Follow us on:

 

 

Casey Goossens
President, CEO
idAlerts Canada Inc.

idAlerts was developed in 2005 by fraud experts and software developers to help catch these thieves as they act, not weeks or months later when it's far too late. idAlerts is the foremost solution provider for identity theft in Canada. Through our TIPS (Total Identity Protection Services) program, idAlerts can offer credit management and identity theft detection, protection and recovery services to the customers of many of Canada's highest profile organizations.

Specifically designed for Canadians by Canadians, idAlerts offers the most comprehensive suite of credit management and identity theft protection services on the market today. Through a credit bureau partnership, the TIPS system monitors your financial and profile activities on a daily basis, allowing you to feel secure that you and only you are running your financial life! We guarantee it.

 

 

TIPS from the BLOG
Blog Archives
The idAlerts Team

Casey Goossens
Chief Executive Officer

Casey is a proud Grandpa of 5 who loves to golf, write poems and stories, and play guitar for hours on end to the detriment of his amazing wife Sharron. 
 

Anna Ryzynski
Director of Operations

Anna is a devoted mother with a new found passion for exercise and healthy eating who also enjoys travel and Latin dancing.
 

Barry Boyd
Director of Sales and Marketing

Barry loves guitar music, enjoys getting away on family vacations and is known to spend a lot of money on golf balls.
 

Maureen Macdonald
Service Specialist

Maureen loves all things outdoors, she is an avid reader, a mediocre cook and a proud mom of two.


Rebecca Mayville
Client Services

Rebecca has been known to put back a book or two, she loves fashion, food, family and friends and is a terrific mom to her two boys.

 

Wednesday
Sep142016

Identity Theft – The Struggle to Keep Up

The data breach numbers continue to grow as businesses and organizations struggle to keep up with the latest technology in the hope that they will be protected from the onslaught of identity theft. Identity theft has evolved over the last decade into a very sophisticated array of attacks that range from simple phishing attempts to the takeover of a computer, or network of computers (without the user’s knowledge) to become part of a much larger network (Botnet) that is used by the hacker to collect large volumes of information. The “Botnet” is also used to mask the routing of the violation through easily-attainable IP addresses (your computer’s identification on the internet).

These “Botnets” are then used to launch attacks, like DoS (Denial of Service) and DDoS (Distributed Denial of Service), often requiring users to pay ransom, usually in the form of the untraceable “Bitcoin”, to regain control of their own servers, networks and computers.

The vast amount of “personally identifiable information” that is siphoned from corporate servers becomes a valuable commodity on the black market. There it is sold to traders who operate, with anonymity in the “deep and dark web”, where it is offered for sale to anyone willing to buy it.

This identifying information is used to open new bank accounts, acquire loans and even purchase homes – all in the name of the unsuspecting, innocent victim. In Canada back in 2010, the financial loss associated with Mass Market Fraud  was estimated to be approximately $10,000,000,000.00 (yes, that’s $10 Billion), annually, up from $3B in 2008.

Once a data breach is discovered (and sometimes this may take months), businesses and organizations are faced with several options, none of which are pleasant. If your business or organization operates in a region that requires mandatory notification to data breach victims, your options are more focused. The best advice here is to engage with, and take direction from, a recognized Breach Coach expert.

Notification to data breach victims usually comes with an offer from the business or organization to provide the victim with Credit Bureau Monitoring services for a fixed period of time. This service will allow the breached victim to access their Credit Report and also receive electronic alerts when activity is observed on their credit bureau file. While you cannot stop a thief from stealing your identity, you can stop them from using it, and this is one of the great values in Credit Bureau Monitoring. As an example, the service offering from Collinson Group-idAlerts will detect the initial “inquiry”, which occurs before a trade line (or new credit card) is even issued, thereby allowing the consumer time to shut it down before their credit worthiness is compromised.

