Identity Theft FAQ

Frequently Asked Questions

The CyberScout Knowledge Centre helps consumers understand and detect the many forms of identity theft and fraud by providing answers to your common questions. However, if you think you may be a victim of identity theft or have any identity-related concerns, get in touch with a fraud specialist at the CyberScout Resolution Centre through your provider.

What is identity theft?

Identity theft is the misuse of another person's identifying information. In true identity theft, an identity thief uses another person's government-issued identification or other identifying information to fraudulently open new accounts for financial gain. Victims may be unaware of the fraud for an extended period of time, which can allow the criminal to continue the ruse for months or even years. The criminal can use the victim's identity to work, receive medical care and commit other types of fraud. Account-takeover and credit-related fraud are common problems associated with identity theft.

Some examples of the many ways criminals use stolen identity information are to:    

  • Obtain credit fraudulently from banks and retailers
  • Steal money from the victim's existing accounts
  • Apply for loans
  • Establish accounts with utility companies
  • Rent an apartment
  • Obtain a job
  • Receive medical care
  • Achieve other financial gain using the victim's name

What is account takeover?

Account takeover occurs when an identity thief acquires a person's existing credit or bank account information and either withdraws money or makes purchases. Victims usually learn of account takeover when they check their account statements online or receive their monthly credit card or bank account statements.

What can I do to protect my identity?

To reduce your chance of becoming a victim, check out our Consumer Tips. Find out how to protect your identification cards, mail, checks, passwords, online activities, and much more.

What can I do to protect my computer and data?

There are three main threats to the data on your computer: malicious software, network intrusion by hackers, and physical theft.

To protect your computer against viruses, spyware, worms, and Trojan Horse programs (which let hackers control your computer), you must use antivirus, anti-spyware and anti-malware software—and keep those applications up-to-date. To keep intruders out, connect to the Internet through a properly configured firewall, keep administrative names and passwords updated, set wireless networks to "no broadcast" and be sure to power down your computer when not in use. Never open an email spam or other emails from unknown sources and avoid using public computers for online banking, email account access, or other sensitive exchanges of information, as keystroke loggers, web "cookies," or cached pages may be capturing your data.

Limit access to your computer to those you truly trust and use restrictive permission levels to protect sensitive files. Whenever possible, encrypt files containing sensitive information, including backup files. And don't forget to protect your computer against physical theft—"password protection" sounds daunting but is actually easy for a tech-savvy criminal to defeat.

Finally, beware of "phishing" and "pharming" scams, which use fake corporate email, redirected web addresses, and "cloned" corporate web pages to plant viruses and con users into providing sensitive information. Never provide identity or account information in response to an email or if you have doubts about a website's authenticity. To learn more, check out our Consumer Tips.

What methods do identity thieves employ?

Theft of wallets and purses was once the most common way to obtain identity documents and account information. Today, identity thieves attack virtually every area of an individual's life, wherever personal information is stored or sent. An identity thief needs only a few strategic bits of your personal information to commit identity theft and fraud. The more accounts the criminals are able to open, the more "evidence" they have that your identity belongs to them. Some of the most common methods include:

  • Dumpster diving in trash bins for credit card statements, loan applications, and other documents containing names, addresses, and account information
  • Stealing mail from unlocked mailboxes to get preapproved credit offers, credit cards, utility bills, bank and credit card statements, investment reports, insurance statements, benefits documents, and tax information
  • Taking advantage of "insider" access to names, addresses, and birth dates in personnel or customer files
  • Shoulder surfing when people are using laptops in public places or watching ATM transactions and public phones to capture PINs
  • "Skimming" of credit and debit card information at point-of-sale by copying the card or using a small electronic "skimmer" device
  • Tapping online sources of personal data, such as public records, fee-based information sites, and personal networking sites
  • Hacking into an organization's database to steal sensitive information
  • Purchasing fraudulent identities on the Internet or through a secondary market

What is debt tagging?

Debt Tagging is a term used to describe when collectors target the wrong person for a debt and make them responsible for it.

After years of trying to collect on a debt, collection agencies are often left with old outdated contact information. If you have a common name or one that is similar to who they are looking, your risk is higher and you could be tagged with another person’s debts.

If you are contacted and do not believe the debt is yours, contact a Fraud Specialist to learn what measures you can take. Collection agencies often have to adhere to code of conducts or legislation, which can be used to dispute the debt.

Next, check to see if you are covered with Identity Theft Protection by your homeowners, auto or other insurance policies. Also check with your bank, credit union or financial services or employee benefits. If you are covered, call their claims/customer service departments.

What is child identity theft?

Child identity theft is true identity theft in which the victim is a minor child. Because a child (or parent acting on behalf of the child) is unlikely to request credit reports or to try to obtain credit, the theft can go undetected for a long time. In fact, the theft may not be detected until the child becomes an adult and applies for credit. If no credit report exists in your child's name, that is a good indication that your child has not been a victim. However, if you receive collection calls, statements and/or pre-approved credit offers in your child's name, your child may be a victim of identity theft.

What is synthetic identity theft?

In synthetic identity theft, instead of stealing an actual person's identity, a thief creates a fictional identity by taking pieces of information from a number of people. The thief usually starts with one victim's national identification number and then composes a fictional identity associated with that number. Synthetic identity theft is often harder to detect than true identity theft, because accounts and other credit that is falsely obtained typically do not show up on the credit report of the victim whose identification number has been stolen. Since the thieves have created fictional identities instead of stealing real consumers' identities, it is most often banks that are the real victims of this type of theft because they are stuck with the bills.

What is a data breach?

A data breach is a situation in which information is either lost by or stolen from an organisation or individual. Financial information, medical records, customer information, and student data are all examples of information that has been accessed as a result of data breaches. The incidents can occur under a number of different scenarios. Hacked databases and stolen laptops, USB flash drives containing sensitive information account for many breaches. Some countries have set legal requirements for businesses who have a data breach. To stay abreast of recent data breaches, click here.

What are credit and fraud monitoring?

Credit monitoring involves monitoring your credit history for suspicious activity. Credit reporting agencies usually offer services such as allowing you to check your credit files every day for any fraudulent usage of your identity. To find out more about this service and verify its availability, refer to your local credit reporting agency.

Where available, fraud monitoring allows you to monitor public record databases for suspicious activity. Public record databases can show if someone has broken the law using your identity.

Beware of companies that guarantee they can prevent identity theft. While you can mitigate your risk of becoming a victim and the damage after a compromise, no one can give you a 100% guarantee that you can escape. Even if you do everything right, you might still be on the wrong database at the wrong moment. Never forget, the bad guys are getting better and better at what they do and are often far ahead of the good guys.

How can I monitor my own credit?

The best way to monitor your own credit is by checking your own credit report at least twice a year, with all relevant agencies. By checking, you can spot debts that are not yours and see who has been checking your credit profile. It is in your best interest to review the report regularly. Credit reporting agencies each have their own methods and fees to access your credit report; please refer to your local agency to find out more.