By Michael CollinsVice President, SalesShred-it

As fraud becomes anincreasingly preva-lent concern among

businesses and consumersalike, the associated risk ofhow private informationcan be potentially exposedis also a rising concern.One area of note is theamount of private, confi-dential information compa-nies and businesses hold onbehalf of their customers,clients or even their ownemployees.

Shred-it, the organiza-tion dedicated to secureinformation destructionestimates that six out of 10companies are failing tocomply with basic informa-tion security practices. Thisbegs the question: if thesecompanies are failing tocomply with basic securitypractices, how can they en-

sure our personal informa-tion is properly safeguardedagainst fraud?

As an organization com-mitted to helping business-es and employees protecttheir confidential data, weknow that an organizationfirst needs to understand itslevel of exposure before itcan tackle any weaknesses,which is why we at Shred-itundertake an initial securityaudit for our new custom-ers – a practice that weregularly repeat to ensureprotocols set up as a resultare being followed.

As a result of our initialaudit, we typically see sixout of 10 organizations fail-ing to address a number ofbasic security issues, whichrange from leaving sensi-tive papers lying around

on desks, to organizationsonly offering staff recyclingrather than shreddingfacilities or failing to guardtheir passwords securely.While these lapses mayseem small, they can oftenprove a decisive weak linkin the security chain andexpose a company to thethreat of fraudsters, crimi-nals and lost or stolen data.

While consumer aware-ness of fraud is relativelyhigh, a 2011 TD CanadaTrust survey showedthat more Canadians areproactively taking steps toprotect themselves fromfraud, including shieldingtheir PINs (82 per cent)and never giving creditcard information overthe phone (48 per cent),although overall concernabout fraud has slightlydipped to 79 per cent thisyear from 82 per cent in2010. Shred-it’s own find-ings show that businesses

clearly need to enhancetheir information protec-tion security.

While what we see isconcerning, on a positivenote, the organizations thatwe have audited realizethat information security isimportant to their busi-ness and their customersand are taking proactivesteps to improve. Whatis more concerning is thenumber of businesses inCanada that are failing totake seriously their duty ofsafeguarding their own andtheir customers’ data.

To help companies bet-ter understand where po-tential gaps may be in theirsecurity policies, Shred-it

has prepared a list of tipsfor helping to safeguardconfidential data:

• Make sure you haveformal security policies inplace and limit the num-ber of people with accessto confidential documents.

• Conduct a periodic secu-rity audit and develop acomprehensive strategy tomanage security risks, in-cluding both paper-basedand electronic informationsources.

• Ensure your businesspractices are fully com-pliant with identity theftlegislation, and hire a reli-able vendor that is well-informed with pertinent

legislation and trainingrequirements.

• Eliminate these risks byintroducing a “shred-all”policy, when all unneededdocuments are fully de-stroyed on a regular basis.

• Have up-to-date and ef-fective computer networkprotection, includinganti-virus software and afirewall.

To conduct your ownsecurity self-assessment,Shred-it has developed anonline survey to help busi-nesses better understandsecurity gaps, available onour website at the followinglink:shredit.com/fraudprevention.

online? Visit competitionbureau.gc.ca for more information.

The terrible scam perpetratedby Edmonton’s HazimGaber had many elements

of what Lisa Campbell, deputycommissioner of the Fair Busi-ness Practices Branch of Canada’sCompetition Bureau, calls “a newera in mass-marketing fraud.”

In late 2007, Mr. Gaber soldover the Internet what he falselyclaimed was the experimentalcancer drug sodium dichloroace-tate. Instead, his victims in NorthAmerica and Europe received aproduct containing a combinationof talcum powder, sweetener andstarch.

Mr. Gaber’s young age (hewas 22), the use of the Internet tomarket the fraud and the interna-tional scope of his victims weretypical of many recent scams,says Ms. Campbell.