For more information on Identity Theft, and to learn how to proactively protect yourself from the perils of Identity Theft, check out the resources at www.idalerts.ca

Monday
May302016

Have You Reached Your Limit? 

Why more and more people are cutting back on the amount of hours they spend online to protect their identity.

 

Do you limit the amount of alcohol you drink?

Are you conscious of the number of hours you spend sitting at your desk?

Do you try to control the number of calories you intake per day? 

Many of us set limitations on certain activities because we know the impact of too much alcohol or a mainly sedentary lifestyle or an overly caloric diet can have on our health. And we know about these potential impacts because we’ve already experienced them firsthand or through someone we know or we’ve heard evidence from trusted experts. But regardless of how we come to realize the importance of making these limitations, the important thing to note is by limiting the activities we believe we are protected from the potential impact to our health. And with this mentality in mind, it’s easy to understand why more and more people are curbing their time spent online because of fears surrounding personal privacy and security.

Reports of this behavior come via a survey by the Department of Commerce's National Telecommunications and Information Administration (NTIA). The results make a direct connection between people scaling back their online activities and the impact of a wave of recent security breaches of personal data. In particular, when asked the reason why limiting time online was necessary, an overwhelming majority cited identity theft as the reason.

But does limiting your time online provide the best protection for the privacy of your personal information?

The short answer is no. And here’s why. Identity theft is a very serious and unfortunately, common risk in today’s world. Most of this risk is found online because that’s the area where so much of our information is stored. But with so much digital activity now involving our personal information – bill payments, filling out our 2016 Canadian Census, and health insurance forms – is it realistic to think we can completely avoid the potential risks online?

No, it’s not realistic and that’s why the Government of Canada offers tips for safe internet use (especially via your email account) via http://fightspam.gc.ca/eic/site/030.nsf/eng/h_00095.html:

  • Don't try or buy a product or service being advertised in a message you receive from a sender you don't know.
  • Don't reply to spam if the message seems at all suspicious to you. Never reply to, or click on a "remove" or "unsubscribe" link in a suspicious spam message. If you do respond, it can confirm your address and cause you to receive more spam.
  • Once Canada's new anti-spam law is in force, messages coming from businesses and organizations with whom you have a business relationship should have a working "remove" or "unsubscribe" link to tell the sender that you no longer wish to receive their messages.
  • Never visit websites advertised in a suspicious spam message, and, in particular, beware of links in such emails. They are not necessarily what they appear to be and may take you to a different website without you realizing it. If you do decide to visit a website that appears in a suspicious message, it's better to type the address in your web browser yourself.
  • Attachments included in emails may have software that could harm your computer's performance or steal your personal information. Malicious software may corrupt your computer or take over your email account so as to send viruses to other people. Only open attachments in emails from someone you know.
  • Fraudsters can also make messages look like they come from people or organizations you know; this is called "spoofing". If you are unsure about an email message, don't open it. Use an alternative method of contact to reach the sender. Look up the contact information for the organization on their website, in the phone book or on printed correspondence you may have from them—the contact information provided in the original email could be false.

 

Identity theft is often more serious than a hangover, worse than that extra slice of cheesecake and can be more difficult to crack than a stiff back. But the answer is not as simple as limiting the time spent online (like we do with sitting at our desk or cutting back on what we eat during the day). We are living in an increasingly connected world where it is most important to make knowledgeable decisions about what happens to your personal information, where your information is and what to do following a breach of your information.

Tell us: Have you made any changes to the amount of time you spend online because of the privacy and security risks associated?

For more information on Identity Theft and Credit Bureau Monitoring visit us at www.idalerts.ca or follow us on Twitter at @idAlerts

Monday
Apr182016

Data Breaches Only Happen to Bad People and Other Myths

 

This past weekend my son spent a couple of hours building an intricate Lego set. Every piece of the elaborate structure was picked up, adjusted and snapped into place by his little yet surprisingly deft fingers. I admired his attention to detail and ability to sit still and stick with the project and thought many times how much older and mature he looked while working. When he was finished, he took a few moments to admire his handiwork and then picked up the thing with wings (a spaceship/ dragon/ robot hybrid) and started flying it around the room and then went running up the stairs to put it in its rightful place amongst the other creations in his room.

