company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
2. Canadian Identity Theft Support Centre
Preventing Identity Theft:
A
Guide for Youth
Page
• Introduction
1
• What Is Identity Theft
1
• What Do Identity Thieves Want?
2
• How Do Identity Thieves Get Information
About Their Victims?
2
• How Do Identity Thieves Use This Information
To Commit Identity Fraud?
3
• Who Are Identity Thieves?
4
• Reducing The Risk: How Can I Avoid
Becoming A Victim?
4
• At Home
4
• Out And About
5
• Smartphones
5
• Transacting With Other People
And Business 5
• Protecting Your Computer
6
• Online Activity
6
• Social Networking
7
• Peer-to-Peer (P2P) File Sharing
8
• Online Shopping
9
• Tell your Friends and Family
9
• Preventing Identity Theft: Tips for Students and Youth
10
Canadian Identity Theft Support Centre
1.866.436.5461
www.idtheftsupportcentre.org
entity
theft
3. Introduction
What is identity theft?
If you think that identity theft is a problem
that only adults need to be concerned
about, think again. Identity thieves go after
people of all ages, for all sorts of different
reasons. Young people can be targeted
just like anyone else, even if they don’t
have a lot of money in the bank. A thief
could use your identity to borrow money
or obtain services on credit, run up bills
in your name and ruin your credit rating
before you even try to borrow money
yourself! Identity thieves can also steal
your online identity and attempt to ruin
your reputation by posting information or
sending messages ostensibly from you.
“Identity theft” is used by CITSC to
mean not just the stealing of personal
information, but also the fraudulent use
of that information to access your bank
account, credit card or other account
without your authorization; to obtain
loans, services, government benefits,
employment or other benefits in your
name; to evade authorities by assuming
your identity; or simply to damage your
reputation.
If you make it easy for an unscrupulous
person to gather your personal
information, you are risking becoming a
victim of identity theft - something that
can cause you serious problems and take
years to resolve. Victims will tell you: it’s
worth taking some precautions to avoid
this crime.
Note: See CITSC’s general guidebooks
on Preventing Identity Theft and
Protecting Yourself from Online Identity
Theft for more information and tips. This
guide includes some but not all of the
information in those guides.
1
Both “identity theft” and “identity fraud”
are criminal offences in Canada. Related
activities such as redirecting mail and
selling fraudulent identity documents are
also criminal offences.
The damage to victims of identity theft
varies widely, from mere inconvenience
such as having to replace a credit card,
to financial and personal devastation.
Victims may even being arrested for
crimes committed by an impostor. Given
the potential consequences of identity
theft, it is worth making an effort to avoid
becoming a victim.
4. What do identity thieves
want?
Most identity thieves want money. Some
want employment or free services. Others
want to evade authorities. In all cases,
identity thieves pretend to be other people
in order to achieve their goals.
The types of information most useful to
identity thieves are:
1. Full Name and Address
2. Date of birth
3. Social Insurance Number
4. Drivers Licence number
5. Passport number
6. Other government-issued ID numbers
7. Student ID numbers
8. Credit card, debit card, bank account
and other financial account numbers
9. Typical passwords or security question
answers – e.g., mother’s maiden name
10. Information about your family, work
and personal life
How do identity thieves
get information about
their victims?
Identity thieves use many methods to
gather personal information about their
victims that they can then use to commit
identity fraud. These methods include:
1. Stealing your wallet, purse, cheques or
mail
2. Gathering information from records in
your home
3. Sifting through your trash to find useful
information such as account details
4. Posing as a legitimate company by
email, over the phone or at your door and
asking you for your account information
(this is called “pretexting”, or if done by
email, “phishing”)
5. Taking your credit card or debit card
out of your sight and “skimming” it (i.E.,
Capturing the information on it via a
special device)
6. Watching you enter your pin or
password
7. Eavesdropping on insecure wireless
communications
8. Gathering information about you from
social networking sites, blogs, online
‘payday loan’ applications, and other
online sources
9. Hacking into your computer via a virus
or other method
2
5. 10. Surreptitiously installing spyware on
your computer that gathers information
such as your passwords
Thieves can also gather your information
from other sources that you cannot
control, such as:
1. The garbage of corporations with whom
you do business or government agencies
2. The computers and databases of
corporations and governments
3. Unintentional security breaches of
corporations and governments
4. Websites that have information about
you posted on them
5. Employees of corporations or
government who are fooled into providing
your information to the imposter
6. Employees of corporations or
government who are part of a criminal
ring or who are bribed to provide your
information to criminals
How do identity thieves
use this information to
commit identity fraud?
