How many passwords do you have? Dozens, probably. But how many unique passwords do you have? If you’re like many people, maybe only a few – or even just one. And that, say the experts, is like leaving the keys in your car with a big sign that says, “Steal me” – except that the bad guys can not only steal what you have (like bank accounts and investments) but also compromise functions that control what you do (like remotely activating camera and audio-recording features, deleting emails, phone calls and texts, or even opening your garage door – so they can steal your car).
Your most important password
It’s not your online shopping account. It’s not your Canada Revenue Agency ID. It’s not even your online banking password. It’s your webmail password. Why? Because if cyber-crooks can get into your webmail account, they can use the "password recovery" feature on other sites to gain access to almost all of your other accounts. So protecting your webmail is your first line of defence against fraud. That means always using a secure connection to your webmail account (consider using a VPN – virtual private network – when using public wi-fi for personal use) on any device wherever you are, and turning on 2-step verification if that’s possible. And remember: Your password is only as secure as the last site you used it on.
On its website, Get Cyber Safe, the Canadian government offers some password tips, including:
- Don’t ever use your name, birthday, driver's license or passport number.
- Memorize your passwords and don't store them on your phone or laptop.
- Change your passwords often.
- Re-enter your password every time you visit a website or browser, even if it gives you the option of staying signed in, or offers to remember your password. (Bonus: Having to enter it every time will help you remember it.)
- Clear your browsing history or cache after banking or shopping online.
- Don’t enter your password until you’re sure a site is secure. Look for a padlock or unbroken key icon in the browser window, along with a url that starts with https://, not just http.
- Be sure to change the original default password on your smartphone.
Your passwords should be at least 8 characters long, and should include upper- and lower-case letters, numbers and special characters (like # or &). But the strongest password is useless if you can’t remember it.
If you find it frustrating to create strong passwords that you can actually remember, here are a couple of tricks:
- Promote your personal goals. After all, most of us type passwords dozens of times every day, so why not seize the opportunity to reinforce positive changes? Repetition forms habits, good and bad. If you enter a password 4 times a weekday, that’s around 84 repetitions a month.
Jot down your goals and then use the first 1 or 2 letters from each word to develop an 8-character password. Then capitalize and replace some letters with numbers and special characters. For example, “Quit smoking forever” becomes the password QtsM4#v@. Similarly, “Save money for trip to Paris!” becomes s$$4T2€!
Note that keyboard symbols, like the €, add extra complexity to your passwords. You can find out how to create them online; here are some simple examples:
- Ctrl + alt + E = €
- Shift + : + ) = J
- Shift + : + ( = L
- Celebrate pop culture. Start with the initial letters in a familiar sentence (like a book title, a song lyric or the punchline of a favourite joke), then swap out a number or two, and throw in a special character in an appropriate place. So “Aren’t you glad I didn’t say banana?” could become Aygid5b? And “What we have here is a failure to communicate” could become Wwhh!af2c8.
If you’re convinced you can’t remember more than a couple of passwords, consider getting a password manager app, which will keep an encrypted list of all your passwords that’s accessible only by one, master password. Needless to say, that master password should be the longest and strongest of all.
How do you know if your webmail account has been hacked?
Some obvious signs:
- Your password no longer works.
- Family and friends complain that you keep “spamming” them.
- Messages appear as having been read, even though you haven’t seen them.
- “Sent” and “Deleted” folders contain messages sent or deleted, but not by you.
To combat webmail account hacking, some major webmail providers offer self-serve monitoring features that let you check and validate your account activity:
More on foiling webmail hackers:
- How to find out who has accessed your email account
- What to do if your email account gets hacked and how to prevent it
Beware of fake news
Defending yourself with strong passwords and high-tech apps will help protect you against fraud. But you can also fight fraud with low-tech, common sense.
Since the dawn of time, con artists have preyed on people’s greed, credulity and weakness (“Try this apple…”), but today’s fraudsters use modern technology to put age-old scams on steroids. If that ad or “news item” on your favourite social site promises something miraculous or even just unlikely – chances are it’s “fake news,” designed to attract your attention, your clicks, your trust and your money. The Competition Bureau of Canada warns: “Just because a website looks like a news site, or appears to be affiliated with a well-known news source, does not mean that is in fact the case. Many fraudsters create fake news sites to promote bogus products with unfounded and misleading claims. Look to well-known, reputable sources when searching for information online.”
So far, we’ve been talking about the dangers of fraud aimed at you as an individual. That’s where most law-enforcement agencies direct their energies. But you can also be hurt by fraud against corporations – like auto insurance fraud or group benefits fraud. Insurance companies do have deep pockets, but this kind of fraud can hit you in your wallet, too. Auto insurance fraud drives up the cost of insuring your car; group benefits fraud increases the cost to your employer of providing healthcare benefits like prescription drug and dental coverage, which can result in higher premiums and/or reduced coverage for you.
How to fight benefits fraud
Here are 4 commonsense ways to protect your healthcare benefits from fraud:
- Protect your identity – keep your passwords confidential and monitor your claims for errors or claims that are NOT yours.
- Keep receipts for a year in case your insurer asks to verify a claim.
- Know what’s covered and what’s not so you can use your plan appropriately.
- Report suspected plan abuse or fraud if someone tries to persuade you to misuse your plan.
Other useful resources:
- How to avoid or recover from identity theft (Consumer Protection Ontario)
- Fraud alerts and information (Sun Life Financial)
- Cops and Bloggers (Saskatoon Police Service Blog)
- Consumer Protection BC blog
- dot.con (CBC documentary on online fraud)
And from the Competition Bureau: