When your identity is stolen, you lose some things, but gain others.
You could lose all the cash in your bank account, or the title to your home.
But you might gain a criminal record, or a lien on your home mortgage.
Identity theft information is contained on three pages:
The information was written with computers in mind, but these warnings also apply to smart phones and tablets.
Identity theft is obtaining information about you that will enable someone else to impersonate you, allowing them to use your identity rather than their own.
While the thief obtains financial or other rewards, you are left with the financial loss or debt and may face criminal charges for crimes done using your ID.
Unfortunately, it is much easier to obtain credit online than it is to prove that it wasn't you that made the application.
Identity theft is a rapidly growing crime.
Online crime is more lucrative than traditional crime.
By ignoring security protocols and failing to learn about cybersecurity, people place themselves and their money at risk.
Test your knowledge about cybersecurity. It could help prevent identity theft from making you a victim.
Take the cybersecurity knowledge test to see how much you understand about online security and the terminology involved.
Once you've evaluated how well you understand the issue, read the information on this page to help you understand Cyber scams and how to avoid becoming a victim.
Obtaining personal information is much easier than it used to be.
At one time you had to go to your bank, speak to a real person who would then compare your signature with a physical signature card stored at the bank to ensure that you were who you said you were before releasing funds or a providing a new credit card.
These days credit card applications appear unsolicited in your mailbox and are easily obtained online.
The convenience ends when there is a problem and the bank demands paper documents to prove your innocence.
For online transactions, passwords have replaced a signature (or the wax seal that kings once used) with a password.
Many people really don't understand this form of electronic verification and view it as something that is imposed upon them rather than something that protects them.
[R]ecent Verizon research shows…unsecure passwords are the cause of over 80% of all data breaches at companies.
Unfortunately, many don't take their passwords seriously.
Afraid they'll forget a password, they make it simple and use variations of the same password for every account they create.
The reality is that the majority, 91%, recognize that using the same or similar passwords for multiple logins is a security risk, yet 58% do it anyway. These people mostly or always use the same password or variation of the same password.
— LastPass Blog
Once hackers have one password, they can use it to hack into other services, just like a Twitter hack that exposed users data because an administrative assistant reused passwords:
A hacker found a personal e-mail account for the administrative assistant previously mentioned.
[T]he hacker researched social networking sites to find the answer to the "secret question" required to reset the account's password.
In going through the e-mails in the account, the hacker apparently found the password used by the administrative assistant on other sites, and correctly assumed that person used that password on their Twitter corporate account at Google Apps.
— Ira Winkler
Think of your passwords as a series of unsecured, pre-signed blank cheques. The only dollar limit is the size of your bank account.
A good password manager not only helps to provide unique and strong passwords for every site, but also can protect you by warning you when the site address doesn't match the address recorded for the site.
Unfortunately, password managers don't work on the CRA website because of very unusual and unnecessarily complicated login procedures. The CRA's suggestion? Manually enter the password!
Be careful NOT to post the sorts of information on social media typically used for the “forgot my password” recovery.
We found that 51% of people believe there is no way a hacker could guess one of their passwords from information they've shared on social media.
But we know hackers aren't dumb — if you're being targeted and don't have a strong password guarding your account, it would take a hacker seconds to do a search on your social media profile, learn the name of your pet, family member — even learn when your anniversary is — and use that info to guess your password.
Don't make it that easy for them — try to be a bit discreet on social media.
— LastPass Blog
You probably check the doors and windows in your house before going to bed at night.
You need to secure your computer and software with the same diligence.
Online security is inconvenient but so are seat belts, door locks and insurance.
Choose a good security suite then learn how to use it to protect your computer and your privacy.
Most of the victims of identity theft are using technology they don't understand.
The politicians making the laws that are supposed to protect you seldom understand the effects those laws will have on privacy. They obtain most of their advice from the very companies that are exploiting consumers on the Internet.
Everyone is collecting information about you and your profile is available for sale to anyone willing to pay.
Do NOT buy into the myth that privacy means you have something to hide.
Companies spouting the “nothing to hide” line claim they're “just collecting metadata”, but will accuse you of hacking if you returned the favour.
