Youth Protection Guide - Canada

236 views
117 views

Published on

company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
236
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Youth Protection Guide - Canada

  1. 1. Youth Identity Theft Protection Guide 1.866.436.5461 www.idtheftsupportcentre.org
  2. 2. Canadian Identity Theft Support Centre Preventing Identity Theft: A Guide for Youth Page • Introduction 1 • What Is Identity Theft 1 • What Do Identity Thieves Want? 2 • How Do Identity Thieves Get Information About Their Victims? 2 • How Do Identity Thieves Use This Information To Commit Identity Fraud? 3 • Who Are Identity Thieves? 4 • Reducing The Risk: How Can I Avoid Becoming A Victim? 4 • At Home 4 • Out And About 5 • Smartphones 5 • Transacting With Other People And Business 5 • Protecting Your Computer 6 • Online Activity 6 • Social Networking 7 • Peer-to-Peer (P2P) File Sharing 8 • Online Shopping 9 • Tell your Friends and Family 9 • Preventing Identity Theft: Tips for Students and Youth 10 Canadian Identity Theft Support Centre 1.866.436.5461 www.idtheftsupportcentre.org entity theft
  3. 3. Introduction What is identity theft? If you think that identity theft is a problem that only adults need to be concerned about, think again. Identity thieves go after people of all ages, for all sorts of different reasons. Young people can be targeted just like anyone else, even if they don’t have a lot of money in the bank. A thief could use your identity to borrow money or obtain services on credit, run up bills in your name and ruin your credit rating before you even try to borrow money yourself! Identity thieves can also steal your online identity and attempt to ruin your reputation by posting information or sending messages ostensibly from you. “Identity theft” is used by CITSC to mean not just the stealing of personal information, but also the fraudulent use of that information to access your bank account, credit card or other account without your authorization; to obtain loans, services, government benefits, employment or other benefits in your name; to evade authorities by assuming your identity; or simply to damage your reputation. If you make it easy for an unscrupulous person to gather your personal information, you are risking becoming a victim of identity theft - something that can cause you serious problems and take years to resolve. Victims will tell you: it’s worth taking some precautions to avoid this crime. Note: See CITSC’s general guidebooks on Preventing Identity Theft and Protecting Yourself from Online Identity Theft for more information and tips. This guide includes some but not all of the information in those guides. 1 Both “identity theft” and “identity fraud” are criminal offences in Canada. Related activities such as redirecting mail and selling fraudulent identity documents are also criminal offences. The damage to victims of identity theft varies widely, from mere inconvenience such as having to replace a credit card, to financial and personal devastation. Victims may even being arrested for crimes committed by an impostor. Given the potential consequences of identity theft, it is worth making an effort to avoid becoming a victim.
  4. 4. What do identity thieves want? Most identity thieves want money. Some want employment or free services. Others want to evade authorities. In all cases, identity thieves pretend to be other people in order to achieve their goals. The types of information most useful to identity thieves are: 1. Full Name and Address 2. Date of birth 3. Social Insurance Number 4. Drivers Licence number 5. Passport number 6. Other government-issued ID numbers 7. Student ID numbers 8. Credit card, debit card, bank account and other financial account numbers 9. Typical passwords or security question answers – e.g., mother’s maiden name 10. Information about your family, work and personal life How do identity thieves get information about their victims? Identity thieves use many methods to gather personal information about their victims that they can then use to commit identity fraud. These methods include: 1. Stealing your wallet, purse, cheques or mail 2. Gathering information from records in your home 3. Sifting through your trash to find useful information such as account details 4. Posing as a legitimate company by email, over the phone or at your door and asking you for your account information (this is called “pretexting”, or if done by email, “phishing”) 5. Taking your credit card or debit card out of your sight and “skimming” it (i.E., Capturing the information on it via a special device) 6. Watching you enter your pin or password 7. Eavesdropping on insecure wireless communications 8. Gathering information about you from social networking sites, blogs, online ‘payday loan’ applications, and other online sources 9. Hacking into your computer via a virus or other method 2