Except along the way, he tripped.

That spaceship/ dragon/ robot hybrid went flying out of his hands, hit the stairs and went tumbling back down and hit the wall. I heard him fall, heard the Lego crash and within seconds I heard the cries begin.

By the time I got to him and tried to draw him and the disconnected pieces closer, he stopped crying long enough to ask me – Did this happen because I was bad and was running on the stairs even though you always tell me not to?

I quickly assured him that bad things don’t happen just because you’ve done something bad and we got on with the weekend. But Monday morning, long after that spaceship/ dragon/ robot had been pieced back together (by all available fingers in our house), I got to thinking about bad things happening to bad people and a couple of recent events came to mind:

In early 2015, an unknown attacker breached the servers of Panama firm Mossack Fonseca and leaked 11.5 million files of sensitive data. Technically, this is the world’s biggest data leak, including 4.8 million emails, 3 million database files, 2.15 million PDF files, 1.1 million photos, and 0.32 million text files. The names associated with these documents include many foreign leaders and famous people. Included with these names is an extensive network of offshore investment accounts that reportedly were used to make secretive investments and enhance luxury lifestyles.

And this one…

In the summer of 2015, 32 million members from the website Ashley Madison had personal details, including email addresses and account information, publicly exposed by a hacking group who call themselves, The Impact Group.  The hackers claimed they did this to expose the members and the affairs they were engaging in through the site, but they were also attacking the business practices of Ashley Madison (a site designed for extra-marital affairs), especially the requirement of members having to pay $19 to delete their account (but as it turned out, it didn’t actually scrub all data). The names included in the breach were from all walks of life, including politics and the military.

And then it wasn’t a six year old voice asking, but my own, when I heard the question:

“Do breaches only happen to bad people?”

The easy answer to this question is the same one I gave my son – no, of course not.

Generalizations such as bad things happening to bad people are how myths are born.

And myths about bad things happening to bad people lead to the spread of misinformation.

And misinformation leads to errors.

And errors lead to data breaches.

But data breaches don’t just happen to bad people. And lots of people have tripped while running up the stairs while holding something breakable (whether their mothers have told them not to).

The Panama Papers and Ashley Madison  data breach made headlines, not only because of the massive amounts of Lego pieces, I mean pieces of data, that were spilled but because the people who had their information breached were considered “bad”. And while we don’t condone illegal or immoral behaviour, the protection of personal identifiable information (PII) is something that must be valued by us all.

And the surest way to do this is by shutting down those myths that lead to misinformation that leads to errors.

Myth #1: The majority of breaches are caused by outside forces.

False. 41% of breaches in 2015 were caused by the loss of devices used for work. Many of us often overlook how much sensitive data is stored, or provides access, on our laptops and mobile devices. If any of these devices should be lost, stolen or left unprotected in any way, they become an easy target for stealing the data.

Myth #2: PII is the only information hackers want

False. While personal identifiable information is still the data most often breached, health care data, financial information, and especially credentials continue to act as breach bounty.

Myth #3: Retail is the industry most targeted.

False. Almost a fourth of all breaches committed were in healthcare. The second was education, followed by government agencies. Retail came in fourth. Regardless of where an industry falls on the list, the damage inflicted by a breach to the reputation and revenue of a business remain the same.

Myth #4: PII holds the largest worth on the black market.

False. With the rise of data breaches, and therefore the amount of PII available, the going price for it has dropped. Where a piece of data used to go for US $4, now it averages for US $1.

Are there more myths about data breaches you have heard and want to debunk? Share them with us via our social media channels so we can stop the chain of errors that lead to data breaches. But please, don’t run to do it, we wouldn’t want you to fall over and spill any data on the way.