Until recently, most mass-marketing fraudsters used the

telephone to snare victims.Although the phone is still em-ployed, the shift to online-basedscams has been significant. Somuch so that PhoneBusters, thecall centre founded in North Bayin 1993 by the Ontario Provin-cial Police and the Royal Cana-dian Mounted Police to combattelemarketing fraud, has changedits name to the Canadian Anti-Fraud Centre (CAFC).

“Right now, a big problem iswhat we call service scams,” saysRCMP Cpl. Louis Robertson, incharge of criminal intelligence atCAFC. These typically involveonline offers of fraudulent dealson telecommunications, Internet,finance, medical and energyservices. Another is the merchan-dise scam, in which online clas-sifieds or auctions offer items atfire-sale prices. “A 1965 Mustanglocated in Austin, Texas, was only

$4,000,” he says. “Now you’vegot to ask yourself, is this the dealof the century or is it too goodto be true?” Sadly, some victimsconvinced themselves it was theformer and sent their moneyaway, never to see it or the caragain.

While the car scam crudelypreys on certain human weak-nesses, others exploit currenttechnology. A simple, but inge-nious, ploy involves fraudstersswitching a PIN pad at a retailstore with an identical one thatrecords or sends the data neededto create duplicate credit ordebit cards to a remote device.“The fraudster might distract thecashier or, in some instances,pay the person $500 to lookaway or take a quick break,”says Maura Drew-Lytle, directorof media relations and com-munications for the Canadian

Bankers Association (CBA).“Our industry works closely withretailers to educate them abouttethering their machines orkeeping them under the counterwhen not in use.”

Chip technology is one of themost effective ways to combatthis type of fraud, says Ms. Drew-Lytle. “In countries that haveadopted it extensively, they’veseen skimming fraud go down asmuch as 80 per cent.” Canada isstill transitioning from swiping tousing chips. “There’s a deadlineof 2012 for ABMs to convert and2015 for merchants using debitcards.”

Fraud experts all agree thateducating consumers and busi-nesses is the best protection frombeing defrauded. The FraudAwareness for Commercial Tar-gets (FACT) outreach campaignand the Fraud Prevention Forum,

both Competition Bureau-ledinitiatives, are aimed at dissemi-nating and sharing informationto prevent and detect fraud. “TheForum, for example, has morethan 100 members from the pri-vate sector, government agenciesand law enforcement (includingthe RCMP and the CBA),” saysMs. Campbell.

She also cites numerous col-laborations of law enforcementand government bodies that godirectly after fraudsters such asHazim Gaber. An investigationled by the Alberta PartnershipAgainst Cross-Border Fraud, ofwhich the Competition Bureau isa member, resulted in Mr. Gaberbeing sentenced last August inU.S. court to 33 months in prison,as well as fines and restitution. “Itwas just one of several big winsin recent years,” she says, “andproof that co-operation works.”

Tuesday, March 22, 2011 • THE GLOBE AND MAIL A special information feature FP1

FRAUD

Businesses must do more to safeguard against fraud

inside: Online transactionswarrant caution

Minister of Industry Tony Clement urgesCanadians to help combat fraud

Fraudsters target socialnetwork, mobile users2 3 4

It’s not a new crime, but the ways and ferocity with which it is being perpetrated is.

Frau

dnu

mbe

rs

$10billion

RCMP estimateof annual cost ofmass-marketingfraud in Canada

80%of this fraud

is committedby organized

crime

CORPORATE INFORMATION

Tuesday, March 22, 2011 • THE GLOBE AND MAILA special information featureFP2

This report was produced by RandallAnthony Communications Inc. (www.randallanthony.com) in conjunction with the advertising department of The Globe and Mail. Richard Deacon, National Business Development Manager, rdeacon@globeandmail.com.

Online investing, transactions warranttougher scrutinyI t was the unrealistic claims

that caught the attention ofCanadian securities regula-

tors.In 2010, the Cyprus-based

company promised returns of asmuch as 1.9 per cent a day. Thisenticing opportunity was aggres-sively promoted on its website,in social media sites and throughonline advertising.

