Month: September 2015

Have you every had one of those calls that gets you all bent of of shape because you think your are in trouble but something just doesn’t sound quite right? Have a listen to this call below I received today from the “Canada Revenue Agency” stating I am under investigation. Note that the call doesn’t actually say who they are calling, and also doesn’t leave a call back number.

If the Canada Revenue Agency were to be contacting you about a problem they would do so via Canada Post (snail mail) several times before taking the action of calling you. They would also actually say who they were calling for and would leave the CRA Call Centre number.

The ‘scammers’ who are doing this (much like the “You have won a Westjet Holiday” calls) are harvesting for vulnerable people to take advantage of. In this case they will tell you aggressively that you owe money and have to pay now or there will be legal repercussions. They may even say that the fastest way to pay is with “prepaid” credit cards. THAT is definitely a sign of a scam no matter who you re talking to.

You will NEVER receive a call from CRA or a financial institution and have them ask you to verify who you are by giving them your personal information. You will receive a letter in the mail stating that you need to contact them (sometimes with a reference number) at which point they will be able to verify it is you who is calling.

Best thing to do is just hang up on these scammers. However, if you feel you have been scammed, call your local police and file a report and immediately contact your bank. They will likely provide you assistance. You will want to contact Equifax Canada and TransUnion Canada whom are the two national credit bureau’s and register a fraud alert with them.

Contact the Canadian Anti-Fraud Centre

The following is directly from the Canada Revenue Agency “Protect Yourself Against Fraud” web site.

Know how to recognize a scam

There are many fraud types, including new ones invented daily.

Taxpayers should be vigilant when they receive, either by telephone, mail, text message or email, a fraudulent communication that claims to be from the Canada Revenue Agency (CRA) requesting personal information such as a social insurance number, credit card number, bank account number, or passport number.

These scams may insist that this personal information is needed so that the taxpayer can receive a refund or a benefit payment. Cases of fraudulent communication could also involve threatening or coercive language to scare individuals into paying fictitious debt to the CRA. Other communications urge taxpayers to visit a fake CRA website where the taxpayer is then asked to verify their identity by entering personal information. These are scams and taxpayers should never respond to these fraudulent communications or click on any of the links provided.

Let’s face it, the Internet provides an amazing convenience to citizens worldwide. As we have seen though, it has also brought an increasing number of vulnerabilities and they continue to come our way. Daily we hear about hackers and cyber criminals, the eastern block cyber mafia, ransom ware, and the never-ending discussions on malware and viruses. How about the recent Ashley Madison hack and exposure of client accounts, passwords, etc. People are even now hacking for moral good. It never ends.

Even with all of this, one thing that still has not changed is the careless management and attitude towards the easily compromised PASSWORD. I was shocked to see and hear that with the Ashley Madison hack, the passwords people were using on accounts for their ‘secret lives’ were not so secret or hard to figure out to a hacker.

The attitude of  “it won’t happen to me” or “I am protected” is putting people at risk. This attitude could not be further from the truth. Everyone is at risk and although there will never be 100% safeguards, at least start with the basics and manage your passwords appropriately.

When someone is ‘hacked’ (more formally known as compromised) and their account is being used to send SPAM it is very annoying to everyone receiving the SPAM and takes effort by you to clean things up and resolve the issue (a future post will give suggestions here). If however the ‘hack’ goes as far as you having your identity stolen I can assure you that your attitude towards passwords would be very different. It could take years to recover from such a personal breach. If you do ANYTHING on the Internet that uses any kind of personal information you are at risk so protect yourself accordingly.

There are many websites, books, and other resources that can offer suggestions and tools for creating and managing passwords effectively. But for the sake of simplicity I would like to offer up one effective way to come up with strong, but easy to remember password that will reduce your risk immediately. The idea is to take an actual easy to remember phrase and turn it into a password.

Here is an example using the phrase  :  “Italian coffee at 6AM tastes good”

Here is the password I came up with from this phrase :   iC@6aT:g

italian Coffee @ 6aM Tastes : good

Note that I have added in some ‘special characters’, which are often required for a strong password, and I have used a combination of upper and lower letters. The password is also 8 characters long, which again is a good  ‘minimum’ best practice and is often required for many passwords anyways. The use of “!” “@” and “:” is not the best because those are the most common, however when combined with the method above it does help in strengthening your password.

A few more examples:

Bring me 2 muffins for breakfast!   = Bm2:m4B&

Please don’t let me have 2 desserts = pDlm#H2d

I rode my bike 7 miles Friday  = iRmB:7mF

Note that by using this simple method your are creating a very strong password that : a.) Contains no words, b.) Meets most strong password requirements and c.) Is easy to remember. I recognize that it may take a ‘little’ bit of effort to come up with these passwords but I can assure you that the effort you put into it is MUCH less than the effort that you will have to put in recovering your life if your identity is stolen.

Another thing to be aware of is that some sites do not allow for the use of special characters. This really makes no sense however it is a reality. In that case I would suggest using the same method as above with a mix of upper and lower case or if the site allows for long passwords, try add a number of words together that don’t really make sense.

Examples:   moneystarhippocar    loosebananafortalive

A final note here on this topic, it goes without saying that you should not use the same password for every sight you register for and you most definitely should never use your email password as the password for a website that uses your email as the username or login id. Doing this puts you at significant risk if your email account is hacked because once the hacker is in, they can find out where you spend your time pretty easily and will likely figure out who bank with, you online shopping account names, and much more. That will be the topic of a future post.