Until he got the call, Isaac didn’t think much about identity theft. The married Toronto father of two keeps on top of his family’s finances and expenses, doesn’t carry credit card debt, and uses strong passwords for his online accounts.
But in May, the fraud prevention unit at one of the Big Five banks phoned him about a suspicious application. Someone tried to open a bank account using Isaac’s Social Insurance Number (SIN), name, and address—and they were moving quickly. Within the span of a few days, the fraudster opened a PayPal account, racked up six credit inquiries, and opened at least two store credit cards in Isaac’s name. The flurry of credit applications also knocked nearly 200 points off his credit score.
“The Home Depot account was a $10,000 credit card, and they quickly upped the limit to $25,000,” says Isaac, who asked that his last name not be used. “There was another one they opened up with Peoples Jewellers, and that was another $15,000.”
Identity theft is a pressing issue thanks to a spate of high-profile data breaches, including the recent Equifax cyberattack that exposed the personal information of 143 million Americans and 100,000 Canadians, including names, addresses, SINs, and in some cases, credit card numbers. From large-scale data breaches to everyday mail theft, phishing, skimming, and telephone scams, identity theft is ever-evolving, ongoing threat.
The best defence is awareness, says Kelly Keehn, personal finance expert and author of Protecting You and Your Money: A Guide to Avoiding Identity Theft and Fraud.
“Hacking used to be a joke, it was this idea of a kid in their parents’ basement seeing what they could do,” she says. “Now, it’s 100% criminal. They have very complex algorithms, grabbing new information as it’s breached, or as it’s given freely.”
Of course, attacks like the Equifax breach aren’t the fault of the consumer. But when it comes to sharing even the most basic details about yourself with companies and on social media, cyber security expert Tom Keenan has a motto: “Be info-stingy.”
The University of Calgary professor says he has about 20 different “birthdays” and uses H0H 0H0 as his postal code when asked by store clerks.
If that seems like overkill, Keenan, the author of Technocreep: The Surrender of Privacy and the Capitalization of Intimacy, has a trove of examples illustrating how easily valuable personal information falls through the cracks. Hook up your phone to Bluetooth in a rental car, and your information isn’t automatically erased. Think your online presence is tight? Check your teenage children—their social media profiles might reveal more about you (and themselves) than you realize.
“I know somebody who gave his 16-year-old daughter a credit card, and she took a picture of it and put it up on Facebook,” Keenan says.
Experts such as Keenan and Keehn recommend having a second personal email address for subscriptions, newsletters, and giving out to stores. Your primary email—the one with bills, shopping log-in info, and other personal information—should be kept to your chest. Keep your wallet light in case of loss or theft, locking up your SIN card, birth certificate, passport, and any credit cards you don’t use regularly—the same goes for any of your children’s documents.
In Isaac’s case, the identity thief was old-school: He stole mail from Isaac and his neighbours, obtaining his name and SIN from a tax-related document. The crook set up mail forwarding using fake identification in an attempt to divert the ill-gotten credit cards, but once Isaac found out he quickly flagged the fraud to Canada Post.
Isaac immediately filed reports with the RCMP and local police, a crucial step in proving to the credit bureaus, banks, and credit card companies that a crime was committed so the fraudulent charges can be reversed. He then contacted both Equifax and TransUnion to let them know his identity was stolen.
Isaac estimates he spent about 15 hours over the course of a week—almost two full working days—untangling the mess. His advice: Stay calm, and be patient. It will take multiple phone calls and follow-ups where you have to repeat your story and verify information.
You might have heard about credit freezing in the wake of the Equifax breach, but that’s only available in the U.S. Canadians can sign up for credit file monitoring and fraud alerts with both TransUnion and Equifax (yes, ironic). For the 100,000 Canadians affected by the hack, Equifax is offering 12 months of free credit monitoring and identity theft protection.
Everyone should check their credit report and credit score at least once a year (Canadians are entitled to one free credit report from each of the bureaus annually). But given how quickly identity thieves work, checking monthly with a credit monitoring subscription isn’t a bad idea. You should also regularly review your credit card and bank statements.
Isaac realizes he’s lucky: The fraud was detected quickly, he didn’t lose any money, and his credit score has since been restored. Some people face years of financial ruin. He and his neighbours installed locking mailboxes, and he’s signed up to file his taxes online. He also signed up for credit monitoring and attached a fraud alert to his SIN with both credit bureaus. If someone tries to apply for credit in his name again, he’ll get a call on his cell phone.
“The fraud alert on my SIN is valid for six years. I already have a calendar reminder six years from now to renew it,” he says. “I will keep this level of vigilance for a long time.”
If you want to protect yourself from identity theft or think you’re a victim, here are some resources:
- Canadian Anti-Fraud Centre
- RCMP Identity Theft and Identity Fraud Victim Assistance Guide
- Equifax Canada: Cybersecurity Incident and Important Information
- TransUnion: Fraud Victims Resources