With Canada Revenue Agency temporarily suspending online services earlier this week due to a pair of cyberattacks, the Vancouver Island Better Business Bureau advises people to protect their accounts.
Prior to Monday’s announcement of service suspension, the Government of Canada announced in a press release Saturday that it was taking action after “credential stuffing attacks” on the GCKey online access service and CRA accounts. Hackers had collected login information and people who used the same passwords and usernames for different accounts were vulnerable.
A Better Business Bureau press release said breaches have been contained and victims of the cyberattack will receive “official communication” from the CRA, but the incident serves as a reminder for people to protect their online accounts.
People should consider putting a credit freeze or fraud alert on their credit reports with major credit reporting agencies, such as Equifax and TransUnion. A credit freeze will prevent anyone from accessing your credit report or scores. While the bureau said you can’t apply for new credit without lifting the freeze. A fraud alert flags your account, but doesn’t automatically halt new credit from being opened in your name, it said.
Cyberattack victims are also advised to change passwords for online accounts – especially if the same password is used for multiple accounts – go over credit card statements and report any irregular charges to the credit card company or financial institution.
The bureau also recommends victims not respond to e-mails offering assistance in the most recent, or any, cyberattack and do not click on any links or give any personal information. If there are any questions, contact the organization directly to verify the origin of the e-mail.
The bureau also advises enabling multi-factor authentication, being creative with passwords and to not respond to suspicious e-mails.
Also be cautious when connecting to public wireless hot spots. Confirm the name of the network and exact login procedures to ensure the network is legitimate and, if on an unsecure public access point, avoid banking and anything that uses passwords or credit card information.
Limit information you post on social media, including personal addresses and favourite cafés and keep information, such as social insurance numbers, full names, birthdays, confidential, and disable location services.
With proliferation of online business and transactions, Rosalind Scott, president and CEO of BBB Vancouver Island, said “proactively safeguarding online accounts against unauthorized access needs to be top priority.”
“Compromised accounts could lead to everything from identity theft and extortion attempts, to fraudulent schemes and loss of valuable data like business files and family photos,” Scott said in the press release. “Strong systems are still at risk of being compromised if users have poor cybersecurity practices like weak passwords that they share with others or use for multiple accounts.”