When we think of “cyberattacks,” we might think of high profile data breaches or brute force attacks on multi billion dollar companies. But cyber attacks can also have serious ramifications for regular Canadian citizens.
How? Namely, identity theft and identity fraud that can put you in debt, or leave you with a crappy credit score. 0/10, do not recommend.
What are Cyberattacks?
Cyberattacks involve the use of digital technology, usually the internet and computers, to obtain and make use of information or assets via deception or other illegal tactics.
For the record, in a venn diagram showing the overlap between cyber attacks and just regular old “hacking,” we’re basically lookin’ at a circle. Not a perfect circle, but there’s lots in common.
The motivation of both is usually quite similar: steal information or commit fraud to get information, like passwords or bank details, to ultimately profit or benefit at the expense of someone else, like you or me. The biggest difference is cyberattacks are generally much larger in scale than a smaller hobby hacker.
Cyberattacks, for example, may involve the use of several computers to attack an entire network in either targeted or indiscriminate manners.
These attacks can take place over the course of weeks, and depend on exploiting vulnerabilities that, in many cases, citizens can try to prevent simply by using strong passwords and keeping a watchful eye on their credit reports.
There are two primary types of cyberattacks (though naturally, they may also come in other forms, or combinations of the following): un-targeted and targeted attacks.
Un-targeted cyber attacks, according to the UK’s National Cyber Security Centre, make use of tactics like phishing or ransomware. Un-targeted attacks are totally indiscriminate, and count on the odds of finding vulnerabilities in a network, computer, or password. Basically, using a brute force attack on a gazillion of vulnerable email accounts, for example, is bound to reveal at least one person whose password is, ingeniously, “password”.
Then there are targeted attacks. Targeted attacks generally involve organizations or businesses rather than individuals, but individuals can be implicated in the fallout of a targeted attack. For example, a hacker may target a receptionist at a medical tech company with a malicious email attachment.
That attachment could be used to steal the data of thousands of patients or contacts belonging to that company.
Something similar happened to LifeLabs in Canada a few years back, remember? These things are bad news bears!
These attacks typically happen in stages. Lockheed Martin’s simplified “Cyber Kill Chain” is presented by the NCSC to describe the most common stages. Generally, attackers will survey a network and look for vulnerabilities. This could include your bank’s e-transfer or online verification funnel, for example.
They’ll make use of any vulnerability to reach the “delivery” stage, where they can actually breach the network. Then, using the information they obtain, they’ll carry on to achieve whatever objective motivated the attack.
This may include selling the stolen information, or using it themselves to carry out more common types of fraud. According to the Chartered Professional Accountants of Canada (CPAC), 34% of Canadians fell victim to fraud, including via malicious digital action like cyberattacks. It’s not something to mess around with!
Identity theft occurs when someone steals another’s personal data. This data might include identifying information, like your name and address, or financial data, like account numbers or PINs.
In a cyberattack, it’s very often this sort of information that attackers are after. With this information on hand, they’re able to carry out types of identity fraud, which can have lasting impacts on your financial health and more.
This is why, y’all, when those lil memes go around Facebook asking you to fill in stuff like the colour of your first car, the colour of your eyes, or your mother’s maiden name, you should not repost them for all to see!
(Also because they’re annoying and no one wants to see all those things!!)
Recognize questions like that? Yep, they’re very commonly used as security question answers for online portals to organizations like banks and medical databases. Don’t share em!!
Making that kind of information publicly available makes it easily accessible for use in a targeted attack.
And then, enter…. Identity fraud.
Identity fraud occurs when an attacker makes use of stolen information to obtain credit cards, mortgages, or other personal loans in your name.
As you can imagine, such folks don’t generally take the time to repay loans they’ve acquired in another person’s name. Sadly for victims of identity fraud, proving that a loan or credit card charge is fraudulent can take a lot of time and cause a lot of stress.
If you’ve ever entered your credit card information online, it’s not unreasonable to assume that data has already been stolen. It’s completely possible no one would ever make use of it, or even know of its availability, but it’s too risky to take that chance.
You could minimize damage done by credit card fraud by taking a few simple steps:
- Use very strong, unique passwords for every website (i.e. not “password”)
- Check your credit card statements every month and account for every single transaction (attackers may “test” the card my making a small purchase before they attempt to make larger ones)
- Use a tool to monitor changes in your credit score, or inquiries at a credit bureau.
FYI, we have that tool, and it’s free. ~*~*~Segue*~*~*
Cyberattacks can be real bad news for you and your money. You’ve earned it, now keep it safe.
MogoProtect monitors your Equifax credit bureau daily and alerts you if there have been any hard inquiries, which are required to obtain loans or mortgages.¹
We also offer free credit score monitoring, so you’ll know at a glance if your score has changed—this is often an early sign that something’s up.²
Security and keeping visibility are some of the best ways to help curb identity theft and fraud as a result of cyberattacks. This is not something to set and forget. But we’ve got tools that can help.
Download the Mogo app and get started today!
This blog is provided for informational purposes only.
1 - No one can prevent all identity fraud and Mogo does not monitor all transactions at all businesses. Currently, Mogo only monitors hard inquiries into the Equifax® Canada Co. credit bureau and will provide push and/or email notifications within 24 hours of the inquiry being reported. Refer to the MogoAccount Terms & Conditions for more information https://www.mogo.ca/terms-and-conditions.
2 - Free credit score is provided by Equifax and is only available to MogoAccount holders that have passed identity verification. The Equifax credit score is based on Equifax’s proprietary model and may not be the same score used by third parties to assess your creditworthiness. The provision of this score to you is intended for your own educational use. Third parties will take into consideration other information in addition to a credit score when evaluating your creditworthiness. Equifax® is a registered trademark of Equifax Canada Co., used here under license.