“‘Genius’ had many of the redflags we advise investors to bewary of,” says Tamera Van Brunt,chair of the Canadian SecuritiesAdministrators (CSA) investoreducation committee. “One wasthe impossibly high returns.Another was its offshore location.We always warn investors that ifan investment is offshore, it maybe difficult, if not impossible, toget your money back if some-thing goes wrong.”

Genius Funds was a Ponzischeme, in which new investorsare initially paid the promisedreturns with money from exist-ing clients to seduce them intoinvesting further until the entireoperation collapses because thereis no actual product or serviceearning a profit. Several provin-

cial securities commissions issuedwarnings about Genius Funds assoon as they became aware of it.Both the British Columbia andAlberta securities commissionsissued cease-trade orders againstit, to stop further sales of GeniusFunds.

The CSA highlighted enforce-ment actions of online invest-ment scams in its recently re-leased 2010 Enforcement Report.“We knew from our 2009 CSAsurvey that 4 per cent of Cana-dians have been victims of aninvestment fraud,” says Ms. VanBrunt, “and other research indi-cated that more than one-third ofCanadians are or are consideringonline investing. These resultsreinforce the need for Canadiansto understand the types of onlineinvestment scams and how toavoid becoming a victim.”

A common online scam isknown as phishing or spoofing,in which fraudsters send oute-mails that appear to be fromlegitimate sources, such as banks,online auction sites or companiessuch as PayPal, the online pay-ment processing service. “Thepurpose is to lure the recipient

into logging on to what looks likea trusted real site such as ours,”says Nicky Mezo, PayPal Can-ada’s head of marketing. “Theywant to get your personal andfinancial information, which canthen be used for identity fraud orvarious other schemes.”

In 2006, Sophos, an online se-curity/data encryption company,reported that an alarming 70 percent of all phishing e-mails werecreated to appear as if they camefrom PayPal.

PayPal immediately tookaction, says Ms. Mezo, and byApril 2010 that number had beenreduced to 3.7 per cent.

“We have industry-leading an-ti-fraud technology and employsome of the most experiencedcyber-crime experts in the busi-ness,” she says. “PayPal worksclosely with law enforcementand industry partners and canshut down a fraudulent websitequickly, sometimes within twohours or less.”

Although some online invest-ment scams and spoof e-mailscan be most convincing, thereare basic actions consumers cantake to avoid being victimized.

“If something sounds too-good-to-be-true it almost alwaysis,” says Ms. Van Brunt. “Justas important is to do as muchhomework as possible.” That in-cludes searching for informationabout a company online and con-sulting a legitimate third-partyexpert, such as a certified finan-cial advisor, prior to investing.Investors should also questioninvesting with a company thatdoesn’t post contact informationon its website.

PayPal cautions customersagainst responding to an emailthat isn’t addressed to thempersonally, contains grammati-cal errors or insists you respondimmediately. “Never click on alink that asks for your personalor banking information,” saysMs. Mezo.

Although PayPal reimbursesvictims for 100 per cent ofmoney lost due to a fraudulentuse of their PayPal account, Ms.Mezo says that doesn’t meancustomers should be less vigilantabout fraud. “It’s a terrible feel-ing to have someone steal yourinformation,” she says. “No onewants that to happen.”

“We knew from our 2009 CSA survey that 4 per cent of Canadians have been victims of an investment fraud, andother research indicated that more than one-third of Canadians are or are considering online investing. Theseresults reinforce the need for Canadians to understand the types of online investment scams and how to avoidbecoming a victim.” Tamera Van Brunt, chair of the Canadian Securities Administrators (CSA) investor education committee

Protectingyourself is aseasy as...

Try the new interactivequiz designed totest consumers’ fraudawareness.

Learn how to recognizethe various types offraud.