Once they have enough information to
pretend to be you, identity thieves can
do all sorts of damage to you and your
financial and personal reputation. Such
damage includes (but is not limited to):
1. Making charges on your credit card or
debit card (bank account)
2. Using, altering, or copying your
cheques and drawing money from your
bank account
3. Opening up new credit card, cell phone
or other accounts in your name and
running up bills without paying them
4. Sending a change of address to
creditors to divert your mail so that
you don’t notice the unauthorized bills
mounting up
5. Obtaining loans (even mortgages!) In
your name
6. Transferring title to property from you
to them
7. Getting a tax refund or other benefit in
your name
8. Leasing an apartment in your name
Getting a job in your name
9. Pretending to be you when arrested by
police
10. Accessing your email or social
networking
account
and
sending
embarrassing (or worse) messages or
posts that appear to be from you
3
6. Who are identity thieves?
Just as there is no typical victim of identity
theft, people who engage in this criminal
activity range from family members with
no criminal history to international crime
organizations. Depending on the nature
of the crime, the fraudster could be
someone you know or an anonymous
criminal operating from another part of the
world. There is no typical identity thief.
REDUCING THE RISK:
How can I avoid becoming
a victim?
There are many things you can do to
minimize the risk of identity theft. The
following are some of the most important:
Review your bank and credit card
statements carefully when they arrive and
report immediately any activity you do not
recognize as your own.
4. Keep financial records in a safe, secure
place. Don’t leave them lying around
the house. Shred (or burn) old records
once you know that you won’t need them
for tax or other purposes. Use a crossshredder to ensure that thieves cannot
piece together any information from the
garbage.
5. Check your credit reports with Equifax
and TransUnion annually. Offline reports
are free. If you have never established
credit, you will be told there is no report.
If there is a report, check it out and make
sure that none of the information is a
result of fraudulent activity.
At Home
1. Keep identification documents in a
safe place at home and only take them
with you when you need them. Consider
storing important documents that you use
infrequently in a safety deposit box at a
bank. Keep copies of your passport, birth
certificate and other government-issued
ID in separate files (for reference if you
lose the original).
2. If you have an unsecured mailbox,
pick up your mail as soon as possible
after delivery. If you are going away, stop
delivery or arrange for someone to pick
up your mail.
Checklist of documents you
should keep secure
• Social Insurance Number card
• Birth Certificate
• Passport
• Drivers Licence
• Health Card
• Student ID card
• Bank statements
• Credit card statements
• Other financial statements
• Government benefit statements
3. Be aware of when your bills normally
arrive in the mail and if they don’t arrive,
contact the bank or creditor and find out
what happened.
4
7. Out and About
1. Don’t carry identification documents
(e.g., birth certificate, passport, SIN card,
health card) or blank cheques in your
wallet, purse or otherwise with you unless
you need them.
2. Don’t store unnecessary personal
information on your smartphone or other
handheld device. Password-protect your
mobile devices with a strong password
that can’t be guessed by someone else.
3. Password-protect your mobile devices
with a strong password that can’t be
guessed by someone else.
Smartphones
1. Install security software specially
designed for mobile devices and set it to
update regularly.
2. Install a backup/wiping program that
will back up the information on your
mobile device to your home computer and
“wipe” your phone if it is lost or stolen so
that no data remains on the device itself.
These services are available through
device manufacturers and wireless
service providers. iPhones have a builtin “wipe” feature that if turned on will wipe
the phone after 10 failed log-on attempts.
3. Read the fine-print of applications
before installing them. Make sure a site
is secure (https) before giving any billing
or personal information.
5
Transacting with other people and
businesses
1. Don’t give any information about
yourself or your accounts to anyone over
the phone, through the mail or over the
Internet unless you initiated the contact.
Unsolicited requests for your personal
information are likely to be scams. If
the caller (or message) asking you for
information purports to be from your bank
or another institution with which you do
business, hang up and call the institution
yourself using the phone number on your
account statements, and ask if they were
trying to contact you.
2. Don’t give your student ID to anyone
who doesn’t need it.
3. Don’t give your Social Insurance
Number unless it is required by your
employer, your financial institution or the
government.
Other businesses don’t
need it and cannot legally insist that you
provide it.
