Identity Theft – Understanding Scope of the Problem
Our series of articles on Identity Theft, Frauds and Scams will cover a variety of issues around the topic – everything from the scope of the problem, where criminals get our information, how they use that information, how to reduce our risk of becoming a victim and the details around the growing number of frauds and scams. We do not profess to be experts on the topics of Identity Theft, Frauds or Scams – other than the criminals, the only experts are a limited number of law enforcement officers and security personnel who specialize in those activities. Based on the new tactics that criminals are continuously developing, even law enforcement and security are probably having some difficulty staying up to date.

To illustrate the scope of the problem, here are some examples:
– One criminal organization developed a catalogue of more than 2 million personal profiles.
– Ten years ago, the Canadian Privacy Commissioner stated that the illegal drug trade was now less lucrative for criminals than the trade in personal information.
– Criminals gaining access to computers, locking the information on it, then demanding a ransom in exchange for unlocking it, is now estimated at more than a billion dollars annually.
– One Call Centre in India employed 700 people making calls to Canadian and American citizens, claiming to be the Canada Revenue Agency (CRA) or Internal Revenue Service (IRS). Losses are in the tens of millions of dollars, but largely unknown, because many individuals are too ashamed to report the loss.
So we hope you find our messages interesting, useful and many even valuable, in reducing your risk of being a victim of these crimes.
The first step is limiting the amount of our personal information that is made available. In our seminars we emphasize that the security of our information is frequently beyond our control; however, where we do have control, let’s limit access to that information. There are various pieces of legislation at the provincial, state and federal levels pertaining to personal information security. Much of that legislation flows through to local businesses and organizations. Those local entities have a responsibility in most cases, to limit the information they collect, limit the ways it can be used and most importantly, keep that information secure. That’s where you and I come in: we can often reduce the amount of information we provide. And we can ask questions such as: Why do you need the information? How long are you going to retain that information? How are you going to keep it secure? Who is responsible for the security of such information?
If the responses to those questions seem inadequate, simply don’t provide the information.
Please go to for more information on how you can protect you and your family through IDShield and LegalShield.

Control Data

We have discussed the issue of personal information in areas over which we have no control, however we will be coming back to it in future #IdentityTheft posts when discussing where criminals obtain that information.  This time, we’ll look at some areas where we do have control and some steps we can take to prevent the loss of that information.

Limiting the information we provide to legitimate businesses and organizations is the first step.  Next, is our outright refusal to provide personal information in other situations.  One of the most common methods used by criminal organizations is through fraudulent e-mails.  We have personally received several e-mails from “banks”, asking for us to update our Account Information.  These are banks where we have never had an account.  Even though the e-mail appears to be from a specific bank, when we call that bank to confirm the legitimacy of the request, we’re told that the e-mail address we have on our screen, is not an address used by that bank.  Assuming the criminals are sending that same e-mail to thousands of individuals, it’s logical to assume many customers of that bank may unwittingly provide the requested information – and it will be going directly to the criminals.  Never provide information when it is requested in an e-mail or phone call – provide it only when you contact the other party by phone or e-mail after verifying you’re using the correct address or phone number.  Banks don’t request information updates via e-mails, phone calls or pop-up windows.

We have had e-mails claiming to be from FedEx and from Canada Post, simply asking us to click on a tracking number to arrange for the pickup of a parcel.  When we call those couriers, they tell us those e-mail addresses and tracking numbers are not theirs.  Many people could be victims of that scam because  they may assume it’s a legitimate shipment that they are expecting from someone.  In fact, by clicking on the “tracking number’ you have just given the criminals access to your system.  Never click on attachments, pop-ups or links unless you verify the legitimacy first.  The same is true for telephone requests.

We do have control over information we provide as a result of a request – just don’t provide it unless the request is legal, necessary  and legitimate.  Don’t let criminals use e-mails, pop-up windows or links to make you a victim of #IdentityTheft.