In August 2020, the Canada Revenue Agency (CRA) suspended online services after a series of a “credential stuffing” cyberattacks. “Credential Stuffing” is the use of passwords and usernames from one website to access another. It was originally estimated that just over 11,000 CRA accounts were hacked but the number could be much higher. By September 2020, the Treasury Board of Canada had detected suspicious activity in 48,000 accounts. Unfortunately, cyberattacks happen everyday. The Canadian Anti-Fraud Centre reports that by the end of August 2020 over 16,000 people in Canada had been victims of fraud and over $60 million had been lost to fraud.
Fraud happens every day and here are a few tips to keep yourself and your accounts safe:
- Use a minimum of eight characters for passwords, include a combination of uppercase and lowercase letters and have at least one number and symbol
- Do not reuse passwords. Make sure each of your online accounts has a unique password
- Use a combination that is easy for you to remember but difficult for others to guess
- Be careful of how much information you share on social media (you don’t want to be leaving clues for cyberhackers)
- Do not overshare information with websites – when you are filling in those online information forms provide the mandatory information only, skip the optional fields
- Lock all your devices
- Be skeptical. If you receive an email asking to verify information, call the business directly to verify the authenticity of the email
- Never click a link or open an attachment of a suspicious email
If you notice suspicious activity on one of your accounts and suspect you have been hacked report it immediately. Call your bank, your creditors, the police, CRA, and the credit bureau.
If you receive a call from CRA that you think suspicious, take the caller’s name then call your consultant at The Better Life Company. If you receive a suspicious email from CRA, please forward the email to your consultant. DO NOT open any attachments. We will investigate accordingly to ascertain if the call or email is authentic.
Want more information? Visit the following:
Canadian Anti-Fraud Centre www.antifraudcentre-centreantifraude.ca
Competition Bureau Canada www.competitionbureau.gc.ca
Financial Consumer Agency Canada www.canada.ca/en/financial-consumer-agency.html
Office of the Privacy Commissioner of Canada www.priv.gc.ca