4. Don’t let your debit card or credit card
out of your sight when using them to
pay for services. Cover the pad when
entering your PIN.
5. When selecting service providers to
whom you will be entrusting your personal
information, look into their privacy policies
and their track records with respect to
data security. Don’t do business with
a company you can’t trust to keep your
personal information confidential and
secure. Let companies know that this is
important to you.
8. Protecting Your Computer
Online Activity
1. Set up your computer with a username
and password that you have to enter each
time the computer is turned on and after a
certain period of inactivity. Only let people
you trust know your password.
1. Use strong passwords to protect your
financial accounts if you access them
online.
Passwords should be at least 8
characters long and include a mix
of upper- and lower-case letters,
numbers, and/or non-alphabetical
characters.
Do not use easilyavailable information such as your
mother’s maiden name or your birth
date.
2. Do not store passwords on your
computer.
3. Ensure that all computers you use to
connect to the Internet are protected by
both a firewall and anti-virus software.
4. Keep your computer’s anti-virus
software current: set it to update and scan
regularly, and don’t let your subscription
lapse.
5. Turn off your computer when it is not
in use. When your computer is shut off
it is also disconnected from the Internet,
preventing access to potential thieves.
6. If you use a wireless system to connect
to the Internet, you should take extra
precautions against unauthorized access.
Install a Virtual Private Network (VPN) or
other proven system to encrypt the data
moving to and from your computer so that
it is unreadable.
2. Do not open e-mail messages or
attachments if you do not recognize
the name of the sender. Delete them
immediately. Even messages from people
you know can be dangerous if they are
caused by computer viruses. If the
message seems strange, do not respond
to it. Attachments are most dangerous
– they can carry spyware that lodges in
your computer and sends your personal
data back to the criminal who can then
use it to perpetrate identity theft.
3. Do not download files unless you
are certain that they are safe (e.g., by
running them through your anti-virus
software). Other people’s computers may
be infected and used to send harmful
viruses and spyware to your computer
through email or downloads, even if the
other person is unaware of the infection.
4. Do not activate “pop-up” windows
that appear unexpectedly on your
computer. Just like email attachments
and downloads, they may contain viruses
or other malicious software.
5. Don’t post information on your blog,
social network profile or website that
could be useful to an identity thief. See
above for a list of information most useful
to identity thieves.
6. If you engage in social networking
online (e.g., Facebook, MySpace), set
your privacy settings to the highest level;
don’t just accept the default settings.
6
9. Use a nickname rather than your official
name. Don’t accept invitations to connect
with people you don’t know.
7. Read the fine-print of Applications
(“Apps”) before you install them on your
computer. If the App requires access to
more personal information that it needs,
reconsider whether you really want to
install it.
8. Connect only to wireless (Wi-Fi)
networks that you absolutely trust. If/
when you use a wireless network, make
sure that your communication is secure
and disconnect from the network when
you stop using it.
9. Limit your activities while using public
Wi-Fi. Avoid making online purchases
or accessing email while using a public
Wi-Fi zone. Public Wi-Fi hotspots are
targeted by hackers since they can give
the hacker direct access to your mobile
device.
Social Networking and Blogging
Identity thieves don’t have to steal the
information they need to impersonate
you if you make such information readily
available to them. Personal websites,
blogs, social networking sites and
online dating sites are prime sources of
information for identity thieves. Because
these online activities are founded
on divulging at least some personal
information, using them will always entail
some risk. However, there are steps that
you can take to reduce your exposure to
identity thieves when blogging or social
networking.
7
1. Read the site’s privacy and security
policies closely before you join it.
Understand what you are agreeing to and
be sure that you are comfortable with it.
2. Provide the least amount of personal
information possible when joining or
registering with a site. Make up a birth
date or other information if necessary.
3. Limit the information that you post
online. Think before you post: could this
information be used by an identity thief or
fraudster?
4. Never disclose particularly sensitive
personal information such as your full
name, birth date, home address, phone
numbers, Social Insurance Number, or ID
numbers on your profile or otherwise on
the site. This kind of information is gold
for identity thieves.
7. Never post information that could be
useful to thieves, such as when you are
going away on holiday or directions to
your house.
8. Use the highest privacy settings that
the site offers. Do not simply accept
default settings – these are typically set to
share your information widely. Take the
time to examine and adjust your privacy
settings (if possible) so as to ensure that
you aren’t inadvertently sharing your
information with strangers.