  5. 5. 10. Surreptitiously installing spyware on your computer that gathers information such as your passwords Thieves can also gather your information from other sources that you cannot control, such as: 1. The garbage of corporations with whom you do business or government agencies 2. The computers and databases of corporations and governments 3. Unintentional security breaches of corporations and governments 4. Websites that have information about you posted on them 5. Employees of corporations or government who are fooled into providing your information to the imposter 6. Employees of corporations or government who are part of a criminal ring or who are bribed to provide your information to criminals How do identity thieves use this information to commit identity fraud? Once they have enough information to pretend to be you, identity thieves can do all sorts of damage to you and your financial and personal reputation. Such damage includes (but is not limited to): 1. Making charges on your credit card or debit card (bank account) 2. Using, altering, or copying your cheques and drawing money from your bank account 3. Opening up new credit card, cell phone or other accounts in your name and running up bills without paying them 4. Sending a change of address to creditors to divert your mail so that you don’t notice the unauthorized bills mounting up 5. Obtaining loans (even mortgages!) In your name 6. Transferring title to property from you to them 7. Getting a tax refund or other benefit in your name 8. Leasing an apartment in your name Getting a job in your name 9. Pretending to be you when arrested by police 10. Accessing your email or social networking account and sending embarrassing (or worse) messages or posts that appear to be from you 3
  6. 6. Who are identity thieves? Just as there is no typical victim of identity theft, people who engage in this criminal activity range from family members with no criminal history to international crime organizations. Depending on the nature of the crime, the fraudster could be someone you know or an anonymous criminal operating from another part of the world. There is no typical identity thief. REDUCING THE RISK: How can I avoid becoming a victim? There are many things you can do to minimize the risk of identity theft. The following are some of the most important: Review your bank and credit card statements carefully when they arrive and report immediately any activity you do not recognize as your own. 4. Keep financial records in a safe, secure place. Don’t leave them lying around the house. Shred (or burn) old records once you know that you won’t need them for tax or other purposes. Use a crossshredder to ensure that thieves cannot piece together any information from the garbage. 5. Check your credit reports with Equifax and TransUnion annually.  Offline reports are free.  If you have never established credit, you will be told there is no report.  If there is a report, check it out and make sure that none of the information is a result of fraudulent activity. At Home 1. Keep identification documents in a safe place at home and only take them with you when you need them. Consider storing important documents that you use infrequently in a safety deposit box at a bank. Keep copies of your passport, birth certificate and other government-issued ID in separate files (for reference if you lose the original). 2. If you have an unsecured mailbox, pick up your mail as soon as possible after delivery. If you are going away, stop delivery or arrange for someone to pick up your mail. Checklist of documents you should keep secure • Social Insurance Number card • Birth Certificate • Passport • Drivers Licence • Health Card • Student ID card • Bank statements • Credit card statements • Other financial statements • Government benefit statements 3. Be aware of when your bills normally arrive in the mail and if they don’t arrive, contact the bank or creditor and find out what happened. 4
  7. 7. Out and About 1. Don’t carry identification documents (e.g., birth certificate, passport, SIN card, health card) or blank cheques in your wallet, purse or otherwise with you unless you need them. 2. Don’t store unnecessary personal information on your smartphone or other handheld device. Password-protect your mobile devices with a strong password that can’t be guessed by someone else. 3. Password-protect your mobile devices with a strong password that can’t be guessed by someone else. Smartphones 1. Install security software specially designed for mobile devices and set it to update regularly. 2. Install a backup/wiping program that will back up the information on your mobile device to your home computer and “wipe” your phone if it is lost or stolen so that no data remains on the device itself. These services are available through device manufacturers and wireless service providers.  iPhones have a builtin “wipe” feature that if turned on will wipe the phone after 10 failed log-on attempts. 3. Read the fine-print of applications before installing them. Make sure a site is secure (https) before giving any billing or personal information. 5 Transacting with other people and businesses 1. Don’t give any information about yourself or your accounts to anyone over the phone, through the mail or over the Internet unless you initiated the contact. Unsolicited requests for your personal information are likely to be scams. If the caller (or message) asking you for information purports to be from your bank or another institution with which you do business, hang up and call the institution yourself using the phone number on your account statements, and ask if they were trying to contact you. 2. Don’t give your student ID to anyone who doesn’t need it. 3. Don’t give your Social Insurance Number unless it is required by your employer, your financial institution or the government. Other businesses don’t need it and cannot legally insist that you provide it. 4. Don’t let your debit card or credit card out of your sight when using them to pay for services. Cover the pad when entering your PIN. 5. When selecting service providers to whom you will be entrusting your personal information, look into their privacy policies and their track records with respect to data security. Don’t do business with a company you can’t trust to keep your personal information confidential and secure. Let companies know that this is important to you.