Check the helpful tipsto educate you on howto avoid falling victim.

competitionbureau.gc.ca

1

2

3

Employee negligence or wrongdoing areamong the most common causes of securitybreaches, which can often be traced back tomishandled, lost or stolen paper documents.Today, proper information destruction is abusiness imperative and prevention is stillthe best course of action.

At Shred-it, we provide the most securedocument destruction services availableto help you protect your customers, youremployees and your business. We maintainthe highest levels of security with our people,technology and strict processes, to eliminatethe risk of your information falling into thewrong hands.

People arestill the weakestlink in maintaininginformation security.

Contact us today to arrange your FREESecurity Risk Assessment or downloada FREE brochure The Business Guide ToDocument Security available online atshredit.com/businessguide to learn more.

800.898.5092

Tuesday, March 22, 2011 • THE GLOBE AND MAIL A special information feature FP3

The HonourableTony ClementMinister of Industry

C anadians spend more timesurfing the Internet thanpeople from any other

country. With 80 per cent of thepopulation online in 2009, theInternet is now also a popularenvironment for fraudsters andscammers. Online fraud costsour economy hundreds of mil-lions of dollars each year, androbs Canadians of their time,money and sense of security.Worse, scammers do not dis-criminate – indeed, everyoneis at risk of being victimizedregardless of age, education,income and where they may liveor work.

Use of the online market-place has exploded in recentyears – and is showing no sign ofslowing. The International DataCorporation estimates worldwideelectronic commerce will exceed$9.6 trillion in 2010. Here inCanada, the online marketplacerepresents a major segment ofour economy, with $62.7 billionin sales in 2007 alone. It standsto reason, then, that any at-tack on consumer confidenceonline not only slows the rate ofsales, but reduces the ability ofCanadian businesses to competeinternationally.

Spam and other onlinethreats discourage the use ofelectronic commerce and un-dermine privacy. These threatscan include false or misleadingrepresentations, the unauthor-ized installation of malwareprograms and the collection ofpersonal information throughspyware. They also create sig-nificant expenses for businessesthat all too often are passed on toconsumers.

Our government takes onlinefraud seriously. We know thatwe must effectively combatfraud if we want to ensure thecontinued growth of the digitaleconomy, and protect consum-ers and businesses. That’s whywe have taken a number of stepstoward preventing and combat-ing this type of crime online. For

example, we have establishedtougher criminal penalties for

mass-marketing fraudsters, andsoon Canada’s anti-spam legisla-tion will take full effect. Withit, we are positioning Canadaas a leader in fighting spam byproviding a more secure onlineenvironment for Canadians.

It is essential for consumersand businesses to learn how torecognize fraud, so they can re-port it and help stop it. If you be-come aware of a scam, it is likelymany others are being affectedby it as well. Actions by both con-

sumers and businesses can helplaw enforcement agencies trackdown the criminals responsibleand take action against them. I en-courage you to visit the websitesbelow, where you will find toolsto help you recognize fraud.

FRAUD

Combating fraud in the digital agean imperative for Canadians

March isFraudPreventionMonthChaired by the CompetitionBureau, Fraud Prevention Monthaims to prevent Canadians frombecoming victims of fraud.

This awareness-raisingcampaign is co-ordinated by theFraud Prevention Forum (FPF), agroup of government agencies,law enforcement organiza-tions, consumer and volunteergroups, and private sector firms,dedicated to fighting fraud. Formore information, visitcompetitionbureau.gc.ca.

For tips on recognizing fraud,visit the Competition Bureau atcompetitionbureau.gc.ca/fraud.

To report a scam, contact theCanadian Anti-Fraud Centreat antifraudcentre.ca or call1-888-495-8501.

