Identity Theft: The Vulnerabilities

How to identify a cyberattack and protect your business from hackers

Canadian privacy laws have no jurisdiction outside Canadian borders. Canadian law enforcement face a number of regulations and policies, when it comes to investigating, catching and charging foreign criminals. While some Canadians have lost everything – including their homes – to these criminals, the chances of ever legally recovering these losses are minimal. Identity Theft is where it all starts.

Recycling Boxes?

Canadians routinely recycle old bills for their credit cards, telephone, utilities, etc. Sometimes, they dispose of “pre-approved credit card forms” from major credit card companies in these boxes. The information contained in these letters is exactly what an identity thief is looking for.

Human Interactions

Usually the result of someone being fooled into giving up personal information online or by telephone come from:

  • Online phishing, don’t you love those emails from “Amazon” about a package you never ordered. Don’t Click on the link!
  • General phishing targets the public at large, similar to “spam”.
  • Spear fishing targets a particular individual by using a piece of information that was gathered on them from one source or
  • Telephone scams
    • A bad person, calls up posing as an employee from your bank, gas company or other utility, trying to confirm certain information about
    • Do you need your ducts cleaned? Is your Social Insurance Number doing illegal things? Has the Credit Card security desk called you lately?
Microsoft Canada

Where is Your Identity Published?

With the Internet, thieves no longer need to be near you or your physical assets. They can steal from you from anywhere in the world using tools available online. Unfortunately, you may not have control over what others publish about you; nor will you always know that the information was published at all! This happens often with FaceBook photos or stories where you have been tagged. Suddenly the naughty folks know a great deal about you.

Some examples of where information about you and/or your family members may already be published by online services that include the following:

  • Google, just google your name and you can see what is already out there about you.
  • Facebook, Instagram, Twitter and any social media
  • Actual news media coverage
  • Relatives and Family that publish information about you that you are unaware of
  • Volunteer work, and information that isn’t secured by the group you volunteered for.
  • Interactions with the Media
  • Online directories listing you as a member of a club, community group, association, foundation, etc.
  • Data Breaches, there have been so many of those, the dark web is filled with data from so many web sites.

The months of January and February

This is when identity thieves start breaking into super mailboxes to steal tax documents from employers, banks, brokerage houses, government, etc. This is not something that happens as much these days as many of these are sent electronically. Conversely these same thieves will attempt to hack your email accounts (or worse your CRA accounts).

Card skimming

This is not easy to detect, and can happen in many different ways. A couple of examples:

  • When you use a debit or credit card to pay for things and the clerk or waiter swipes your card twice – once on the legitimate company’s card swipe device, and once again on his/her personal card-swiping machine hidden under the counter. As well, waiters in a restaurant might swipe your credit card at the cashier counter while you are still at your table.
  • When you slide your card into an ATM or payment terminal that has been tampered with by criminal elements that have slipped an elicit card sensor over or inside the original equipment’s card. The illegal card sensor can receive the information directly from your card, complete with the PIN number you entered. Alternately, if the reader cannot record your PIN number, a miniature camera concealed nearby may record your finger movements typing in your PIN. All of this information may then be either transmitted via a wireless connection to the nearby bad guy, or the nasty card sensor may record the information for later collection.

Over The Shoulder Identity Theft

This happens in a store when you are paying at the cash, and someone watches over your shoulder to  memorize your credit card number, or your debit card number and PIN you entered into the debit machine’s keypad. The shoulder surfer looks like just another customer in line. This happens less these days, with the dawning of the tapping era.

What’s on the Counter?

Similar to shoulder surfing. Often, the victim simply assumes that someone else near the counter may be an employee or friend of the clerk.

Tap Theft

There have been examples of tap theft, where someone gets close to your card, and has a device to do an illicit tap. Carrying your tappable cards in a safe wallet that is shielded, might not be a bad idea.

Hidden Malware or Spyware

Its function is hidden from view. You have no idea what your computer is doing while you are online. It may be forwarding all your keystrokes to an unscrupulous adversary (individual, group), including your online banking login ID, password, etc.

Computer Repair

How well do you know the computer repair person? While you may be assuming they are fixing that problem that has been plaguing your computer, they may be installing malware or spyware that will record and forward your personal information to an adversary the minute the computer goes online. Relying on larger firms like Staples or Best Buy does not guarantee ethics, either. It is better to clean your system before handing it over to anyone.

Never sell your computer without cleaning out your hard drive, and BIOS. Re install the Operating system, after formatting the hard drive (a full format, not just a quick format), to ensure less of a chance of data theft.

Is That It ?

Absolutely not, I will be writing more about this topic, and this by no means is an exhaustive list. With the continued Data Breaches going on, the bad folk don’t even have to work hard to get your information.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.