Toll Free: 1.866.997.3334
online: request for quote

In The News: Bell Exposes Millions in Large Scale Breach

Last month, we explored the story of a local woman who realized she was a victim of identity theft after receiving an unusual ETR bill. The Absolute Destruction headquarters, located in Aurora, is only a stone’s throw away from Vaughan where the crime took place. It’s the first time we examined an incident that was so close to home.

We think it’s important that we investigate local cases of identity theft, to show that it isn’t just a subject of Hollywood films. Identity theft is a real danger to anyone who doesn’t protect their personal information properly.

That’s why we’re starting our second installment of our semi-regular feature, In the News, in which we look at a Canadian telecomm company that failed to shield its customers from a cyberattack — many of whom live in the GTA. Last month, Bell was the victim of an online hack that exposed the personal emails of roughly 1.9 million people and the contact information of 1,700 individuals.

The anonymous hackers posted a note that promised to leak more information should Bell fail to give into their demands. What those demands were are still protected by the ungoing investigation, but it’s likely the criminals were asking for a ransom. Remember, from our post on Ransomware back in May of 2016, that paying these demands rarely works to the victim’s advantage.

Though millions of people were affected in the attack, Bell maintains there was “minimal risk involved” with the breach, and they are still working with law enforcement and the government to ensure the safety of their customers.

We’ll be hearing about breaches more often in the future because of the way companies must now handle these leaks — not because we suspect the threat of hackers has multiplied in any way. Under the guidance of the Canadian Securities Administrators, the federal government is making changes to the country’s privacy laws.

In the past, some cyberattacks were never reported, as there were no legal regulations requiring companies to share this information. The latest changes require companies to disclose more information about every single data breach that results in exposing Canadians’ personal information. These modifications dictate companies also divulge any risk they think may result in another cyberattack sometime in the future.

As a result, more Canadians than ever before will be notified their personal information has been leaked. While these reports will be alarming to those affected, those responsible for these privacy laws hope their work will ultimately lead to greater transparency regarding security.

It only makes sense in terms of marketing. If a company is forced to share every data breach and internal weakness that could lead to more in the future, they’ll want to demonstrate to their customers the way they use their information and how they hope to protect it.

In addition to firewalls, network antivirus, and server security, hiring our commercial shredding services is an essential way to eliminate the threat of identity theft. While firewalls and server securities will protect current information your business needs to store, our document destruction and electronic data destruction ensures obsolete paper and digital files can no longer expose customer information or company intellectual property.

If you’re one of the many business owners that call the GTA home, get in touch with our team. We’ll arrange a convenient shredding schedule customized to your needs, so you can protect your company from local threats of identity theft.

Add comment June 26th, 2017

Click Before You Think: A Look At The Latest Google Phishing Scam

Blog post after blog post, we always come back to the same piece of advice: only click on an attachment if it’s from a trusted source. Usually it’s a good rule of thumb that can protect you from the majority of phishing scams, but the crew at Absolute Destruction is prepared to eat our words. Sometimes, even seemingly trusted sources can send you bogus attachments.

Last month Google was at the heart of an insidious phishing scam that was aimed at its Google Doc users. It sent out an alarmingly realistic email to users asking permission to manage their email and contacts. If you clicked allow, it would have access to everything within your email accounts and your contact list, which it would then use to send out similar emails to your friends and family.

It worked so well because it sent you a Google-hosted page that listed all of your Google accounts, making it seem like a legit request from the tech company. The scam also bought the rights to a third-party app called Google Docs, further legitimizing the scam. Most people didn’t realize there is no such thing as Google Docs app. The real application is built-in to your Google account and has access to your email by default.

Though Google was quick to neutralize this threat, the scam managed to work on roughly 1 million users. Despite the large number, it seems like the tech giant dodged a bullet. Their investigations revealed the scam managed to access only contact information and no other personal data was exposed.

It was a near miss, but it provides a great lesson to all of us. While it’s easy to dismiss emails from unusual sources, with suspect titles and strange attachments, it’s not as simple to identify sophisticated scams that copy the look and writing style of trusted accounts.

Just as phishing scams are evolving, our approach to these cons needs to change along with them. In this latest case, critical thinking was the key to avoiding becoming a victim. Google Docs already has permission to see your emails and the documents you send through it, so it would never need to send this email in the first place.

This method is certainly a lot harder to lock down, and it will take practice.

It’s certainly much more difficult than scheduling our secure electronic data destruction services. Though easier to arrange, our data destruction is an essential step towards digital security, as it eliminates the physical theft of your data once you throw away obsolete devices. Once your computers, phones, or hard drives pass through the teeth of our mobile shredding truck’s blade, there’s no way to retrieve financial files or personal information stored on their chips.

To protect yourself even further, check out the top guides outlining how you can avoid phishing. Experts like WIRED and Norton Anti-Virus provide are a good place to start, so you can protect yourself against sophisticated phishing scam.

We’ll wait as you study up. Once you’re ready, give us a call to schedule your first pick up, and you’ll be one step ahead of the game.

