What Is Identity Theft?

Highlights:

  • Identity theft occurs when someone steals your personal information for fraudulent purposes

  • Identity thieves may open new credit card accounts or bank accounts in your name

  • An identity thief can even steal your tax refunds or commit crimes in your name

Identity theft is committed when someone steals your personal information — such as your name, Social Insurance Number, and date of birth — typically to hijack your credit and use it for fraudulent purposes, such as opening up new credit accounts, taking out loans in your name, or accessing your bank or retirement accounts. An identity thief can even use your personal information to steal your tax refunds or commit crimes in your name.

Once an identity thief has access to your personal information, he or she could also:

  • Open new credit card accounts with your name, Social Insurance Number, and date of birth. When the thief charges to the credit cards and leaves the bills unpaid, the delinquency will be reported to your credit report and could impact your credit score;

  • Open a bank account in your name and write bad cheques on the account;

  • Create counterfeit cheques or debit cards and use them to drain your existing bank accounts;

  • File for bankruptcy under your name to avoid paying debts;

  • Set up a phone, wireless, or other utility service in your name.

How Does Identity Theft Happen?

Highlights:

  • Identity thieves can steal wallets or purses or dig through mail

  • They can use ATM “skimmers” to get card numbers

  • They may use “phishing” emails designed to steal sensitive information

Identity thieves have gotten more sophisticated in their methods. The following includes some of the ways identity theft may occur:

  • Steal wallets or purses in order to obtain identification, credit, and bank cards;

  • Dig through mail and trash in search of bank and credit card statements, pre-approved credit card offers, tax information, and other documents that may contain personal details;

  • Fill out change-of-address forms to forward mail, which generally contains personal and financial information;

  • Buy personal information from an inside, third-party source, such as a company employee who has access to applications for credit;

  • Obtain personnel records from a victim’s place of employment;

  • “Skim” information from an ATM — this is done through an electronic device, which is attached to the ATM, that can steal the information stored on a credit or debit card’s magnetic strip;

  • Swipe personal information that has been shared on unsecured websites or public Wi‑Fi;

  • Steal electronic records through a data breach;

  • “Phish” for electronic information with phony emails, text messages, and websites that are solely designed to steal sensitive information; or

  • Pose as a home buyer during open houses in order to gain access to sensitive information casually stored in unlocked drawers.

How Can I Help Protect Myself from Identity Theft?

Highlights:

  • Be careful what you share on social networks

  • Don’t give out personal information through the mail, by phone, or online unless you have initiated the contact

  • Check your credit reports regularly to help detect suspicious activity

Unfortunately, no consumer can completely protect themselves from the sophisticated tactics identity thieves use to get their hands on sensitive personal and financial information. That’s why information that helps raise awareness about identity theft is important because being a victim of identity theft can be financially and emotionally devastating.

Here are some steps you should consider taking to help in your fight to protect your identity:

Don’t overshare. Tech-savvy thieves can quickly gather what you share on social networks (your home or email address; children’s names; birth date and so on) to use for scams, phishing, and account theft.

Fight ‘phishing’ – don’t take the bait. Never give out personal information over the phone, through the mail, or over the Internet unless you have initiated the contact.

Check your credit report and report problems immediately. You should review your credit report at least once per year. Consider signing up for ongoing monitoring of your credit file for potentially fraudulent activity. Take steps to detect identity theft early, which helps minimize its impact.

Use strong passwords online – You’re giving identity thieves a gift by using an easy password because they open the doors to your personal information. Make passwords more complicated by combining letters, numbers, mixing in special characters, and changing them regularly.

Don’t trust public Wi-Fi - Be aware that your mobile device is vulnerable to viruses and hackers. Only download applications from trusted sources at home on a secure network.

Review your transactions. Check your credit card bills carefully for any unauthorized charges or withdrawals and report them immediately. Call if bills don’t arrive on time. It may mean that someone has changed contact information to hide fraudulent charges.

Safeguard personal information in your home, especially if you are having service work done there, employ outside help, or have a roommate.

Protect your mail. Bring in your mail daily. Forward or re-route your mail if you move, change your mailing address, or are planning to be away.

Shred all documents you are discarding, including pre-approved credit applications received in your name, insurance forms, bank cheques and statements, and other financial information. An identity thief can easily pick through your garbage or recycling.

Types of Identity Theft

Highlights:

  • Fraudsters can use a variety of tactics to swipe your personal information

  • Be wary of unsolicited emails, text messages, telephone calls, or mail asking for personal information

  • It's a good idea to regularly check your bank and credit card statements as well as credit reports

Whether it’s the use of a stolen credit card or a hijacked Social Insurance number, odds are you or someone you know has been affected by fraud or identity theft.

