a part of your routine.

  • Regularly monitor your accounts, credit score and banking statements for suspicious activity. If your accounts have been compromised, it helps to find out sooner rather than later.
  • Get your phone number added to the Do Not Call List to cut down on anonymous calls. If you’re contacted by phone by organizations you don’t know, there are ways to report them.

Stay Cyber Secure Online:

Protect your passwords and security answers: Password management is key to protecting your information online. In the age of social media and excessive online sharing it becomes even easier for identity thieves to crack the code on not only your passwords but answers to your security questions. “Think about what information you’re putting out there, and the implications of it,” says John. “What may seem like a simple photo of you and your friends hanging out could reveal a lot about you – like where you live, where you go to school, or the car you drive.”

Another example: if you were to post on Instagram that today is your 30th birthday, a hacker would then know your birth date, year, and age. If you geotag your photos, hackers will also be able to narrow down your city, if not postal code.

To keep yourself protected, John suggests that for sites that aren’t finance or government related, to provide answers to questions for password recovery that have nothing to do with you. For example, use a friend’s birthdate instead of your own.

Most importantly make sure your passwords contain various letters, characters, and numbers. And to make your life easier, since we all have what seems like countless passwords to remember, John suggests using secure software to manage your passwords such as a Password Manager that stores them for you. That way, you’ll just need to remember one complex and hard-to-guess password instead of ten.

Don’t leave your devices unattended: If you have to leave your laptop, phone or tablet unattended, make sure the device is locked. This also goes for any flash drives or external drives that may contain sensitive information.

Beware of attachments: Attachments can contain harmful malware that can track your activity online for all the wrong people. If you’re suspicious of an email or its sender, don’t open the attachment. If the email is from someone you know, but the title or message has poor grammar, obvious spelling mistakes or is about a subject you don’t discuss, check to make sure your contact sent the email. The same applies to emails with suspicious looking URLs. When in doubt, don’t click.

Watch where you browse: When you’re going to do any banking or shopping online, make sure you’re doing it on a device you trust, and on a secure network. Public computers, networks or public Wi-Fi connections can expose your information.

Don’t hook up with strange hardware: Be careful about what you decide to plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.

Do you have questions or any tips about keeping your information safe? We’d love to hear about them in the comments!

For more tips and tricks visit www.getcybersafe.gc.ca/en/cyber-security-awareness-month.

This information and the opinions expressed in this blog are based on research and interviews with the authorities identified, conducted on behalf of Allstate Canada. They have been provided for your convenience only and should not be construed as providing legal or insurance advice.