Canadian Identity Theft Support Centre
Preventing Identity Theft:
A Guide for Seniors
• What Is Identity Theft
• What Do Identity Thieves Want?
• How Do Identity Thieves Get Information
About Their Victims?
• How Do Identity Thieves Use This Information
To Commit Identity Fraud?
• Who Are Identity Thieves?
• Reducing The Risk: How Can I Avoid
Becoming A Victim?
• Caregivers and Powers of Attorney
• At Home
• Out And About
• Transacting With Other People
And Business 5
• Protecting Your Computer
• Online Activity
• Online Shopping
• Preventing Identity Theft: Tips for Seniors
Canadian Identity Theft Support Centre
What is identity theft?
Identity theft is not confined to any
particular demographic group - people
of all ages can become victims. But just
as with other forms of fraud and financial
exploitation, seniors may be targeted by
identity thieves because they are seen
as vulnerable and potentially lucrative
targets. It is therefore important that
seniors and those who may be caring for
them are aware of the danger of identity
theft and the ways it is perpetrated, and
that they take the necessary precautions
to avoid it.
We use the term “identity theft” to mean not
just the stealing of personal information,
but also the fraudulent use of that
information to access your bank account,
credit card or other account without your
authorization, to obtain loans, services,
government benefits, employment or
other benefits in your name, or to evade
authorities by assuming your identity.
Both “identity theft” and “identity fraud”
are criminal offences in Canada. Related
activities such as redirecting mail and
selling fraudulent identity documents are
also criminal offences.
Older adults living in residential facilities
or under the care of someone else are
at particular risk because the caretakers
have access to the senior’s personal
records. This creates a situation which
allows unscrupulous individuals to exploit
those in their care. If you are a friend or
family member concerned about potential
exploitation of an elderly person, the
following information and advice will be
Note: Seniors need to take the same
precautions as everyone else against
identity theft. This ‘Guide for Seniors’
replicates information provided in CITSC’s
general Guide to Preventing Identity Theft
and provides a few more tips specific to
The damage to victims of identity theft
varies widely, from mere inconvenience
such as having to replace a credit card,
to financial and personal devastation.
Victims may even be arrested for crimes
committed by an impostor. Given the
potential consequences of identity theft,
it is worth making an effort to avoid
becoming a victim.
What do identity thieves
Most identity thieves want money. Some
want employment or free services. Others
want to evade authorities. In all cases,
identity thieves pretend to be other people
in order to achieve their goals.
The types of information most useful to
identity thieves are:
1. Full Name and Address
2. Date of birth
3. Social Insurance Number
4. Drivers Licence number
5. Passport number
6. Other government-issued ID numbers
7. Student ID numbers
8. Credit card, debit card, bank account
and other financial account numbers
9. Typical passwords or security question
answers – e.g., mother’s maiden name
10. Information about your family, work
and personal life
How do identity thieves
get information about
Identity thieves use many methods to
gather personal information about their
victims that they can then use to commit
identity fraud. These methods include:
1. Stealing your wallet, purse, cheques or
2. Gathering information from records in
3. Sifting through your trash to find useful
information such as account details
4. Posing as a legitimate company by
email, over the phone or at your door and
asking you for your account information
(this is called “pretexting”, or if done by
5. Taking your credit card or debit card
out of your sight and “skimming” it (i.e,
capturing the information on it via a
6. Watching you enter your pin or
7. Eavesdropping on insecure wireless
8. Gathering information about you from
social networking sites, blogs, online
‘payday loan’ applications, and other
9. Hacking into your computer via a virus
or other method
10. Surreptitiously installing spyware on
your computer that gathers information
such as your passwords
Thieves can also gather your information
from other sources that you cannot
control, such as:
1. The garbage of corporations with whom
you do business or government agencies
2. The computers and databases of
corporations and governments
3. Unintentional security breaches of
corporations and governments
4. Websites that have information about
you posted on them
5. Employees of corporations or
government who are fooled into providing
your information to the imposter
6. Employees of corporations or
government who are part of a criminal
ring or who are bribed to provide your
information to criminals
How do identity thieves
use this information to
commit identity fraud?
Once they have enough information to
pretend to be you, identity thieves can
do all sorts of damage to you and your
financial and personal reputation. Such
damage includes (but is not limited to):
1. Making purchases on your credit card
or debit card (bank account)
2. Using, altering, or copying your
cheques and drawing money from your
3. Opening up new credit card, cell phone
or other accounts in your name and
running up bills without paying them
4. Sending a change of address to
creditors to divert your mail so that
you don’t notice the unauthorized bills
5. Obtaining loans (even mortgages!) In
6. Transferring title to property from you
7. Getting a tax refund or other benefit in
8. Leasing an apartment in your name or
getting a job in your name
9. Pretending to be you when arrested by
Who are identity thieves?
