True story: I recently got a phone call telling me that my social insurance number had been compromised. The call didn’t come from a scammer. It came from my reputable financial advisor, whom I’ve known for decades and who only invests in boring funds like low-risk RRSPs and RESPs.
It’s not like I’d sent money to a long lost relative overseas or fallen prey to some crazy romantic “relationship” that required e-transfers to keep the spark alive. Nope, my yellowing, brittle SIN card, the same one I’ve had since I was a baby, was compromised through an unexpected data breach experienced by a huge financial institution with an excellent reputation for security. Dang.
I admit I’ve rolled my eyes reading more than one story online about how someone handed over tens of thousands of dollars, seemingly unwittingly, to a scam that should have been obvious from miles away. But I know it happens – we all have moments when we aren’t thinking clearly or we simply want to believe the best about people. Still, I figured that my own strong skepticism would be enough to protect me from having my identity stolen. I was wrong.
The thing is, we aren’t getting dumber. Scammers are getting smarter and they’re attacking in ever-changing ways that make it hard for most of us to stay ahead of the game. In this case, I had every reason to believe that my financial and personal information was secure, or at least, secure enough. Now, I’m signed up for identity theft monitoring, presumably for the rest of my life, since I have no intention of giving up my vintage SIN card (even if I were able to).
Although my experience has taught me that being vigilant isn’t always enough, it was still a wake-up call that I need to be more careful than ever about how I engage online and with whom I share personal information. These 10 tips are a useful starting point to keep you on the straight and narrow, so that hopefully you won’t ever end up in the same position I’m in. Here’s how to be proactive about preventing identity theft:
1. Strengthen your passwords. “Ihatepasswords” just isn’t going to cut it anymore. Make sure you always use unique and complex passwords for all online accounts. Combine letters, numbers, and symbols, and avoid easily guessable information like your name or birthdate. If you’re not good at remembering them all (and who is?) use a password manager to securely store and generate strong passwords.
2. Enable two-factor authentication (2FA). This adds an extra layer of security by requiring a second verification step, like a code that’s sent to your mobile device, in addition to your password.
3. Be cautious with personal information. Only share with trusted entities. If you’re asked for personal information, make sure it’s absolutely necessary and that you trust the receiver of the information to keep it secure. Even the most reliable institutions could experience a breach, but it’s still best to be cautious about phishing emails, texts, or calls that try to trick you into revealing personal data unnecessarily.
4. Secure your devices. Passwords aren’t just for desktops anymore. Every mobile device should have a strong PIN or passcode to lock it. Biometric authentication like fingerprints or facial recognition may be another option if it’s available. Stay on top of software security updates on every device.
5. Protect your SIN. Ok, this one’s tough, since it’s where we started this article. However, if it’s not absolutely required, never offer your social insurance number. It should be reserved for after you’ve been hired, when you submit tax information, if you’re opening accounts at a bank, and to access government programs and benefits. Read more about how to protect your SIN here.
6. Monitor your financial statements. Regularly review your bank and credit card statements for any unauthorized transactions. If you notice any suspicious activity, report it to your financial institution immediately.
7. Secure your internet connection. Use secure and encrypted wifi networks, especially when handling sensitive information or conducting financial transactions. Avoid accessing personal accounts on public or unsecured networks.
8. Shred sensitive documents. Don’t just throw them out – shred financial statements, medical records, and any other documents containing sensitive details. This prevents dumpster diving and unauthorized access to your personal information.
9. Be wary of identity theft alert scams. They’re getting sneaky, and scammers may use fraudulent identity theft alerts to trick you into revealing personal information. Instead of clicking on links or calling the provided numbers, independently verify the source by contacting the organization directly using their official contact information.
10. Regularly check your credit reports. Whether you’ve been forced into it (like I have) or are using them preventively, obtaining annual credit reports from major credit bureaus can help you catch any suspicious activity or inaccuracies early. This is an increasingly necessary way to detect signs of identity theft.
Obviously, you may find yourself exposed to more risk that you want, even if you follow all these tips, but being proactive about protecting your personal information is crucial to avoid being impacted by fraud.
Ask your accountant how you can continue to protect your identity and keep your financial and other personal information secure. Being money smart in this day and age is a whole new ballgame, and it’ll pay off to be vigilant.
