Securing Your Online Presence

Why and Where You Should Plant Your Flag presents a set of places where it would be wise to make sure that you have your ‘online identity’ defined in order to prevent fraud artists from impersonating you.

The list is USA-centric, and as a Canadian, my set of things worth “planting” are slightly different, nevertheless many are relevant here. A more distinctly set of “Canada-relevant” places are:

  • Canada Revenue Agency – CRA My Account
  • Credit Bureaus – Equifax and TransUnion. Note that Canadians are allowed to request, from TransUnion, a free consumer’s credit report about themselves, once per month. Requesting a credit report isn’t exactly a “placing of a flag”; it is, however, a powerful tool for verifying that there aren’t any extra flags lurking out there with your name on them.
  • Online accounts for your bank(s)
  • Provincial government (e.g. – for drivers licenses and similar)
  • Utility accounts (power, water, as apropos)
  • Phone company
  • ISP
  • Email service

The notion here is that, for any of these that you can possibly have an online account for, you should set it up, and secure it as well as you can, with such things as

  • Good passwords, securely recorded (e.g – randomly generated, as with tools like KeePass, OnePass, and such)
  • If multi-factor authentication is available, it is way better to have that than to not have that

The purpose of “planting your flag” is to prevent someone else from surreptitiously taking that treated-as-unique piece of online presence, pretending to be you, and thereby giving themselves a back door into your finances.

The sort of situation where this is especially troublesome is where seniors who never became “computer literate” have never bothered to have these sorts of online accounts, and therefore have no online footprint. Unfortunately, such people are very attractive to scam artists, who can probably search out enough information on the web to be able to get a guess on the old “Mom’s maiden name” authentication rules, and then initiate fraudulent activity.

I’ll note that I was pretty impressed with the CRA process, which included an exchange of secrets before they sent a secret key to the address indicated on past tax returns. I imagine that for someone that moves regularly, there could be some inconvenience in proving your identity, but I have been sufficiently stationary that their process worked well for me, and seemed pretty secure. However, where people choose terrible passwords, apparently this led to thousands numbers of cracked CRA accounts in August 2020.

At the bank, fraudulent activity might involve transferring funds away, or establishing an unexpected mortgage. At CRA, it might enable redirecting a tax refund, or initiating a COVID-19 assistance payment, directed to someone else’s bank account. The sets of possible frauds are, alas, decently large.