Just as there is no typical victim of identity
theft, people who engage in this criminal
activity range from family members with
no criminal history to international crime
organizations. Depending on the nature
of the crime, the fraudster could be
someone you know or an anonymous
criminal operating from another part of
In the case of the elderly, especially those
reliant on others for their care, there is
a higher than normal risk of caregivers,
family members or others with access to
the senior’s records to take advantage of
the elderly person. The perpetrators may
even rationalize such exploitation (e.g.,
obtaining credit in the elderly person’s
name) on the grounds that they are
somehow entitled to the funds.
REDUCING THE RISK:
How can I avoid becoming
There are many things that seniors and
their caregivers can do to minimize the
risk of identity theft.
Caregivers and Powers of
1. Before hiring a caregiver, do a
thorough background check (including a
police check and at least three reference
checks) and have trusted friends or family
help make the hiring decision.
2. Do not leave cheques or other financial
documents lying around the home.
3. When an elderly person becomes
unable to manage his or her own
finances, ensure that a financial Power of
Attorney is provided to someone who is
1. Keep cheques and identification
documents in a safe (preferably locked)
place at home and only take them with
you when you need them. Consider
storing important documents that you use
infrequently in a safety deposit box at a
bank. Keep copies of your passport, birth
certificate and other government-issued
ID in separate files (for reference if you
lose the original).
2. Never leave strangers unattended in
3. If you have an unsecured mailbox,
pick up your mail as soon as possible
after delivery. If you are going away, stop
delivery or arrange for someone to pick
up your mail.
4. Be aware of when your bills normally
arrive in the mail and if they don’t arrive,
contact the bank or creditor and find out
5. Review your bank and credit card
statements carefully when they arrive and
immediately report any activity you do not
recognize as your own.
6. Keep financial records in a safe, secure
place. Don’t leave them lying around the
7. Shred (or burn) old records once you
know that you won’t need them for tax or
other purposes. Use a cross-shredder to
ensure that thieves cannot piece together
any information from the garbage.
8. Order a copy of your credit file from
the two Canadian credit bureaus (Equifax
and TransUnion) annually and review it
carefully to confirm that no one has been
applying for credit or incurring debts in
Out and About
1. Don’t carry identification documents
(e.g., birth certificate, passport, SIN card,
health card) or blank cheques in your
wallet, purse or otherwise with you unless
you need them.
Checklist of documents you
should keep secure
• Credit card statements
• Bank and other financial
• Insurance policies
• Medical documents
• Tax records
• Government benefit statements
• Legal documents
2. Don’t store unnecessary personal
information on your smartphone or other
handheld device. Password-protect your
mobile devices with a strong password
that can’t be guessed by someone else.
Transacting with other people and
1. Don’t give any information about
yourself or your accounts to anyone over
the phone, through the mail or over the
Internet unless you initiated the contact.
Unsolicited requests for your personal
information are likely to be scams. If
the caller (or message) asking you for
information purports to be from your bank
or another institution with which you do
business, hang up and call the institution
yourself using the phone number on your
account statements, and ask if they were
trying to contact you.
2. Don’t give your Social Insurance
Number unless it is required by your
employer, financial institution or the
Other businesses don’t
need it and cannot legally insist that you
3. Never use a cheque to pay someone
you don’t know and trust. Instead, use
cash, credit card, debit card, money order
or bank draft.
4. Don’t let your debit card or credit card
out of your sight when using them to
pay for services. Cover the pad when
entering your PIN.
5. When selecting service providers to
whom you will be entrusting your personal
information, look into their privacy policies
and their track records with respect to
data security. Don’t do business with
a company you can’t trust to keep your
personal information confidential and
secure. Let companies know that this is
important to you.
Protecting Your Computer
1. Set up your computer with a username
and password that you have to enter each
time the computer is turned on and after a
certain period of inactivity. Only let people
you trust know your password.
2. Do not store passwords on your
computer. Keep a list of your passwords
somewhere out of sight. Disclose this
location only to people you fully trust.
3. If it is hooked up to the Internet, ensure
Passwords should be at least 8
characters long and include a mix
of upper- and lower-case letters,
numbers, and/or non-alphabetical
Do not use easilyavailable information such as your
mother’s maiden name or your birth
that your computer is protected by a
firewall and anti-virus software that is kept
up-to-date and that scans your computer
regularly (e.g., weekly) for viruses and
4. Turn off your computer when it is not
in use. When your computer is shut off
it is also disconnected from the Internet,
preventing access to potential thieves.
