Fraud Prevention Articles

Proven strategies to reduce fraud, protect assets, and ensure compliance—tailored for small businesses.

Understanding the Scope of the Problem

Our series of articles on Identity Theft, Frauds and Scams will cover a variety of issues around the topic – everything from the scope of the problem, where criminals get our information, how they use that information, how to reduce our risk of becoming a victim and the details around the growing number of frauds and scams. We do not profess to be experts on the topics of Identity Theft, Frauds or Scams – other than the criminals, the only experts are a limited number of law enforcement officers and security personnel who specialize in those activities. Based on the new tactics that criminals are continuously developing, even law enforcement and security are probably having some difficulty staying up to date.

To illustrate the scope of the problem, here are some examples:

– One criminal organization developed a catalogue of more than 2 million personal profiles.

– More than ten years ago, the Canadian Privacy Commissioner stated that the illegal drug trade was now less lucrative for criminals than the trade in personal information.

– Criminals gaining access to computers, locking the information on it, then demanding a ransom in exchange for unlocking it, is now estimated at more than a billion dollars annually.

– One Call Centre in India employed 700 people making calls to Canadian and American citizens, claiming to be the Canada Revenue Agency (CRA) or Internal Revenue Service (IRS). Losses are in the tens of millions of dollars, but largely unknown, because many individuals are too ashamed to report the loss.

The first step is limiting the amount of our personal information that is made available. In our seminars we emphasize that the security of our information is frequently beyond our control; however, where we do have control, let’s limit access to that information. There are various pieces of legislation at the provincial, state and federal levels pertaining to personal information security. Much of that legislation flows through to local businesses and organizations. Those local entities have a responsibility in most cases, to limit the information they collect, limit the ways it can be used and most importantly, keep that information secure.

That’s where you and I come in: we can often reduce the amount of information we provide. And we can ask questions such as: Why do you need the information? How long are you going to retain that information? How are you going to keep it secure? Who is responsible for the security of such information?

If the responses to those questions seem inadequate, simply don’t provide the information.

Need help implementing this?

Social Media

We have talked about the fact that much of our personal information is in places over which we have no control. We’ve also pointed out some steps we can take to keep that information safe where we do have control. In this technological world, the area that appears to be the biggest problem for us – and a great source of information for the criminals, is Social Media.

You probably know of situations where individuals have shared personal information unnecessarily on social media. Something each of us has control over – let’s use that control! We may think we’re sharing something with our friends, but technology may be allowing our friends’ friends to also receive that same information. You should have rules for yourself and your family. For example, don’t share details of travel plans so people know when you may not be home; don’t share personal information that could be used to steal your identity. Don’t use multiple photos (can be used with Artificial Intelligence to create videos using your face on someone else’s body).
This use of social media is now starting with young children.

Parents should be discussing these dangers with children when the child first starts using social media, insisting that if the child isn’t sure about something, check with a parent before sharing information. But in many cases, the information may not seem dangerous to the child, which means constant communication and monitoring by parents. Just one more task added to your “To Do” list!

Need help implementing this?

Romance Fraud

Be vigilant when talking to vulnerable friends and relatives who may be lonely or depressed – they may become victims of Romance Fraud. Reported losses in Canada exceed $44,000,000 per year. The Canadian Anti-Fraud Centre suggests that represents only 5% of the actual losses. The emphasis there should be “reported”! Many individuals are too embarrassed or ashamed to admit they have been victimized and are reluctant to report the loss. In one 11-month period, an RCMP Detachment reported 5 victims with total losses of $1,092,000.

Most of these cases follow a similar format. Someone develops a relationship online or even on the telephone. Messages and photos are exchanged over many months. Of course, the photos may not be legitimate and much of the personal information is likely to be sketchy or fabricated. But over a long period of time, trust is developed. The next step is that the other party encounters some “financial difficulties” and requests money to be sent. That can continue until the victim runs out of money or finally realizes it’s a scam.

Some victims are extremely reluctant to admit that the relationship may not be real. That’s why we suggest being aware of such situations with those who may be vulnerable.

Need help implementing this?

RFID Credit Cards

Most credit cards being issued now have RFID (Radio Frequency Identification) capabilities. They will be active immediately, however if you wish, your bank or credit card issuer may de-activate that feature. Card issuers realize that they pose a security risk but suggest that customers and clients like to have the speed and convenience of that “tap” feature. It eliminates the need to enter the PIN every time it is used.

Before you cancel that feature, keep in mind that the criminals have something else for you. They now have cell phones with “heat sensitive” cameras. So they may be next in line behind you at a busy checkout; they could have scanned your credit card with a card reader, while your card is still in your wallet or purse (unless the card is in an aluminum wallet or sleeve). Then they photograph the pin pad immediately after you enter your PIN and get your number. Now they have both the card number and the pin for that card.

Keep in mind also, that RFID cards usually have a limit on the amount that can be charged using the “tap” feature. Higher amounts may require the PIN.

Need help implementing this?

