January 28 was Data Privacy Day across North America and Europe; but every day is a good day to think about protecting your personal and private information. Today’s digital world means scammers and thieves have an almost unlimited virtual world to work with, and tech-savvy crooks know how to obtain your personal data.
“So many of today’s scams involve the online world, so it’s becoming more and more important to understand the pitfalls and protect yourself,” says Evan Kelly, senior communications advisor for the Better Business Bureau serving mainland B.C. “There are 156 million spam emails sent out every day around the world. At best they’re farming for data, going through your Facebook and email accounts for addresses to add to sales lists, which are sold to different firms; at worst they’re installing malware or ransomware on your computer.”
Many of these scammers target seniors, who are using social media in ever-increasing numbers. “In 2005, about two per cent of seniors said they used social media,” says Kelly. “In 2016 it had climbed to 40 per cent.”
Identity fraud is big business. Kelly says that Canadians reported that they lost $11 million to ID theft and fraud in 2016; but since most victims of scams do not report the incident, he notes that figure is probably only about five per cent of what was actually taken.
All that scammers need to get started with identity theft or fraud is a social insurance number, which they can then use to open a bank account in your name. Kelly advises people not to carry their SIN cards with them, as very few places need the number. If anyone does ask for it, he urges people to ask plenty of questions as to who has access to it, what it will be used for, and how it will be stored.
Kelly also advises to change their passwords for online accounts regularly, and to make them difficult; use a combination of letters (upper and lower case) and numbers. Resist the urge to use something easy to guess, such as your phone number, date of birth, or anything generic such as “1234”. A password management application is a useful tool, he notes. “You create one password for the manager, then it changes your password automatically every time you go to a different site.”
Many stores now ask customers for their emails address, usually because they want to be able to inform you about sales. However, stores can also legally sell their database of addresses to another firm. Kelly says it is not compulsory to give your email address when asked for it.
Businesses are a good source for data theft, notes Kelly. “They have a lot of data, and it’s very easy for someone to break a window and steal a laptop.” Companies should lock up laptops when they are not in use, and ensure that employees keep them secure when they are taken away from the workplace. It is also important that staff be trained about online threats, business scams, and protecting the business’s data.
Consumers should check their credit card and banking statements closely, to make sure all the transactions are legitimate. Some scammers have found a way to obtain information from the point of sale terminals in stores and businesses by inserting a thin shim of plastic that contains a microchip into the opening where a credit or debit card is placed. The plastic is thin enough that the card can still be inserted, and the chip captures the card number and PIN.
In some cases, says Kelly, an entire POS terminal is replaced when the clerk is not looking, with the replacement capturing customer information. Scammers then return and retrieve the bogus terminal, or the plastic shim, and obtain card numbers, which they can use or sell.
Other tips for consumers include being wary of unsolicited emails that ask for information such as passwords, social insurance numbers, date of birth, or a driver’s licence number; limiting the amount of personal information you put on social media; updating your computer’s security software on a regular basis; and not clicking on pop-up ads or dubious links online or in emails.