[T]here is another reason websites track you — it's because you're worth a lot of money.
Websites record your activity so they can sell your information to third party advertising platforms, essentially delivering ads that they hope are relevant to you.
— Check Point blog
With your email address, they can send their advertising right to your inbox.
The more you reveal, the easier it is to target you. If they know your marital status and how many children you have, they can identify potential markets.
Loyalty cards can provide you with free merchandise and more, but they give a huge advantage to retailers as well by allowing them to track your purchases.
Retailers like Home Depot ask if you'd like an email receipt. That's a sneaky way to obtain your email address.
The sorts of items you buy, particularly the precise combination of items, can tell a lot about you.
Target determined that a teen customer was pregnant before they or their family knew — based simply upon tracking product purchases.
Do not post or release personal information over the phone. Never reveal the following sorts of information to an unverified caller:
Be careful about revealing billing addresses and employment information as well.
The successful completion of many credit card transactions may require that your shipping address match the credit card's billing address.
This information is not necessary for most other transactions.
Most people would be leery of any request to fingerprint them yet millions have ordered personal DNA tests without considering the potential privacy issues.
Tracking your genealogy has become very popular. Sites like Ancestry and 23andMe offer kits to take your DNA and use it to tell you more about your family history.
This has never happened before. It hasn't happened with fingerprints, it hasn't happened with DNA. Until now there's been a line, that unless you commit a crime we don't record the facts of your body.
— Alvaro Bedoya
There is nothing more personal than your DNA.
Unlike your credit card number or your bank account password, if your genetic information is stolen or simply given away without your consent by a company that possesses it, it can't be changed.
— Consumer Reports
But these sites aren't as private or innocuous as they'd have you believe.
When you're consenting [to the terms and conditions], you're not only consenting to [use of] your own DNA, but you're in effect consenting on behalf of everybody you're related to. Our laws of consent are not really designed for something like this.
— B.C.'s Privacy Commissioner
In fact, they sell your DNA data to third parties and often retain more rights to your DNA than you do after you agree to their contract.
But the DNA and genetic data that Ancestry.com collects may be used against “you or a genetic relative.” According to its privacy policies, Ancestry.com takes ownership of your DNA forever. Your ownership of your DNA, on the other hand, is limited in years.
— Joel Winston
In an internal memo, Pentagon leadership has urged military personnel not to take mail-in DNA tests, warning that they create security risks, are unreliable and could negatively affect service members' careers. [S]ervice members were encouraged to get genetic informationfrom a licensed professional rather than a consumer product.— New York Times
People sometimes post things on Facebook or other social media (or reveal them to strangers over the phone) without thinking about the consequences.
Facebook and Google knows more about you than your family and friends do. They never forget.
Information that allows you to recover a lost password should be something you remember, but strangers can't know. That security is lost if you post it on Facebook.
These personal facts are commonly posted by people:
Unfortunately, these answer the commonly-used questions that password-recovery options employ.
Most accounts are compromised by using the password recovery mechanism which invariably requires the correct response to the very personal questions people post on social media.
Sure, you will remember the answers (the reason companies use them), but so will everyone that views your posts. (Hint: it isn't just your friends and family.)
These questions are too easy to research or bring up in casual conversation.
Cloud computing (as “in the cloud”) is becoming more important as we use smart phones, tablets and other portable devices to conduct business on the go.
While it may free you to access your information anywhere at any time, it also provides the same access to ANYONE in the world with an Internet connection. All they need is your email address and password.
Legislation is pending in some locations (including in the US and possibly Canada) to ban consumer encryption or to ensure that back doors for police access are added. This is very short-sighted.
Yes, encryption is used by criminals. So are locks, fences, roads, public utilities, telephone systems, etc. Should we remove everyone's access to those resources as well?
It would be better to close more zero-day loopholes than to hope that criminals and foreign governments don't use them to defeat our security protections.
Much of the Internet is broken, a result of greed and exploitation at the expense of those who simply want information and entertainment but don't consider the risks of their behaviour.
It is recommended that you examine your security practices closely to see if they are up to protecting your online identity and privacy.