1. Use strong passwords to protect your
financial accounts if you access them
2. Do not open e-mail messages or
attachments if you do not recognize
the name of the sender. Delete them
immediately. Even messages from people
you know can be dangerous if they are
caused by computer viruses. If the
message seems strange, do not respond
to it. Attachments are most dangerous
– they can carry spyware that lodges in
your computer and sends your personal
data back to the criminal who can then
use it to perpetrate identity theft.
3. Do not download files unless you
are certain that they are safe (e.g., by
running them through your anti-virus
software). Other people’s computers may
be infected and used to send harmful
viruses and spyware to your computer
through email or downloads, even if the
other person is unaware of the infection.
4. Do not activate “pop-up” windows
that appear unexpectedly on your
computer. Just like email attachments
and downloads, they may contain viruses
or other malicious software.
5. Don’t post information on your blog,
social network profile or website that
could be useful to an identity thief. See
above for a list of information most useful
to identity thieves.
6. If you engage in social networking
online (e.g., Facebook, MySpace), set
your privacy settings to the highest level;
don’t just accept the default settings.
Use a nickname rather than your official
name. Don’t accept invitations to connect
with people you don’t know.
7. Read the fine-print of Applications
(“Apps”) before you install them on your
computer. If the App requires access to
more personal information that it needs,
reconsider whether you really want to
8. Connect only to wireless (Wi-Fi)
networks that you absolutely trust. If/
when you use a wireless network, make
sure that your communication is secure
and disconnect from the network when
you stop using it.
9. Limit your activities while using public
Wi-Fi. Avoid making online purchases
or accessing email while using a public
Wi-Fi zone. Public Wi-Fi hotspots are
targeted by hackers since they can give
the hacker direct access to your mobile
1. Make purchases only from businesses
that you know are legitimate. Some
websites are designed for the sole
purpose of stealing your personal
information, especially credit card
numbers. If you are unsure about the
legitimacy of the business, research it via
the Internet (to see what others say about
it), call and ask questions to determine its
legitimacy, or contact the Better Business
Bureau to find out if it is a member.
2. Place orders only through secure
websites. You can tell if a site is secure:
the web address will begin with
“https://” and the web browser will display
a locked padlock icon.
3. Pay for online purchases only with a
credit card or secure online system such
as PayPal. Never pay with a cheque as
cheques are easily copied and contain
too much personal information.
4. Don’t store your credit card information
or other personal information on shopping
sites. While this makes future purchases
from that site easier (because you won’t
have to enter the same information each
time), it puts your information at risk of
being stolen from the site or exposed
unintentionally through a security breach.
5. Read the fine print. Confirm that the
business does not share your personal
information with other businesses, or
opt out of such sharing if necessary.
You are legally entitled to “opt-out” of all
non-essential use and sharing of your
1. Use the same precautions as when
using your home computer online (see
above). Install security software specially
designed for mobile devices and update
it regularly. Double check URLs for
accuracy. Don’t open suspicious links.
Read the fine-print of applications before
installing them. Make sure a site is
secure (https) before giving any billing or
2. Install a backup/wiping program that
will back up the information on your
mobile device to your home computer and
“wipe” your phone if it is lost or stolen so
that no data remains on the device itself.
These services are available through
device manufacturers and wireless
service providers. iPhones have a built-in
“wipe” feature that if turned on will wipe
the phone after 10 failed log-on attempts.
For more information and tips on
Computer/Online protection, see the
“Protecting Yourself from Online Identity
Preventing Identity Theft: Tips for Seniors
Keep a minimum number of identity documents and payment cards in your wallet.
Be especially careful with cheques, Social Insurance Numbers, Passports and Birth
Certificates. Do not carry these documents in your purse, wallet or car unless you need
them that day.
Treat all unsolicited communications - whether by phone, mail, email or in person - as
Never give your full name, SIN, account numbers or passwords to strangers who
contact you, whether by phone, internet, email or at the door. If you think the request
was legitimate, call the company yourself using the telephone number from your billing
statements or the phone book.
Check your financial statements regularly. If you notice any suspicious activity on your
accounts or bill, contact the bank or company immediately.
Store identity documents, cheques and financial statements in a secure place at home
(or in a safety box at the bank if you need them only rarely). Do not leave them lying
around at home.
Destroy old records that are no longer needed using a cross-cut shredder.
Order a copy of your credit reports from Equifax and TransUnion annually and review
them carefully. If you see any suspicious activity, contact the creditor involved and
determine the nature and source of the activity. If it wasn’t you, treat it as a case of
identity theft – see CITSC’s Identity Theft Victim Toolkit.
If hiring a caregiver, do a thorough background check first. Have someone you trust
help you with this important task.