Simply put, fraud is the unauthorized access of your personal information, which may be used for the fraudster’s financial benefit. Identity theft is a type of fraud involving the theft of your information, which is then used to open accounts in your name or file a tax return (and collect your refund).

So what are the most common types of identity theft or fraud? How can you better protect yourself against being a victim? And what are some ways you can detect fraud? Here are some common types of fraud and identity theft defined, and some actions you might consider to combat them:

Financial fraud and financial identity theft

Financial fraud occurs when someone uses another person's information for financial gain. For instance, a fraudster may use your bank account or credit card numbers to steal money or make purchases. In financial identity theft, your information is used to open a new financial account or receive government benefits in your name.

Your personal information can be stolen in a variety of ways, including phishing, in which scammers send you messages appearing to be from your financial institution, credit card company, or other company you do business with. These messages may tell you there’s a problem with your account or payment information, or that some suspicious activity has taken place, such as login attempts. The goal of phishing is to get you to take the bait, whether that’s logging into your account directly from the message (giving hackers access to your password), clickIing on a link, or opening an attachment.

These links or attachments may also contain malware or malicious software. Those may include computer viruses, which can infect your files, or spyware, which can collect information and data without your knowledge. That information can then be used by fraudsters.

Synthetic identity theft

In synthetic identity theft, fraudsters create fake identities using fake or real information, or a combination of the two. For instance, an identity thief might use a real SIN along with a name that’s not associated with that number. Personal information of children or deceased people may often be used for synthetic identity theft since that information is not monitored as often.

Tax identity theft

This type of identity theft involves fraudsters getting access to your personal information, which is then used to file a tax return and get a refund – your refund – or GST/HST rebates or refunds.

Keep any access codes, user IDs, passwords, and personal identification numbers (PINs) secret. The CRA also recommends choosing your tax preparer carefully.

Child identity theft

Most children under 18 don’t have credit reports, so it’s possible for a fraudster to open credit accounts in their name undetected. Some child identity theft victims may not discover the fraud until they get older and apply for credit, and find out their credit reports show accounts have been opened in their name (and not paid).

You can send Equifax Canada a letter asking us to confirm whether your child has a credit report. Please include a photocopy of the child's birth certificate and photocopies of two pieces of your identification (driver's license, passport, or other government-issued ID).

If your child has a credit report with fraudulent accounts open, here are some steps you can take:

  • Contact your local law enforcement and get a police report.

  • Report the fraud to the Canadian Anti-Fraud Centre.

  • Contact the fraud departments of companies where accounts were opened in your child's name. Ask them to close the account and send you a letter of confirmation. You may need to provide documents verifying your identity along with your child's.

  • Contact both nationwide credit bureaus to alert them to the fraudulent activity.

Senior identity theft

Senior citizens may be particularly vulnerable to identity theft and other types of fraud because they may be more trusting and less able to recognize a scam. The types of fraud they may face are the same as anyone else: financial fraud and tax identity theft, for instance.

Estate identity theft

This occurs when a fraudster uses the personal information of a deceased person to steal money or open accounts.

Criminal identity theft

All identity theft and fraud are criminal, but this particular type means someone who is arrested provides your information to law enforcement -- pretending to be you. You wouldn’t be able to detect this until consequences arise – a speeding ticket goes unpaid, for instance, and a judge issues a bench warrant for your arrest.

What you can do

With any type of fraud or identity theft, a key to minimizing damage is early detection. Here are some steps you can take that may minimize the risk of identity theft:

  • Check your bills, accounts, and statements regularly. Some criminals may start by making small debit or credit card charges in hopes you won't notice. If you see a charge you don't recognize, contact your bank or financial institution.

  • Check your credit reports from both nationwide credit bureaus regularly. See how to get a free copy of your Equifax credit report.

  • Consider limiting the amount of personal information you share on social media (such as your birthdate).

  • Be wary of any unsolicited emails, text messages, telephone calls, or mail asking for personal information. Be cautious if you are asked to provide personal information such as your SIN or date of birth over the phone, and don't provide personal information over email or on the Internet.

  • Educate the senior citizens you know on how to recognize and respond to potentially fraudulent emails, text messages, telephone calls, or mail asking for payment or personal information.

  • After a relative's death, make sure the nationwide credit bureaus place a "death notice" on his or her credit reports.