  8. 8. Protecting Your Computer Online Activity 1. Set up your computer with a username and password that you have to enter each time the computer is turned on and after a certain period of inactivity. Only let people you trust know your password. 1. Use strong passwords to protect your financial accounts if you access them online. Passwords should be at least 8 characters long and include a mix of upper- and lower-case letters, numbers, and/or non-alphabetical characters. Do not use easilyavailable information such as your mother’s maiden name or your birth date. 2. Do not store passwords on your computer. 3. Ensure that all computers you use to connect to the Internet are protected by both a firewall and anti-virus software. 4. Keep your computer’s anti-virus software current: set it to update and scan regularly, and don’t let your subscription lapse. 5. Turn off your computer when it is not in use. When your computer is shut off it is also disconnected from the Internet, preventing access to potential thieves. 6. If you use a wireless system to connect to the Internet, you should take extra precautions against unauthorized access. Install a Virtual Private Network (VPN) or other proven system to encrypt the data moving to and from your computer so that it is unreadable. 2. Do not open e-mail messages or attachments if you do not recognize the name of the sender. Delete them immediately. Even messages from people you know can be dangerous if they are caused by computer viruses. If the message seems strange, do not respond to it. Attachments are most dangerous – they can carry spyware that lodges in your computer and sends your personal data back to the criminal who can then use it to perpetrate identity theft. 3. Do not download files unless you are certain that they are safe (e.g., by running them through your anti-virus software). Other people’s computers may be infected and used to send harmful viruses and spyware to your computer through email or downloads, even if the other person is unaware of the infection. 4. Do not activate “pop-up” windows that appear unexpectedly on your computer. Just like email attachments and downloads, they may contain viruses or other malicious software. 5. Don’t post information on your blog, social network profile or website that could be useful to an identity thief. See above for a list of information most useful to identity thieves. 6. If you engage in social networking online (e.g., Facebook, MySpace), set your privacy settings to the highest level; don’t just accept the default settings. 6
  9. 9. Use a nickname rather than your official name. Don’t accept invitations to connect with people you don’t know. 7. Read the fine-print of Applications (“Apps”) before you install them on your computer. If the App requires access to more personal information that it needs, reconsider whether you really want to install it. 8. Connect only to wireless (Wi-Fi) networks that you absolutely trust. If/ when you use a wireless network, make sure that your communication is secure and disconnect from the network when you stop using it. 9. Limit your activities while using public Wi-Fi.  Avoid making online purchases or accessing email while using a public Wi-Fi zone.  Public Wi-Fi hotspots are targeted by hackers since they can give the hacker direct access to your mobile device. Social Networking and Blogging Identity thieves don’t have to steal the information they need to impersonate you if you make such information readily available to them. Personal websites, blogs, social networking sites and online dating sites are prime sources of information for identity thieves. Because these online activities are founded on divulging at least some personal information, using them will always entail some risk. However, there are steps that you can take to reduce your exposure to identity thieves when blogging or social networking. 7 1. Read the site’s privacy and security policies closely before you join it. Understand what you are agreeing to and be sure that you are comfortable with it. 2. Provide the least amount of personal information possible when joining or registering with a site. Make up a birth date or other information if necessary. 3. Limit the information that you post online. Think before you post: could this information be used by an identity thief or fraudster? 4. Never disclose particularly sensitive personal information such as your full name, birth date, home address, phone numbers, Social Insurance Number, or ID numbers on your profile or otherwise on the site. This kind of information is gold for identity thieves. 7. Never post information that could be useful to thieves, such as when you are going away on holiday or directions to your house. 8. Use the highest privacy settings that the site offers. Do not simply accept default settings – these are typically set to share your information widely. Take the time to examine and adjust your privacy settings (if possible) so as to ensure that you aren’t inadvertently sharing your information with strangers. 9. Do not accept “invitations” to connect with unfamiliar persons. Connect only to people you know and trust (confirm with the person offline to be sure it is them), and even then be mindful of the information you exchange, as it is possible that they may inadvertently pass it on to others.