For more information on Identity Theft and Credit Bureau Monitoring visit us at www.idalerts.ca or follow us on Twitter at @idAlerts

Monday
Feb222016

The Love and the Loyalty: Identity theft and Rewards Programs

         

Forget about those crazy kids Romeo and Juliet. Forget when Harry met Sally. Forget about that Titanic-ly passionate but short-lived relationship between Rose and Jack. The truest, and most enduring love story, is the classic marketing program based on Trust and Loyalty, and the offspring of this union – Rewards.  

The modern day rewards program was (unofficially) born as a result of our affair with the sky and the introduction of the Frequent Flyer program by American Airlines in the 1980s. From then on, rewards programs have touched down on everything from coffee to hotels to drugstores. Today, the loyalty industry (in the US alone) is estimated to be $48 billion. And like my need to get as close to the drinks cart on an airplane as possible, once the criminals get a whiff of that much money, they are going to do everything they can to get a piece of it.

The most talked about love stories have always been those most tested. Romeo and Juliet were threatened with archaic rules from their families. Harry and Sally were threatened by modern day dating rules and a serious case of overthinking things. And Rose and Jack were physically threatened by a gigantic iceberg and the absence of adequate lifeboat supplies. Today, the rewards born of trust and loyalty between businesses and customers are being attacked. And I for one, am not going to stand idly by and let true love be poisoned again (I’m looking at you, Romeo and Juliet).

What is the point of the points programs?

 

In our country, approximately 89% of Canadians adhere to at least one loyalty program. And judging by the amount of cards, key fobs and Canadian Tire money many of us have on or around our persons at any one time, I think this is a pretty accurate estimation. But those plastic cards and fobs don’t actually look like or represent real money (except you Canadian Tire) so what is the big fuss if some criminal wants to take a couple of points? Well the point of the matter is that the points are not the point! As if I really needed to point that out. Point taken. Ok I’ll stop...

Fact: the common criminal will always choose to take the quick and easy money off your credit card over all those points you collected from purchasing beauty products at the drugstore. And ok, maybe that common criminal will also be interested in the punch card you carry with you because criminals need a lot of coffee to continue their devious ways (and of course they’re not going to pay for it). But when it comes to identity theft – the real point of this story - it’s the uncommon criminal who has realized how much of your personal information is available via your participation in a loyalty program and is wasting no time in figuring out how to compromise that loyalty.

That uncommon criminal is not wasting time on free coffees. The Buy 10, Get 1 Free coffee card doesn’t ask a lot of you when you sign up. In fact, there’s little asked about you in that transaction beyond, milk or cream? But when it comes to more in depth loyalty programs, many businesses are now asking for more and more of your personal information upon registration and then storing your buying habits along the way in order to advertise to you, maintain stock levels in their stores and even test your loyalty by charting how often you use your loyalty card at their location. It is this intimacy of details that the uncommon criminal is trying, and sometimes succeeding in accessing. So how can we all work together to save the love AND the loyalty?

How can we save the love and the loyalty?

 

You may think you’re being safe online when it comes to your email habits, social media accounts, and financial institution transactions but have you stopped to think about how much of your personal information is at risk because of your enrollment in loyalty programs? How much do we really know about the security surrounding these programs and therefore the info we have provided for them? Kirill Slavin, general manager of Kaspersky Lab, recommends that anyone doing data business online – whether it’s a company requesting data in exchange for rewards or a customer submitting the data – has a shared responsibility towards security.

For businesses, security involves specific technological measures including the salting and hashing of passwords and encryption of personal data but more importantly, experts suggest that today’s security climate demands a three pronged approach to data protection that not only includes the tech aspects but also the people and process elements of the business. Everyone can agree that security is no longer relegated to just the IT department any longer but rather is an issue that must be spread out from wall to wall of the company. Both the preventative measures and reactive arrangements, such as credit bureau monitoring, will demonstrate a business’s commitment to protecting the data of its customers. Actions speak louder than words when it comes to proving a commitment to customers about the security of their data. Security details are the new roses so offer your customers a blooming, fragrant, healthy bouquet today and show them how much you care about protecting their personal data.