In addition, you could consider placing an Identity Alert or Fraud Warning on your Equifax credit report (and encourage the senior citizens you know to do so as well). These tools can make it harder for someone to open an account in your name. With an Identity Alert, you can add a personal statement and phone number. If you live in Manitoba or Ontario and are applying for credit, this alert requires lenders and creditors to call you and verify your identity before extending credit. If you live elsewhere in Canada and are applying for credit, lenders and creditors are encouraged (but not legally required) to call you before extending credit.

A Fraud Warning is only available to confirmed victims of fraud, including identity theft. This special statement added to your credit reports will also include a phone number to encourage (but not legally require) lenders to call you before extending credit.

4 Things to Do if Your Credit or Debit Card is Lost

Highlights:

  • If you can't find your credit or debit card, notify the card issuer as soon as possible

  • Remember to update any recurring payments if your card is replaced

  • Check your future statements and your credit reports for any activity you don't recognize

If you've misplaced your credit or debit card, you may be worried about the possibility of fraudulent charges. Here are four things you can do immediately:

1. Notify the card issuer  

One of the first things you should do is contact the card issuer – the bank or financial institution that issued your credit or debit card -- about the situation. Be sure to note the date and time you noticed the card was missing.

If you don’t have the company’s phone number, you can find it on your billing statement or online.

2. If possible, lock or temporarily disable your lost credit card  

A growing number of credit and debit card issuers are introducing features that allow users to lock credit card access. This will give you time to keep looking if you aren’t quite sure whether you have a lost credit card or simply a misplaced one. Call your bank or financial institution to learn your options to pause or lock a credit card.

If you're sure the card is gone, or if you don't have the option to lock or temporarily disable it, the card issuer will cancel your old card and issue you a new one. It may take a few days for your new card to arrive by mail. If you need it sooner, some companies may be able to expedite the delivery. In the cases where your bank has physical locations, you may be able to get a replacement or a temporary card right away by visiting your nearest branch. Make sure to go over your recent card transactions with a customer service representative.

3. Think about recurring transactions

If you’ve replaced your credit or debit card, be sure to contact businesses you have recurring transactions with to avoid missing any payments. Some recurring payments may still be honored on the lost credit card even if it is replaced, but it’s always worth checking with your bank or financial institution to make sure.  

4. Check your future statements and your credit reports

For the next few months, closely examine your billing statements for any unauthorized purchases. If you find any, report those to your card issuer.

You might also want to consider checking your credit reports for any activity you don’t recognize, such as new accounts that are not yours. If anything suspicious comes up, you can contact the lender or creditor to straighten out the matter or contact the two nationwide credit bureaus to dispute the information. Visit our dispute site to file a dispute with Equifax.

Finally, it’s important to know that you have rights. Canadian law limits your maximum liability to $50 when an unauthorized transaction is made with your lost credit card.

For debit cards, the maximum amount of your liability usually can’t be more than your debit card transaction withdrawal limits or the amount you have in your bank account. In some situations, you may be liable for more than the amount in your bank account if your account has a line of credit or overdraft protection, or if your account is linked with another account. Your debit card issuer can let you know its policy concerning debit cards.

Shopping Online? Help Keep Your Identity and Financial Information Safe

Highlights:

  • Shopping online may raise your risk of being targeted by hackers and fraudsters

  • Be wary of emails, text messages, and pop-up ads

  • Don't share unnecessary personal data on shopping sites

There's no denying it can be more convenient to shop from home (or anywhere with WiFi), as opposed to battling traffic and crowded stores. But shopping online may also raise your risk of being targeted by hackers and fraudsters out to swipe your personal or financial information.

There are some steps you can take to help protect your information from falling into the wrong hands, however. Here are some safe online shopping suggestions to keep in mind:

Be careful where you shop. Make sure shopping sites have “https://” in the URL. Web addresses with https:// and the lock icon indicate extra measures were taken to help secure your information.

Think before you click. If you get what looks like a great deal via email or text message, take a minute before you click on a link or open an attachment. The message could be a phishing attempt with the goal of tricking you into clicking a link or attachment that could provide scammers access to your information or download malware on your computer.

On a computer, you can hover over the link to see where it will take you. And whether it’s an email or a text message, double-check the email address or phone number the message came from. Is it someone you know, or from a business you are familiar with? Even if the answer is yes, you might want to confirm the message is legitimate before clicking on a link or attachment.

Don’t trust pop-up ads. Install an ad blocker on your browser to help guard against phishing scams that might lure you into clicking on a bogus ad.