Anyone telling you otherwise is probably exploiting your ignorance.
Neil expertly and passionately breaks down personal security into small, actionable episodes that my parents could even understand.
[G]reat for reluctant tech users for whom technology is alienating, frustrating, but also necessary.
Your smart phone is a portable computer with access to a great deal of your personal data, not to mention a very common method of multifactor authentication.
That smartphone in your pocket is an identity thief's dream. It has your email, IM, social media, and other apps, potentially logged in and available. It contains personal data galore, including all your contacts.
A thief who has unfettered access to your phone owns your identity, period.
One of the most common methods of attack are to send a phishing email with an infected attachment.
Learn more about safer email practices including how to avoid malicious attachments.
If you have issues with an email you received, whether it is because you're reporting spam or something else, you'll be asked to look at “the headers.”
See finding the headers to learn how to locate these.
HTTPS is a secure protocol used by websites that encrypts traffic between the site's server and your browser.
Few sites use the old HTTP protocol by default (but may load it if you directly request it based upon a link you're following or a bookmarked site).
If you load just the domain name (e.g., domain.com) into your browser's address bar, it should load a secure site if one is available. Be sure to change your bookmarks accordingly.
Learn more about HTTPS how it keeps you safe.
Your choice of web browser can make a difference in your ability to remain safe online.
Whichever browser you choose, the most recent version will usually have improved security features and/or have known security issues patched.
Firefox is a much safer browser to use. As an independent stand-alone product it is less vulnerable to cross-program security issues.
Because it isn't tied to an operating system or a search company, it can focus on its users rather than those controlling the purse strings.
Google Chrome has huge privacy risks, especially if you sign into your Google account while surfing (even if it is only for checking your Gmail).
Google makes their money by exploiting information you provide. Google NEVER forgets.
The widespread use of Chrome also gives Google a huge amount of control over how the Web works.
Internet Explorer is no longer being developed and is not recommended for routine surfing or browsing sites on the Web.
While IE may be convenient, it is so tightly integrated into Windows that any security issue in any Microsoft product puts your entire computer at risk.
Microsoft should have killed it off with the release of Windows 10 and Microsoft Edge.
More information about how to prevent identity theft:
If you have been a victim of identity theft (or suspect you have), contact the police to report identity theft.
If you suspect you've been the victim of identity theft, the sooner you act, the sooner you can begin to resolve the issue.
It will likely be harder to prove identity theft than to execute it.
If you are the victim of identity theft, you can expect to fight to regain your credit rating for years.
Victims report that it takes months or years to regain their credit rating, only to find that a new report forces them to start all over again.
While electronic data can quickly get you into trouble, financial institutions want physical evidence (i.e., paper copies of their official forms) that show you're not responsible.
Think of how hard it is to obtain physical copies of documents generated by someone else.
There are huge personal and financial costs if you become a victim.
The Canadian Anti-Fraud Centre at 1-888-495-8501 can help you through the process.
You should file a report with your local police, your financial institution(s) and with credit reporting agencies.
But there's not much your local police can do for you. For starters, you'd have to show that an actual crime happened, which is much more difficult when it's digital.
When reporting improper use of a credit card to our local police we learned that purchases had been made out of province and mostly without presenting the physical card. How someone could get away with paying off a utility bill for a fixed address with a stolen credit card is confounding.
Check your bills for unauthorized credit cards or charges for goods or services you did not receive (particularly from a foreign country).
In most cases you have to still pay the full bill and notify the credit card company about unauthorized charges within 30 days.
We're calling from MasterCard and VISA.…
Unsolicited automated phone calls about your credit card are usually fraudulent attempts to secure your credit card information.
These calls may attempt to scare you with claims that very large purchases “have been noted on your credit card.” Notice they don't specify the card used.
Never respond to requests to prove your identity or verify your card details. Remember, they called you.
Reporting identity theft or fraudulent transactions on your credit card(s) to the credit reporting agencies helps to prevent further abuse, particularly if someone tries to open new credit in your name.
You are entitled to one free credit report each year which discloses who has made requests for your credit report as well as allowing you to dispute errors.
On this site:
Return to top
Updated: October 7, 2023