Necessary Documents

Many of us are in the habit of carrying various pieces of identification most of the time. Some of that identification, and the information it contains, needs to be carried with us – an example is our Driver’s License. And no doubt we need our credit cards on a regular basis. Not only may we need those pieces of identification, the Driver’s License also provides Photo ID. But two things to keep in mind: First, criminals now have the technology to create their own forged Driver’s License using all of your information and their own picture. Second, Credit Cards can be copied, at least to the extent that the number can be transferred to a blank card (white card with a mag stripe). Those examples simply indicate the risks if our wallet or purse is lost or stolen.

Another issue is the fact that most of us carry information that isn’t necessary. The two best examples are Birth Certificate and Social Insurance Card. Police tell us that we should never carry those documents us unless we need them where we are going! There are two reasons for that: First, if you lose your wallet or purse, or have them stolen, the criminals love to have those documents to completely steal your identity; they can literally become you. Second, if you keep those pieces of identification in a safe place at home or safety deposit box, and your wallet or purse is lost or stolen, you still have those cards to re-create your identity.

Another step you can take to speed up the process of restoring your identity is to make a photocopy of all your personal information. The only caution there is that you should use a photocopier over which you have some control. Many copiers now capture and retain everything that is ever scanned. This topic will be covered in more detail in the next issue.
While it’s fresh in your mind, look at all the cards and personal information you have in your wallet or purse right now. Remove whatever you won’t need the next time you leave home. Let’s take control of the information we have the ability to control!

Need help implementing this?

IoT Security

“A chain is only as strong as its weakest link” is a very old but also accurate statement. Internet security experts are now using that line to describe the security around all the electronic devices in and around many modern homes. The Internet of Things is used to describe those devices, from laptops and phones to TVs, door locks, baby monitors, security cameras and now even thermostats and washing machines. All these are now available with internet control capability. Here are some security tips you need to consider seriously.

– When purchasing such equipment or devices, buy only from reputable businesses.

– Remember that there are three things at risk: Your information, your finances and control of your devices.

– Be sure that the providers of such equipment and services have clear policies on privacy and data usage.

– Recognize that information from a smart device may become available to third parties. A perfect example is the use of remote repair services by a third party technician.

– Limit the access to device controls to as few users as possible.

– Make sure security systems are continuously upgraded.

– Any special apps should be purchased from trusted, reputable companies such as Apple or Google, rather than from random app platforms.

Ensure that all members of your household are aware of the risks.

Need help implementing this?

CRA Scams

There are many versions of the CRA (Canada Revenue Agency) scam. There are recorded message phone calls, live phone calls, mail, e-mails and even uniformed “agents” coming to the door with handcuffs to take the victim to the bank to withdraw money. When this scam started, it was most common during tax season, but now it can happen at any time. Criminals often target someone whose spouse has passed away, advising that the deceased owed taxes.

The message is usually simple – you owe the CRA a sum of money in tax dues. And immediate payment is demanded, often with the threat of legal action or arrest. There are several steps one may take when targeted with this scam:

1. The CRA does not request tax payments by telephone, website or e-mail, so just ignore the threat.

2. Ask questions to determine how the individual got your contact information.

3. Remember that the CRA will never ask for money via gift cards or Bitcoin and does not demand payment within a few days or hours.

4. The CRA does not threaten with immediate arrest for non-payment of taxes.

5. Report the incident to police and the Canadian Anti-Fraud Centre.

The reason this scam continues to be used frequently by criminals is that it’s so lucrative. People seem to be so wary of the “Tax man”, that they will do anything to get the taxes paid and avoid further harassment. If you owe taxes, you will receive a letter in the mail with the details of the outstanding tax balance and you can always call the CRA to verify.

Need help implementing this?

Photocopying

In the last issue, we suggested photocopying the contents of your wallet or purse, in case they are lost or stolen. Having copies of everything makes restoring your identity much easier. However, you must be sure to use a secure photocopier when doing so. This topic draws a lot of attention in our Identity Theft Seminars.

Virtually every large photocopier, and some home models, made since 2002 has a hard drive which captures and stores all documents ever scanned. That means when the machine is sold or traded in on a newer model, all that scanned material goes with it. It’s common for us to ask a business or organization to make a copy of a document for us, without realizing that the document is likely to go with the copier some day.

We understand that Sharp now makes a copy machine with a built-in program to delete scanned documents but check with your machine’s manufacturer. There are two possible solutions, at least for your copy machine. First, when yours is worn out or obsolete, remove the hard drive and drill some holes through it. Second, hire a technician with high grade software to over-write everything on the hard drive. That may be expensive, but not nearly as bad as having to restore your identity! That takes care of documents on your machine.

Copy machines owned by someone else is another story; many businesses and institutions now lease copy machines rather than buying them outright. Unfortunately, at least for security reasons, many lease contracts require that when the lease ends, the copy machine must be in working condition. Of course that means the hard drive couldn’t be removed, so the over-write option is the only one available to most leases.

The best thing you can do if you have a photocopier, is to contact the manufacturer and determine what you can and cannot do. If you are leasing a machine, this would be a good topic to discuss with your supplier, not only for the machine you have, but also the next one you lease.