“Our government takes online fraud seriously. We know that we must effectively combatfraud if we want to ensure the continued growth of the digital economy, and protectconsumers and businesses. That’s why we have taken a number of steps toward preventingand combating this type of crime online.”

peace of mind: priceless

© 2011 MasterCard. TM Trademark of MasterCard International Incorporated. ® Registered trademark of MasterCard International Incorporated.

No matter where your MasterCard® card might be, you can always feel safe.Thanks to Zero

Liability, which ensures you don’t pay for fraudulent purchases.The online shopping protection

of MasterCard SecureCodeTM. And the added security of Chip card and PIN technology.

Rest assured, if you ever leave your wallet behind, you can leave your worries behind, too. mastercard.ca/security

FRAUD

priv.gc.ca

Tuesday, March 22, 2011 • THE GLOBE AND MAILA special information featureFP4

Fraudsters sharpening sights on socialnetwork, mobile usersSince phishing (also known

as spoofing) began in themid 1990s, the majority of

the fake e-mails tended to lookas if they had come from finan-cial institutions and credit cardcompanies. Although fraudstersare still using this old bait to try toget recipients to divulge personalor financial information, the risein consumer awareness has forcedthem to find new variations onone of the oldest online scams.

“Phishing still occurs in our in-dustry, but I don’t think it’s a ma-jor problem any more,” says RickRennie, vice president of riskservices for MasterCard Canada.“People have become educatedover the years, and most knowhow to spot a fake e-mail. They

see that it’s addressed to ‘dearvalued customer,’ or some otherimpersonal wording, and realizethis is not from a legitimate com-pany such as ours.”

Not surprisingly, phishershave turned to the boomingworld of social media sites insearch of new victims.

“I think we will see anincreasing rise in phishing orspoofing messages being sent tomobile phones,” says Kevin Lo,a managing director of FroeseForensic Partners in Toronto,where he specializes in computerforensics. “One reason is theirgrowing popularity. But anotheris that people — especially youngpeople — tend to let their guarddown when they use the phone.”

This is backed up by a recentstudy by the security firm Trust-eer, which found that mobileusers are “three times more vul-nerable to phishing attacks thandesktop users.”

A more relaxed attitude to se-curity also often occurs on socialmedia sites. It’s not uncommonfor fraudsters to send out mul-tiple friend requests to Facebookusers, for example, in hope thatsome will accept the requestwithout question. “Once they’reyour friend, they can start toprofile you and create a ‘diction-ary’ of information on you basedon your birthday, names of pets,your partner’s name, and othercritical data that can then beused to guess your banking, work

log-in and other passwords,” saidMr. Lo.

Another new scam is calledspear phishing. Unlike the oldmethod that sent out generice-mails to masses of recipients,spearing targets specific com-panies. Using information oftenobtained through social mediasites, the fraudsters create mes-sages that seem to come fromwithin an organization. Typically,they spin a tale of some inter-nal problem that, for example,requires the recipients to resendtheir direct-deposit bankinginformation.

While MasterCard’s RickRennie has seen the old-timephishing gambit lose its effec-tiveness, he still urges consum-

ers to be vigilant in protectingagainst being defrauded. “Weare constantly preaching theneed for everyone to practiseeffective security procedures ontheir computers,” he says. “Theyshould have the latest virusprotection software and spywaresoftware, including e-mail filtersand e-mail scanning.”

Does he foresee a day whenphishing will no longer work?“It’s possible we will reach apoint where users will onlyaccept communications fromexisting, trusted senders. Butuntil that happens, if they doget victimized, at least they areprotected by MasterCard’s zeroliability program against fraudu-lent purchases.”

Medical identitytheft can be dangerousto your health and more

Fraudsters are usingonline social network-ing sites to find and

target potential victims.It’s not just the widespreadpopularity of these sitesthat makes them attractivehunting grounds for scam-mers. The nature of thesites also often makes theirjob easier.

“A sense of opennessand trust often existsamong social network us-ers that, unfortunately, isn’talways well placed,” saysDr. Hannah Scott, associ-ate professor of Criminol-ogy, Justice and Policy atthe University of Ontario,Institute of Technology.

