What you need to know about the Equifax data breach and steps you can take

data breach

As you may be aware, Equifax announced last week they had experienced a data breach affecting approximately 143 million Americans. The Canadian exposure is reported to be limited.

This breach was not against any bank or credit union, but against the credit reporting bureau. If you wish to check whether your data may be among those files that were compromised, you can check on the following website:  https://trustedidpremier.com/eligibility/eligibility.html

Alternatively, you can monitor the situation on a special Equifax web page for current information  https://www.equifaxsecurity2017.com/

If you wish, you can contact Equifax to discuss your concerns at  1-877-323-2598 or 1-866-828-5961 . Please note that service may be affected by Hurricane Irma.

What to do if you believe your data has been hacked:

  • Monitor your existing credit card and bank accounts closely for unauthorized charges. Contact relevant financial institutions, such as banks that issued credit cards and stop cheques, as quickly as possible. Call local police along with Service Canada if your Social Insurance Number was used. Report confirmed cases to the Canadian Anti-Fraud Centre  http://www.antifraudcentre-centreantifraude.ca/index-eng.htm  Toll Free  1-888-495-8501;
  • Change all affected passwords with new, strong and unique passwords for each account;
  • Consider placing a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. It will not prevent a thief from using any of your existing accounts;
  • Consider enrolling in a fraud alert. Equifax says it will offer free identity theft protection and credit file monitoring for one year to all U.S. consumers, but doesn’t say if that will be available to Canadians. The service monitors if your information is used to open credit accounts or appears on suspicious websites. Several identity theft and recovery companies provide similar services.

Be aware of these fraud trends to watch out for in 2017

hand coming out of computer to steal man's wallet

According to the Canadian Competition Bureau (Competition Bureau, 2017), these are the trends in fraud related crimes we can expect to see in  2017:

Subscription Traps: Survey says…be careful

Subscription traps, sometimes also referred to as Continuity Scams, can take various forms. They can appear as an advertisement featured on your favourite social media site, a referral from a friend (on Facebook, for example), a fake “survey” that pops up on your computer while you’re online on another website, or from a telemarketer. No matter the form, they will always offer you a “free” trial or purchase of a product, and all you have to do is simply pay the shipping and handling using your credit card. If consumers agree to this, they will find themselves signed up to a subscription service with ongoing fees and unexpected charges. Contacting the company will result in them pointing you towards their online terms and conditions, routinely buried in fine print. Unfortunately, by not returning the “free” product you ordered, you agreed to a monthly subscription of that product and authorized monthly charges on your credit card. Once, you are stuck in this situation, it is often extremely difficult to put a stop to the charges.

Spoofed websites: Ain’t nothing like the real thing

A spoofed website is a site that uses deceptive means to mislead consumers into thinking that it represents a specific business, financial institution, government or charity. These websites generally imitate the real websites to sell products or services that may or may not be authentic, or to obtain sensitive financial or personal information from users. Often they will provide enough information to appear like the real thing, including the location of stores, phone numbers, terms and conditions, and logos.

Ransomware: When your hard-drive is kidnapped

Ransomeware is a type of malicious software designed to block access to a computer until a sum of money is paid. A computer can be infected by ransomware in a number of ways, but most commonly, victims click on a malicious link or attachment received through a phishing email. Once infected, victims will see a “ransom” note which is often designed to scare or extort the victims into making a payment. For instance, a message could appear saying that your personal files and pictures will be deleted unless the consumer pays $100-$250 via Bitcoin, Ukash or PaySafe Card to have the computer unlocked.

Business Executive Scam: Don’t follow this boss’ orders

Sometimes referred to as the Business Email Compromise scam, this fraud starts when a potential victim receives an email that appears to come from an executive in their company who has the authority to request wire transfers. In some cases, the fraudsters create email addresses that mimic those of the CEO or CFO. In other cases, the fraudsters have compromised and subsequently used the email account belonging to the CEO or CFO. Often, the email will indicate that the “executive” is working off-site and has identified an outstanding payment that needs to be made as soon as possible. The “executive” instructs the payment to be made and provides a name and a bank account where the funds, generally a large dollar amount, are to be sent.

