Anyone can get scammed, even me.

It’s a sinking feeling when you realize your information has been stolen. In 2009, after moving to another town for university, I took a couple of friends who had helped lug my stuff into my new digs out to lunch as a thank you. This was before portable credit card terminals and chip and PIN became ubiquitous in Canada, and it was still customary to hand over your credit card to the server for processing. I remember waiting around for what seemed like longer than normal to get my card and the receipt back, but then once they were in my hand thought nothing of it.

A few days later, I went online and purchased an electronic textbook directly from the publisher’s website. This was a fairly new option at the time, and while e-books were a mere 3-5% of book sales in 2009, publishers were rushing to take advantage of a fast-growing format. I dutifully input my credit card number into the rudimentary e-commerce portal provided by what was (and still is) a well-established large publishing company, so that I could access the learning material I needed.

Maybe another day or so later I attempted to use my credit card again, and it was declined. Weird, I thought. Had I missed a payment and hadn’t realized in the confusion of moving and starting school? Had my card been flagged because I had made a number of purchases in a new town without notifying my bank? I went back to my rented room, still cluttered and in a state of mid-unpacking, and logged into my online banking. There, I was greeted with a small charge from a hardware store in Ireland (I wasn’t in Ireland), and a much larger charge from an online casino (I wasn’t in a casino). My credit card information had been stolen.

I can’t say for sure at what point my information was stolen. The moments that stand out to me are that long wait at the restaurant and the e-commerce portal for the textbook. But it could easily have been any number of times where I had entrusted that piece of plastic with embossed numbers and magnetic strip to a stranger. Regardless, it meant that in the midst of student loan processing, textbook buying, unpacking, figuring out busses, schedules, and all the things that come with going to university, I was also on the phone with the fraud department of the credit card company. And that reliable method of payment – a stop gap until my student loan installment was deposited – was now frozen. A violation and inconvenience that added unwelcome stress to an already stressful time.

Anyone can get scammed, even me. Looking back, I can see what a different time it was, and how it would be harder, though not impossible, for the same thing to happen to me today. Today, a credit card almost never leaves our hand when making a transaction. Today, the HTTPS protocol, which encrypts data as it travels from your device to a website, is now the norm rather than the exception. Today, we have more options available to us to keep our data safer in the very online world we live in.

An important modern security option you should know about is multifactor authentication (MFA). MFA (also referred to as two factor authentication or 2FA) is a process that requires the presentation of two pieces of evidence to prove that you are you. With most online services you or I would access, the first piece of evidence is your password, and the second piece of evidence is an alphanumeric code (often 6-digits) either texted to your mobile phone or, even better because phone numbers can be compromised, generated from an app.

Having MFA enabled means that even if a thief figures out your password, they still can’t get into your private accounts such as your email, banking, or Facebook account unless they have access to your device that is generating or receiving that code. MFA doesn’t replace the need for a strong password (15 characters including numbers and special characters, please!), but it does add an extra layer of protection. According to GetCyberSafe.ca, MFA can protect you from 100% of automated bots, 96% of phishing attacks, and 76% of targeted attacks.

Today, I have MFA enabled on anything I can enable it on because I appreciate the peace of mind that comes with that extra layer of security. Especially having had my own data stolen during a time when many of our modern security measures weren’t widely adopted yet. We often balk at adding additional steps to our already full days, or changing what we do to make our data safer. However, from experience, I can say an ounce of prevention is a pound of cure.

Learn more

Are you suffering from password fatigue. 2023. Fergus O'Sullivan. (Proton) Last accessed 2024/04/05.

Passphrases, passwords and PINs. 2021. (GetCyberSafe.ca) Last accessed 2024/04/05.

Multi-factor authentication. 2021. (GetCyberSafe.ca) Last accessed 2024/04/05.

Correction log

Nothing here yet.