With COVID-19 in full tilt across the world, fraud may be the last thing to worry about. Yet March is Fraud Prevention Month and, according to the Competition Bureau of Canada, Canadians lost nearly $100 million to reported scams in 2019 alone.
(Fraud Prevention Month is an annual campaign that presents a chance to raise awareness about fraudulent activity, which can be especially important now that data security may seem less of a priority. March is an especially important month given it’s tax season.)
Experts can’t stress enough the importance of being hyper vigilant of your financial and personal data, especially during these complex times. And consumers are falling behind, an example being credit card fraud. Equifax Canada (a national credit card monitoring company) reports a new trend that sees some people slacking off about checking their credit reports to help detect fraudulent activity.
Many see social isolation and various life changes increasing their vulnerability to financial fraud. For everyone working from home now, fraud and identity theft are closer than you think.
With most work being conducted remotely, “we are potentially more susceptible to data fraud for a variety of reasons,” says Michael Borromeo, vice-president of data protection for Stericycle, (the provider of Shred-it information security). “Scammers and fraud artists often use heightened global anxieties to target users when they are at their most vulnerable.”
Plus, we’ve seen recent reports in Canada about ways COVID-19 is being used to scam unsuspecting and worried victims, like calling their personal phones claiming to be a government appointed health worker and falsely reporting positive coronavirus test results in exchange for personal information, says Borromeo.
Similarly, cybercriminals are using fear of the pandemic to trick people into opening phishing emails that install malicious software on their computers or capture credentials.
The sharp spike in employees working from home also brings its own separate data breach risks, too.
Being at home adds another location where information can be unintentionally leaked to outside sources – unsecure Wi-Fi connections and mobile apps, negligent caring of documents, and improper disposal of confidential information are all risks heightened when out of the office.
According to Shred-it’s 2019 Data Protection report, many businesses don’t have plans for properly storing and disposing information when workers are off-site. Now, typical risks are being amplified with so many people working remotely.
Yet, the risk of a data breach can be greatly reduced, even in stressful circumstances, by making security policy a part of normal, everyday routine. This includes being vigilant and taking precautions – and never leaving your device unattended!
As well, only use secure networks and applications. When it comes to data or documents with sensitive information, ensure they are completely disposed of and irretrievable when no longer needed, as well (so don’t dump your work in with the regular garbage or recycling.)
Here’s what Michael Borromeo has to say on avoiding fraud at all costs:
Q: With people more worried about the pandemic, what are some of the most obvious signs of fraud?
A: Scammers are looking to take advantage of the fear being generated by the pandemic. Be cautious of any form of communication – whether it be email, phone or document – from a stranger claiming to need personal information from you in some way. A reputable source will have protocols in place to verify themselves. Bottom line: don’t click on something unfamiliar.
Q:What steps can people take to avoid falling for the biggest fraud?
A: One of the best ways you can help prevent fraud is by prioritizing information security. It can be easy to let data protection practices fall by the wayside when feeling overwhelmed – by adjusting your security habits and making it a routine, like always putting on your seat belt when getting in car, it becomes natural and greatly reduces your risk of becoming a victim.
Additional steps you can take include always using strong passwords, protecting all confidential information on paper and data, even at home. Lock it away or keep it hidden in hard-to-reach places.
Always be on the look-out for any type of scam. Never disclose sensitive personal information on a phone call, text or email. Confirm that requests are genuine in other ways.
Q: What are some of the most popular phishing ploys?
A: When it comes to phishing, there are so many ways scammers can find to target an individual, but the following are some of the most popular:
1. “Payment Failed, Update Billing Information.” A known organization contacts you to complete a validation process immediately, or an account (such as Netflix) will be cancelled. This is a classic phishing scam that looks legitimate (including recognizable logos) and uses a sense of urgency to get you to follow instructions and ‘fix’ the problem. But there is no problem and clicking on the embedded link will lead to a fake website. Real institutions never ask for confidential information by email.
2. “Someone Sent You a Gift Card.” The email is addressed to you and packaged to look like a gift. It looks real. Seasonal scams like this are popular (at tax time, the CRA is spoofed) and, especially in global crises, can often be used toward people desperate to make ends meet. The gift card scam links to a site designed to steal data. Never open an attachment or follow a link in an email without checking the sender first. Point the cursor at the ‘click here’ link without clicking to display the address of the website. Make sure it’s correct. If not, delete.
3. “Urgent CEO Request.” You receive a work email from a high-level executive requesting the immediate transfer of funds or sensitive data. This is a Business Email Compromise (BEC) scam. An attacker is impersonating the executive and counts on the recipient to be unsure about questioning a higher up, which can be especially disconcerting if you are working from home and aren’t in direct contact with the executive. The transfer is actually sent to the attacker. While the IT department should flag all suspicious emails, individuals should verify email requests over a different channel, such as in person or over the phone.
4. “Help Disaster Victims.” The phishing email asks for money to help victims, which can be especially prevalent during a global pandemic like this. Disaster relief scams contain links or attachments that direct users to a malicious website. Don’t fall for this – if you really want to help, go directly to the website of the charity you know and contribute there.
Pining for the perfect PIN
We wouldn’t want to share our toothbrush. Then why share our personal pin number? We’ve all heard this before, but research shows people continue to make the same mistakes when it comes to protecting their ID.
A recent Angus Reid survey conducted on behalf of Royal Bank of Canada for Fraud Month shows that 55% of Canadians admit to having shared their PIN or security passwords with family or friends.
According to the RBC Fraud Prevention Poll, despite the fact that there can be serious implications if your PIN or password is compromised, 41% of Canadians have done one or more the following things that could compromise their security:
• Used the same phone unlock code as their bank PIN
• Used their birthday as their bank PIN
• Kept their PIN written down in their wallet
• Used the last 4 digits of their phone number as their PIN
• Used the word PASSWORD as a password for websites
• Set their debit or credit card PIN to something easy like 1234 or 5555
• Have written their PIN on their debit or credit card
“You should always protect your PIN and passwords and choose one that follows security best practices,” says Jason Storsley, vice-president of fraud management for RBC. “In the wrong hands, this information could be detrimental to your financial security. Think of it as leaving your house key in the lock, yet expecting that you are protected.”
PINs and passwords act as electronic signatures to identify you as the authorized user of your banking products and services, such as your debit card, credit card and online banking. When used in combination with the corresponding card or account number, PINs and passwords provide you with access to your money and account information. Canadians who do not protect this information are le aving themselves vulnerable to fraud.
What to do? Choose a PIN with numbers and/or letters you can easily remember, but avoid numbers and letters that others might guess, such as your birth date, phone number, address or SIN.
Do not write down your PIN or store it electronically and do not disclose it to anyone including your bank, law enforcement agencies, friends or family.
Change your PIN from time to time.
If you need someone (e.g. a family member, friend, associate, caregiver) to perform banking activities on your behalf, speak with your banking representative about options other than sharing your PIN.
If you suspect that your PIN has been compromised, change it immediately at your nearest bank branch.