Losses to this scam typically range from tens of thousands of dollars to hundreds of thousands of dollars.

And here are the ones that we keep seeing again and again:

Fake Online Endorsements and Sponsored Content – Followers and likes doesn’t mean it is good advice

Consumers are often enticed to purchase a product or service based on reviews by social media influencers or those with a significant online presence. Unfortunately, there’s a chance that these reviews are not genuine and have in fact been paid for by a company as a marketing tactic. By not revealing their business interests and creating what seem to be authentic experiences or opinions, these influencers are misleading consumers and could be subject to action under the Competition Act.

Astroturfing – It looks real, but it isn’t

Astroturfing has similar characteristics to fake online endorsements. The term “astroturfing”, when used in an online advertising context, refers to the practice of creating content that masquerades as the authentic experiences and opinions of impartial consumers, such as fake consumer reviews and testimonials. This is often part of organized efforts by companies to boost their own ratings or to lower the ratings of their competitors. For example, companies have been known to encourage their employees to post positive reviews on websites and review platforms, or to provide their customers with incentives to leave positive reviews.

Binary Options Scam: Never a good bet

Similar to gambling, binary options work much like a wager. All or nothing “bets” are invested based on how an asset will perform within a certain timeframe. The asset could be a stock, a currency or a commodity. Websites are designed to attract users to trade binary options, by offering high rates of return and by claiming to be risk free. Initially, a virtual gain is seen, but there is no way to access the profits because they are non-existent. Currently in Canada no business is registered or authorized to sell or market binary options.

It is always risky to invest in offshore companies; investors who buy into a binary option run the risk of having their identity stolen, accumulating losses for unauthorized withdrawals on their credit cards and incurring high interest payments on an investment that doesn’t exist.

Employment Scams: No experience needed!

Scammers use online classified websites like Kijiji, Craigslist, Monster, Indeed, and Workopolis to recruit potential victims. The most common scams include Mystery Shopper and HR/Administrative jobs.

Consumers are offered a mystery shopper job after responding to an online ad or a text message. The victims receive a cheque in the mail with instructions to complete local purchases and send unspent funds through a money service business. Victims are told to document all experiences and evaluate customer service. Eventually, the cheque is returned as counterfeit and the “employee” is accountable to pay for the funds that were wired.

Another common job scam involves the victim acting as a financial receiver/agent. Victims are told to accept payment in their personal account (often by eTransfer or cheque), keep a portion and forward the remaining amounts to third party “employees” or “companies”. Victims are eventually advised by their bank that the original payment was fake or fraudulent and any subsequent monies sent are therefore paid out of the victim’s own pocket. Scammers will attempt to process as many payments as possible before the victim’s financial institution advises that the original payment was fake.


It’s extremely important to report fraud to the authorities. Complaints are one of the best ways to gather evidence in order to better protect consumers and businesses. If you think you’ve been the victim of fraud, report it to the Canada Anti-Fraud Centre, the Competition Bureau or the RCMP.


Source: Competition Bureau. (2017, February 28). Retrieved March 23, 2017, from Government of Canada: http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/04201.html



Digital Spring Cleaning

Fraud prevention

Thank you to Angela Baas with Re/Max Twin City Realty in Waterloo for sharing this timely article during Fraud Prevention Month. Many of us don’t consider cleaning up our digital space on an annual basis – this would definitely be a good habit to start!

Courtesy of the Better Business Bureau and the American National Cyber Security Alliance, here is a 4-week schedule on how to clean up your digital life.

Week 1: Keep Clean Machines

As a very basic first step, make sure that all web-connected devices ‒ including PCs, mobile phones, smartphones and tablets ‒ are free from malware and infections. Keep all critical software current and up-to-date. Delete unused apps from your devices. Actively manage your location services, Bluetooth, microphone and camera settings.