If you find yourself on a shopping site you aren’t familiar with, it’s worth checking the retailer’s online reviews. You might also want to see if the company is accredited by the Better Business Bureau -- an organization that is "dedicated to fostering honest and responsive relationships between businesses and consumers," according to its website.

Steer clear if a site is poorly designed, has broken links, or doesn’t provide a way to contact the company. If a site asks for your Social Insurance number, that may be a red flag for online fraud.

Don’t share unnecessary personal data, such as your birthday. You might be missing out on a retailer’s birthday offer, but if hackers gain access to this data, they’ll have personal information about you that could potentially be used to impersonate you online.

Use credit cards instead of debit cards. By law, your maximum liability in the case of fraud can’t be more than $50, if you report the fraud immediately to the card issuer and have taken reasonable steps to help safeguard your account information. In addition, credit cards aren’t linked to your bank account like debit cards. If your debit card falls into the wrong hands, a fraudster could access your account.

While you’re making your purchase, don’t save your payment information on the website. If the site is compromised by online hackers or fraud, they could get access to this information.

Update your antivirus software before you shop. This can reduce your risk of infection from malware or viruses.  

Check your network. If you’re using a private WiFi network, make sure that it’s only accessible using a strong password. If you have to use a public network, you may want to access the web using a virtual private network (VPN) connection, which helps you securely browse the Internet. There are free VPN services available. You may also want to avoid activities like banking or online purchases on public WiFi. Remember, just because a network requires a password doesn't mean it's secure.

Avoid using the same password across shopping websites – if one website is compromised, all your accounts using that password could be accessed.

And lastly, keep an eye on your credit reports and banking account statements for possible fraudulent activity in the months to come. If anything looks suspicious, you can contact the lender or creditor and your financial institutions. Regularly checking your credit reports can help spot any activity you don’t recognize, which may be a sign of potential identity theft.

5 Traveling Habits that Can Put You at Risk of Identity Theft

Highlights:

  • Carrying unnecessary documents can put you at risk if they are lost or stolen

  • If you connect to public WiFi, hackers may be able to access sensitive information on your devices

  • Leaving important items and devices in your hotel room may raise your risk of theft

Whether you decide to vacation in Canada or abroad, there are certain habits that may put you at risk of identity theft.

Before you disconnect, consider the following:

  1. Posting status updates about your trip

    Your smartphone or tablet might help you document every minute of your vacation, but status updates, check-ins, and alerting friends and family to upcoming plans on social media networks may let identity thieves know where you are.

    If an identity thief has your information, he or she may seize the opportunity to use it while you are on vacation. Experts recommend waiting until you return home to post your photos.

  2. Traveling with unnecessary documents

    Carrying unnecessary documents, such as your Social Insurance card, could put you at serious risk if any of them are lost or stolen. Leave your checkbook, library card, and other cards that display your name and address at home.

    For those documents that you must bring, such as your passport, take extra precautions to keep them safe. Passports now contain an electronic chip using technology known as RFID (Radio Frequency Identification), so if you leave the passport in its original sleeve, some thieves can steal your information just by walking past you. Experts say that’s unlikely – a person would have to have an RFID scanner and would have to be within 10 cm away from you – but it is possible.

    Use an RFID-blocking passport cover as a “simple and effective method” of reducing your risk. RFID-blocking wallets are also available.

  3. Allowing mail to pile up at home

    If you announce on social media your traveling plans and then let the mail pile up, you make it easy for identity thieves to know your house is unoccupied and an easier target for breaking into.

    You should have the Canada Post and news outlets hold your mail until you can collect it. This will help prevent your house from looking empty and stop thieves from stealing mail that contains sensitive information. Or ask a friend or neighbor to retrieve your mail.

  4. Using public WiFi to send information over unsecured networks

    If you are traveling in a region that’s not covered by your mobile plan, it’s tempting to use public WiFi. Public WiFi is a risky option because the networks are not typically secured. It’s not difficult for hackers to hijack your documents or email attachments.

    If you need to use public WiFi, only send information to encrypted sites and avoid mobile banking. Consider purchasing a one-time, personal VPN service, which allows you to access public WiFi through a private browser. If you use public WiFi frequently, it may be worth your money to purchase a subscription VPN. These services can be purchased online, but do some research and make sure the company is reputable.

  5. Leaving sensitive information in your hotel room

    Travelers may think their property is safe in the hotel room, but leaving sensitive information lying around in your room may put you at higher risk for theft. You should always lock up important documents, laptops, as well as any valuables in the hotel safe.

    Identity thieves may also impersonate hotel staff in order to obtain your information. Never give out your account information over the hotel phone, even if the caller claims to be from the front desk.