  10. 10. 10. Disconnect from your account before you go on to other things. Never leave your connection open, especially if you are using a mobile device – if someone else gets hold of your device and your account is open, they can pretend to be you on the site. 11. Do not give your user account details or passwords to your friends. 12. Select a setting that does not display a time stamp on your posts. 13. Be wary of applications, especially free applications. Nothing is free; the price is often your personal information. Take the time to find out what information about you the application requires and then decide if it is worth downloading. 14. Do not activate links that lead you to another website, even if the link was sent to you by a known friend or posted on their profile. 15. Do not respond to e-mails that ask you to update your profile unless you know them to be legitimate. Such e-mails may be phishing scams designed to gather your user name and password in order to retrieve greater amounts of personal information that can then be used in identity fraud. Peer-to-Peer (P2P) File-sharing If you use a peer-to-peer (P2P) filesharing program such as Bit Torrent, Morpheus or Kazaa to download and upload music, movies, and files with other users, you are exposing yourself to greater risk of identity theft. With P2P file-sharing, shared files are stored on users’ computers where they can be accessed by other users on the network. If you do not carefully set up your shared information or shared drives, you could end up sharing more information than you intended. Even with carefully restricted file sharing, P2P users can inadvertently allow malware to enter their computers. The following precautions are strongly recommended if you engage in P2P filesharing: 1. Download files only from trusted sources. 2. Scan all your files that you receive during a file-transfer with effective antivirus software. 3. Run virus scans regularly to ensure that no folders or drives are placed in a share mode without your knowledge. 4. Periodically check the files you keep in the shared folder. 5. Provide minimum (Read privileges on the shared files. Only) 6. Make sure that your shared folder is not the default folder for any other application or for downloads. 8
  11. 11. Online Shopping Finally…. 1. Place orders only through secure websites. You can tell if a site is secure: the web address will begin with “https://” and the web browser will display a locked padlock icon. Tell your friends and family about what they can do to prevent identity theft If more people take these steps to prevent identity theft, criminals will find it more difficult to succeed and we will all benefit. Share the information in this publication with other people. Don’t be afraid to correct the habits of a friend or family member if you see they are being https://www.paypal.com with their personal information. careless Your few words could save them a lot of grief. 2. Don’t store your credit card information or other personal information on shopping sites. While this makes future purchases from that site easier (because you won’t have to enter the same information each time), it puts your information at risk of being stolen from the site or exposed unintentionally through a security breach. 3. Read the fine print. Confirm that the business does not share your personal information with other businesses, or opt out of such sharing if necessary. You are legally entitled to “opt-out” of all non-essential use and sharing of your personal information. For more information and tips on Computer/Online protection, see the companion CITSC guide entitled “Protecting Yourself from Online Identity Theft”. 9
  12. 12. Preventing Identity Theft - Tips for Students and Youth Keep your Social Insurance Number (SIN) card and Birth Certificate in a safe place. Do not carry these documents with you. Password-protect your laptop, smartphone or other computing device and program it to revert to password-protected mode after a short period of inactivity. Don’t share your password with others. Secure your laptop when you do not have it with you. The best way to secure your laptop is to store it in a locking security box. Think before you post information about yourself on social networking sites or elsewhere online. Consider whether an identity thief might find that information useful. Be wary of the peer-to-peer file sharing programs. They also increase the risk of unauthorized access to your computer through malware or otherwise. Ensure that all computing devices you use to connect to the Internet are protected by both a firewall and anti-virus software and that these programs are set to update regularly. Don’t share your PINs or passwords with anyone. See CITSC’s guide to Protecting Yourself from Online Identity Theft for more information and tips about how to protect your computer and your online activities. If you have mail delivered to an unsecured mailbox, don’t leave it lying there for long periods of time.  Check your monthly bank and credit card account statements as they come in and look for unexplained expenses. Don’t share your SIN with anyone other than the government, your employer or bank (they need it for tax purposes). Never loan your driver’s license, identification cards or credit cards to anyone else. 10

×