How to stop cyber crooks in their tracks

Canadians spent $136 billion online in 2013, up from $15.3 billion in 2010, according to figures from Statistics Canada. With the country's sub-zero temperatures and slush-filled streets, it's no wonder that many Canadians are eager to shop at home.

But along with the convenience of online shopping come serious risks such as account fraud and identity theft. Once thieves have your personal information, they can access your online bank accounts and drain your savings.

In addition to stealing your money, identity thieves could end up destroying your good financial reputation as well, says John Russo, vice president, legal counsel and chief privacy officer at credit reporting agency Equifax Canada.cyber-crime

"Rehabilitation of your previous financial standing prior to identity theft can take time and money to accomplish," Russo says. "Furthermore, the effects of stolen identity, if not rectified, can haunt you for up to six years, as negative information may still be prevalent on your credit file."

Ways to be proactive and protect yourself
Use complicated, dynamic passwords.
Choose a secure password. Avoid common passwords such as "password123," and instead use a separate randomly generated password for each website. That way, if a thief gets your password for one website, then the fraudster can't use it to log in to your other accounts.

"It is especially important to have separate passwords and PINs for all banking and credit card facilities," Brenda Hiscock, certified financial planner at Objective Financial Partners, said in an emailed response to questions. "It is prudent to change your passwords on these accounts on a regular basis. Store all password information in a secure location, such as a lockbox in your home."

Use a separate card online.
Russo recommends shoppers designate a credit card specifically for online shopping, preferably one with a lower limit.

"That way, if things do get compromised, the impact will be minimal and easier to rectify," he says.

Make sure the site and your device are secure.
You should also know who you're dealing with when shopping online. Stick with reputable retailers, and check to make sure the page is secure by looking for an address that begins with "https".

"Best of all, use common sense," Russo says. "If it doesn't look right, it probably isn't."

Always check the device you're shopping from, whether it's a computer, smartphone or tablet, to make sure it is secure. Avoid using computers in public places, such as public libraries or internet cafes that may have been compromised with spyware or key loggers. When shopping on your mobile device, avoid using unsecure public Wi-Fi.

Give as little information as possible.
When filling in your personal information at the virtual checkout, remember less is more. Online retailers often ask for your email address or postal code, and may even survey you about your shopping habits. These may seem like innocent questions, but the information you provide can later be used to steal your identity. For this reason, Russo recommends leaving the non-mandatory fields blank.

"You never know who may end up with this information, for example, in a corporate breach or data compromise situation," Russo says.

You can also try using PayPal, Verified by Visa or other similar services to help better protect your credit card information. If given the option, choose not to have your credit card information stored online. While it may be less convenient, it will protect you if the website is compromised by hackers.

Monitor your credit file and accounts.
If you really want to be safe, or you've already fallen victim to identity theft, Russo recommends signing up for a credit monitoring service. These services notify users if anyone signs up for an account in their name or uses their personal information, and they are sometimes free if your information is part of a major data breach. Otherwise, credit monitoring will cost you, so consider whether such a service is right for your budget.

Above all else, keep a vigilant watch on your bank accounts, credit card statements and credit reports to spot alarming activity.

"It's prudent to check your credit file at least once a year to verify that the information on it is right," Russo says. Detecting possible signs of identity theft early can significantly minimize its impact.

Watch out for phishers.
Beware of emails seeking your identification and account details.

Here's how phishing works: thieves send you an email that looks like it's from your bank or another legitimate company you deal with. The email asks you to confirm personal information by clicking a link. Clicking that link can not only compromise your computer, but if you share your credit card information, thieves can use it to make fraudulent online purchases in your name.

"Banks and credit card companies will not ask you to confirm your banking and credit card information via email," said Hiscock. "Never respond to these queries, and inform the financial institution involved right away.

"Access to online banking makes it easy for us to track our credit card and banking transactions," said Hiscock. Just don't let that convenience unlock the door for cyber crooks.

See related: Are you being safe with your account info -- or paranoid?; How to secure your phone to keep financial data safe

Updated December 8, 2016

Most recent Shopping Stories