People use social net-working sites to share infor-mation with family, friendsand other colleagues, butmay forget that they aren’tthe only ones able to seethat information.

Similarly, when usersinvite people to join theirfriends list, they may alsobe giving them access totheir personal profile andthe information it contains.

Scammers can use allof that information to lurepotential victims.

“Fraudsters target aperson’s needs or sympa-

thies because it increasesthe likelihood that therecipient will fall for thescam,” Dr. Scott says.“For example, a studenton a tight budget maybe tempted with a bogusapplication for an easyeducation loan.”

Scam artists often ex-ploit the structure of socialnetworking sites, which in-clude friends lists, to reachpotential victims. Peoplewho are usually wary ofspam messages may be lessskeptical of messages sentby someone posing as afriend.

Given all of this, it isn’tsurprising that Internet-related frauds are on anupswing. According tothe Canadian Anti-FraudCentre, the total reportedlosses from Internet fraudin 2009 exceeded that ofall other types of fraudsolicitation combined.

Users can protectthemselves online througha combination of commonsense and technologicaltools.

“Steps to prevent onlineidentity theft and othertypes of fraud includerestricting who can seeyour personal informa-

tion online to people youknow,” says Anne-MarieHayden of the Office of thePrivacy Commissioner ofCanada.

“We recommendthat individuals protectthemselves by reading andunderstanding privacypolicies; using privacycontrols to restrict access topersonal information; notaccepting friend requestsfrom people they don’tknow in real life; and beingdiscreet about what theypost online,” Ms. Haydensays.

Before posting informa-tion intended for friends,users should considerwhether it is somethingthey would want to beseen by their employer,teacher, younger sibling ora competitor.

And if you do receive atempting offer, remember:if it sounds too good to betrue, it probably is.

Other tips to protectusers are posted on thewebsite of the Office of thePrivacy Commissioner ofCanada (www.priv.gc.ca).The RCMP also providesa list of Internet safetyresources on its website(www.rcmp-grc.gc.ca).

For fraudsters, onlinenetworking isn’t social

USER BEWARE

“I think we will see an increasing rise in phishing or spoofing messages being sent to mobile phones. People – especiallyyoung people – tend to let their guard down when they use the phone.” Kevin Lo, managing director, Froese Forensic Partners

Has someone used your personal infor-mation to get medical goods or services?

If so, it’s a case of“medical identitytheft”– a serious problem that can resultin false health care claims being made toyour private or public health insurer.

“The thief could go one step further,and use your medical identity to stealyour full identity – and that could havea devastating impact on you and yourfinancial security,”says Joel Alleyne,executive director of the Canadian HealthCare Anti-fraud Association.

“A potential perpetrator can rangefrom a friend, relative, complete stranger,or even a person working in the healthcare environment,”says CHCAA chairDaniel Tourangeau.

Unlawful use of your medical iden-tity can result in the creation of falsemedical records, with potentially direconsequences.“You may get an incorrect

diagnosis, wrong blood transfused orallergy information may be missed,”saysMr. Alleyne.

“You could be denied health insurancecoverage based on false information inyour medical record.”

The CHCAA urges the public to takethe following preventative steps:

• Treat provincial health and privateinsurer cards the way you would a creditcard.

• Cross-shred personal documentswhendiscarding.

• During a visit, confirmwith your healthcare provider the date of your last ap-pointment.

• Read your Explanation of Benefits care-fully and report anything suspicious toyour insurer.

Visit chcaa.org to learn more.

SAFEGUARD

If your investment plandoesn’t include checkingthe CSA website,

it’s not a plan.

Find out more: www.securities-administrators.ca/fraud.aspx

Be an informed investor. Include abackground check as part of yourresearch. Use the CSA resources tocheck out the latest disciplined persons,search cease trade orders, and learnhow to recognize and avoid fraud.