Customers cannot and should not rely on businesses alone to protect their data. Remember earlier when I mentioned those overloaded wallets, key chains and glove compartments of ours? Perhaps it’s time we took stock of where our loyalties lie and therefore where our personal identifiable information lies. While it’s a nice feeling to know we have the option of building, saving and reaping rewards from a bunch of different businesses, the problem with that model is the difficulty, time and attention required by us as customers to keep up with the security of all those different businesses. The most effective way to monitor any discrepancies in your loyalty program account is to login regularly to that account and ensure that all your points are as they should be and that none of the details in your account have changed (address, phone number or email address). You have invested time and money into the collection of those points, but even more importantly, you have invested your entire life to building your personal information; protect it.

It’s far too late to save Romeo or Juliet and although we may all have a chance to recreate the Titanic-themed romance of Jack and Rose with the upcoming launch of Titanic II, we cannot afford to risk the sanctity of loyalty programs. And if this article hasn’t proven that then perhaps this poem can: Roses are red, violets are blue. I love rewards and so do you. Let’s take the plunge and vow to protect the points, the loyalty and the data.

For more information on Identity Theft and Credit Bureau Monitoring visit us at www.idalerts.ca or follow us on Twitter at @idAlerts

 

Thursday
Jan282016

Stop. Think. Connect. 

idAlerts is a proud champion of Data Privacy Day 2016. We stand with our fellow champions across the world as we seek to create awareness about the importance of privacy and protecting personal information. In honour of this year’s Data Privacy Day, we offer our readers this article on why the mobile device is the new wallet when it comes to identity theft.

 

 

Mobile Devices and Identity Theft Protection

There was this time in my mid-20s when I lost my wallet (a story for another time). It had everything in it – my social insurance card (also known as my backup video-renting card at the time), my birth certificate (because of all the people demanding to know what hospital I was born at) and even my passport (easy explanation for this one – I honestly believed Prince Charming was going to whisk me away on a spur of the moment trip around the world). This was way before I ever started working here at idAlerts, way before I had ever heard of identity theft and obviously way before I met Mr. Right and he whisked me away on a different kind of journey (a more sedentary and domestic one filled with small children!).

Fast forward to last year when in some crazed, sleep-deprived, haven’t-yet-had-a-coffee kind of morning, I backed out of my driveway and within five minutes on the road heard a soft yet earth shattering crash as something flew off the top of my car and hit the road behind me. Only after checking to make sure I had actually put both my children in the backseat did I feel for my phone. It wasn’t there. After a U-turn to confirm my suspicions,   I discovered that my phone had met a devastating end.

In terms of time and effort, losing my wallet and all those crucial pieces of documentation in my 20s was worse than the loss of my phone. To replace my birth certificate (the ultimate form of ID) I had to bring my mother to the government office to vouch for me, next came tons of form filling and photocopying for the rest of the documents and cards, and then the licking of all those stamps and envelopes and finally the waiting of numerous 6-8 week time periods. But finally I had gathered my personal identity back together again – this time though that identity was kept out of my wallet.

Within a few hours of losing my phone to the dangerous side streets of Oakville, ON,        I had replaced it. And there had been no need for a vouching mother, no photocopying, no stamp licking and certainly no 6-8 week wait times. Yes, I had lost precious photos of my sons that I hadn’t backed up. Yes, I had lost contact numbers for everyone in my life because if I can’t remember to bring my phone inside the car with me I’m certainly not going to be able to remember ten digit combinations. And yes there was the money that I had to fork out for that new phone and the incredulous faces and sounds that came from my husband when I told him what happened. But none of that came close to what could have happened had my phone actually been lost or stolen and then fallen into the hands of the wrong person.