9. Do not accept “invitations” to connect
with unfamiliar persons. Connect only to
people you know and trust (confirm with
the person offline to be sure it is them), and
even then be mindful of the information
you exchange, as it is possible that they
may inadvertently pass it on to others.
10. 10. Disconnect from your account before
you go on to other things. Never leave
your connection open, especially if you
are using a mobile device – if someone
else gets hold of your device and your
account is open, they can pretend to be
you on the site.
11. Do not give your user account details
or passwords to your friends.
12. Select a setting that does not display
a time stamp on your posts.
13. Be wary of applications, especially
free applications. Nothing is free; the
price is often your personal information.
Take the time to find out what information
about you the application requires and
then decide if it is worth downloading.
14. Do not activate links that lead you to
another website, even if the link was sent
to you by a known friend or posted on
their profile.
15. Do not respond to e-mails that ask you
to update your profile unless you know
them to be legitimate. Such e-mails may
be phishing scams designed to gather
your user name and password in order
to retrieve greater amounts of personal
information that can then be used in
identity fraud.
Peer-to-Peer (P2P) File-sharing
If you use a peer-to-peer (P2P) filesharing program such as Bit Torrent,
Morpheus or Kazaa to download and
upload music, movies, and files with
other users, you are exposing yourself
to greater risk of identity theft. With
P2P file-sharing, shared files are stored
on users’ computers where they can be
accessed by other users on the network.
If you do not carefully set up your shared
information or shared drives, you could
end up sharing more information than you
intended. Even with carefully restricted
file sharing, P2P users can inadvertently
allow malware to enter their computers.
The following precautions are strongly
recommended if you engage in P2P filesharing:
1. Download files only from trusted
sources.
2. Scan all your files that you receive
during a file-transfer with effective antivirus software.
3. Run virus scans regularly to ensure
that no folders or drives are placed in a
share mode without your knowledge.
4. Periodically check the files you keep in
the shared folder.
5. Provide minimum (Read
privileges on the shared files.
Only)
6. Make sure that your shared folder is not
the default folder for any other application
or for downloads.
8
11. Online Shopping
Finally….
1. Place orders only through secure
websites. You can tell if a site is secure:
the web address will begin with
“https://” and the web browser will display
a locked padlock icon.
Tell your friends and family about
what they can do to prevent
identity theft
If more people take these steps to
prevent identity theft, criminals will find
it more difficult to succeed and we will
all benefit. Share the information in this
publication with other people. Don’t be
afraid to correct the habits of a friend or
family member if you see they are being
https://www.paypal.com with their personal information.
careless
Your few words could save them a lot of
grief.
2. Don’t store your credit card information
or other personal information on shopping
sites. While this makes future purchases
from that site easier (because you won’t
have to enter the same information each
time), it puts your information at risk of
being stolen from the site or exposed
unintentionally through a security breach.
3. Read the fine print. Confirm that the
business does not share your personal
information with other businesses, or
opt out of such sharing if necessary.
You are legally entitled to “opt-out” of all
non-essential use and sharing of your
personal information.
For more information and tips on
Computer/Online protection, see the
companion
CITSC
guide
entitled
“Protecting Yourself from Online Identity
Theft”.
9
12. Preventing Identity Theft - Tips for Students and Youth
Keep your Social Insurance Number (SIN) card and Birth Certificate in a safe place. Do
not carry these documents with you.
Password-protect your laptop, smartphone or other computing device and program it to
revert to password-protected mode after a short period of inactivity. Don’t share your
password with others.
Secure your laptop when you do not have it with you. The best way to secure your
laptop is to store it in a locking security box.
Think before you post information about yourself on social networking sites or elsewhere
online. Consider whether an identity thief might find that information useful.
Be wary of the peer-to-peer file sharing programs. They also increase the risk of
unauthorized access to your computer through malware or otherwise.
Ensure that all computing devices you use to connect to the Internet are protected
by both a firewall and anti-virus software and that these programs are set to update
regularly.
Don’t share your PINs or passwords with anyone.
See CITSC’s guide to Protecting Yourself from Online Identity Theft for more information
and tips about how to protect your computer and your online activities.
If you have mail delivered to an unsecured mailbox, don’t leave it lying there for long
periods of time.
Check your monthly bank and credit card account statements as they come in and look
for unexplained expenses.
Don’t share your SIN with anyone other than the government, your employer or bank
(they need it for tax purposes).
Never loan your driver’s license, identification cards or credit cards to anyone else.
10