Week 2: Make Sure You’re Secure

Secure your router. Make sure it has a strong password and does not broadcast who or where you are. Create better passwords. Use a combination of caps, lowercase, numbers AND symbols. Have separate password for important online accesses (email, banking, networking, etc.) Write them all down and keep them safe. Secure your phone by using a passcode or a fingerprint to unlock it.

Week 3: Digital File Purge and Protection

Tend to your digital records, PCs, phones and any device with storage just as you do for paper files. Clean up your email – delete or archive what you don’t need. Dispose of electronics securely – shred hard drives, disks & memory cards. Update your online photo albums and online relationships – Make sure you have everything and everyone where they should be. Back it up – copy important data to a secure cloud or drive for safe storage. Commit to doing backups on a regular basis. Empty your trash or recycle bin on all devices.

Week 4: Clean Up Your Online Reputation

Parents and older kids with social media accounts can take an active role in making sure their online reputation is squeaky clean. Own your online presence. Review privacy and security settings. Clean up your social media presence and update your personal information, where necessary.

*Source: http://www.bbb.org/digital-spring-cleaning/

March is Fraud Prevention Month

girl with red hair getting credit card number stolen on computerProtect yourself from fraudsters!

Here are some steps you should take to prevent fraud from happening to you or to someone you love (courtesy of Crime Stoppers and the Waterloo Regional Police Service).


• Beware of the “hi grandma/grandpa, it’s me” telephone scam. Hang up and report.
• Always know who has access to your bank accounts, cheque book and credit/debit cards.
• If you suspect an elderly friend or relative is getting exploited, report it. They deserve better.
• Never provide anyone with personal or banking information to receive what they claim is a lottery prize.
• If a pushy salesperson is trying to convince you to buy something, be rude but safe: close the door.

Senior Woman Giving Credit Card Details On The Phone


• Do not post pictures of your ID on social media, even if you’re proud of passing your driver’s test.
• Remember that when stores ask you for your personal information, you can say no.
• Always protect your mobile device with a PIN, pattern or password.
• Try using SuperGenPass for secure and diverse passwords.
• Get to know the privacy settings on your social media accounts and be careful of what you post.
• Your personal information is a lot like the ‘one ring’ in Lord of the Rings: “Keep it secret, keep it safe”.
• Do not pick security questions other people would know the answer to or could easily find out.


• Never reveal who you bank or invest with on social media.
• Make your passwords complex and change them often.
• Online ads often have malware in them. Disable them by using an Ad Blocker tool.
• Beware of chic investment websites, their credibility and security varies.
• Always mouse over links in all emails to ensure they go to the URL they claim to.
• Your bank will never randomly email you asking you to confirm your password and personal information.
• Beware of online charities and ‘fund me’ campaigns. Don’t take them at face value, they could be scams.
• Always shred your bank statements and other sensitive information, don’t trash it.


online fraud, man without face on laptop computer
• Never write down or share your PIN number with anyone for any reason.
• Always cut up old cards and IDs into small pieces and dispose of them separately.
• If you lose your credit or debit card, call your bank asap to have it cancelled.
• When shopping online, only use well-known retailers with secure (https) checkouts.
• Review your account statements diligently and report any suspicious or inconsistent transactions.
• Do not use your credit or debit card in suspicious terminals or machines. Your hunch is correct.
• Never provide your credit card information to anyone on the phone.


• Never pre-sign or partially fill out any cheque, even if it is in your possession.
• It’s a scam if someone sends you a cheque or money order and asks you to return a portion of the funds.
• When mailing a cheque, wrap it in a printed paper or card to make it harder to detect.
• Always use cheques in numerical sequence to make any lost or stolen cheques easier to detect.
• Most banks have an option to view an image of every cashed/deposited cheque you wrote. Use it.