The lost phone is the new lost wallet.

Maybe you’re thinking – but I don’t have anything on my phone that criminals could want. But do you really know what criminals want? It’s not money – it is information. And in today’s world of banking apps, digital currencies and electronic communications, they’re not going to find that information in your wallet but they are going to find it via our phones. My wallet today contains just a couple of cards, some change, and a bunch of photos of my kids, nieces and nephews and friends’ kids. My phone on the other hand holds personal information, entry points to more sensitive data and megabyte upon megabyte worth of photos of my children (because in the conversation of mobile versus wallet, this is one constant that will never change). Today’s currency is personal identifiable information and our mobile devices hold all of it.

According to an American report by Consumer Reports, 1.4 million phones were lost in 2013 while 3.1 million phones were stolen. The staggering amount of personal information these devices contain – including photos, contacts, email accounts, and apps for banking, shopping and socializing – is the reason those 4.7 million phones that went missing (and that’s just in the US) are such a big deal and why we all need to start treating our phones, not just as phones, but as mobile personal information devices that deserve and command respect and security.

In Canada, there is good news. Since September 30, 2013, all GSM, HSPA, and LTE devices reported lost or stolen to a Canadian service provider have been blocked from all Canadian networks. By recording the International Mobile Equipment Identity (IMEI) number from the device, the Canadian blacklist ensures that it cannot be activated by a carrier for use - including web browsing, phone calls or texting. This not only provides security and peace of mind when you lose your wallet but also covers those of us looking to buy used and refurbished devices.

But even before having to resort to the blacklist, there are simple steps you can take to protect the information on your mobile device:

1)      Updates: Smartphones need to be updated when security fixes are developed. Being notified of an update can be annoying but there is a reason for them. Some updates are merely for functionality but some are to fix critical security vulnerabilities that can end up being more of an annoyance than the few minutes an update can take.

2)      Security software for your mobile device is a necessity. I think we can all safely say that installing virus protection on our computers and laptops is a no brainer. But how many of us have security software installed on our mobile devices? In honour of Data Privacy Day, treat yourself to mobile security software – it’s the gift that will keep on giving.

3)      Have a unique and secure PIN. This is the ultimate security secret that so many of us seem to forget. It should have us all going “Duh!”. Passwords and PINs remain one of the easiest ways for you to secure your devices, accounts, and personal information from fraud.

4)      Think before you click, open, or download anything. Just like on your computer, be very weary of where each link is going to take you should you choose to click on it. If you’re unsure, don’t click.

5)      Understand the terms of use. Did you hear about that new app guaranteed to help make you more productive/ healthy/ sane? Before you download it on your phone, make sure you read through all of the fine print in the application’s privacy policy and terms of use. Does that game you downloaded to clear your brain between meetings at work really need to access your camera? Instead of using those minutes between your meetings to play, why not use that time to start reading up on who is accessing the information on your mobile device.

6)      Surf safely. It can be so tempting to tap into free public Wi-Fi and save money and data but even if something is free it can still come with a cost. In this case, the cost is your personal information and if you do not have the proper safeguards put in place to protect your phone, you may be at risk.

7)      Backup your phone’s information. Don’t risk losing all of the information on your phone should it become lost, stolen or damaged. Save photos and videos, contacts and emails regularly.

By the end of 2015, the number of mobile devices in the world outnumbered the number of people. There is no denying that more and more of us are conducting our personal and professional business via those devices. We must make the security of the information available on these devices a priority – just like I now make having my coffee a priority before I pack up my car in the morning a priority.

To learn more about Data Privacy Day and the steps we can take year round towards privacy awareness and the protection of personal information, visit https://safestayonline.org .

For more information on Identity Theft and Credit Bureau Monitoring visit us at www.idalerts.ca or follow us on Twitter at @idAlerts