Add comment June 22nd, 2017

Why GDPR Are Four Letters Businesses Need To Know

Back in September of 2015, our blog took a look at the various privacy laws in countries around the world. Along with the US and UK, the crew at Absolute Destruction reviewed European privacy policies as it compared to Canadian legislation. For any archive jumpers (or for those with great memories) we have an announcement to make. This past April, the European Union has passed a landmark privacy bill in the General Data Protection Regulation, and it will effectively replace Directive 95 as of this time next year — which means, as of May 2018, everything within that article regarding Europe’s current laws will be outdated.

To remind our regular readers, Directive 95 is the colloquial term for the Data Protection Directive or Directive 95/46/EC. Since 1995, the directive regulated the way personal information of European citizens could be collected, shared, and discarded. It was a head of its time, as it protected European’s personal data online when the Internet was in its infancy. Times have changed drastically, as has digital storage capabilities, which is why the EU has drafted a new and improved directive.

GDPR or Regulation (EU) 2016/679 will strengthen what was established in 1995, and it will roll out new enforcement measures for those who fail to comply. Should a company fail to protect personal information according to GDPR terms, they could be charged as much as 4% of their revenue as punishment. Continue reading here to get an in-depth review of the proposed changes.

Though the GDPR protects European citizens, it’s a bill that holds significance for business owners here in the GTA. Its regulations apply to any company that collects or stores information from EU citizens. Like Canada’s PIPEDA, you must follow GPDR if you’re a multi-national organization that deals with European customers or you will face the consequence outlined above.

The regulation may be a European law, but you can ensure your business practices abide by it through local means. As your resident shredding service in the GTA, we can help. We’re NAID-certified, so our fully bonded document destruction crew can guarantee our commercial shredding services follow the letter of the law — wherever it hails. In addition to adhering to the latest disposal techniques set out by the National Association for Information Destruction, we strive to meet the appropriate measures set out by the federal and provincial government’s privacy laws.

We like to be prepared, so we’re already gearing up for upcoming regulation, so we can ensure our multi-national clients are compliant with the GDPR once it comes into effect in May 2018. Until then, it will be business as usual as we provide secure, dependable shredding services that abide by necessary disposal regulations.

To make sure your small business or multi-national organization is compliant with every law, give us a call and schedule an appointment. With a variety of options that accommodate a wide arrange of digital and paper document outputs, we can help any company in the GTA confirm compliancy with laws local and abroad.

Add comment June 6th, 2017

The True Costs Of In-House Shredding

Time and time again, the team at Absolute Destruction are asked why a business would outsource their shredding to a company like us when they could do in-house shredding for free. Well, free is the operative word. Having your employees shred large quantities of paper isn’t as economical as you think. Keep reading to see our general breakdown of the costs you can expect from shredding in-house.

The Cost of Buying & Maintaining an Office Shredding

First up is purchasing your office’s shredder. While it may seem favourable to buy a machine outright over the monthly invoices you would receive from our crew, it’s not so simple. Sure, you have to buy the machine itself, which can cost you anywhere between $700 and $10,000 depending on its size and power output. But then you have to factor in its depreciation and maintenance.

It’s a running gag that shredders (as well as printers) will jam with just a scrap of paper. Unless the issues causing the backup are obvious, you’ll have to call in and pay for a repair service to unclog your machine. If not, you’ll have to replace it altogether.

The Cost of Employees Shredding Their Own Documents

Secondly, you’ll have to think about all of the time your employees will spend on shredding. It’s time intensive to prepare documents so that they’re ready for the shredder, as most commercial shredders won’t go through staples or large stacks of papers. Your employees will be wasting time taking out staples and portioning their mountain of paper into easily shredded rations.

You also run the risk of shredding poorly. Most commercial shredders sold to offices only use the strip-cut technique — which means the blades merely cut the paper into strips. This technique leaves the information you’ve shredded at risk, as it’s incredibly easy to piece these strips back together.

The Cost of Non-Compliance

Our second point ties into the third. Human error can set your business up for failure. Employee negligence (whether through ignorance or malice) can expose confidential information — either paper that should be shredded gets tossed with the regular garbage or the individual tasked with emptying the machine simply leaves the refuse in the recycling bin. The latter scenario wouldn’t be such a problem if it weren’t for the fact that strip-cut shredders fail to destroy documents thoroughly enough.

The PIPEDA (Personal Information Protection and Electronic Documents Act) necessitates businesses take the appropriate steps to prevent exposure of customer data. If you fail to do so, even because it’s due to an employee’s mistake, your company will face significant fines, as well as probable public backlash as news of your leak hits the web.

Avoiding these costs is simple: just schedule our on-site commercial shredding services. It eliminates the need to buy and maintain your own equipment and pay for the time it takes your employees to use. Our NAID-certified practices also ensure your office is always compliant with all laws regarding the destruction of personal information.

If you’d like to see how our prices compare to running an in-house shredding operation, speak with our representatives. We can explain the benefits of mobile shredding services and arrange a pick-up schedule that’s convenient for your business.

Add comment June 5th, 2017

In The News: A Local Case of Identity Theft

It isn’t often that Highway 407 plays a vital role in uncovering a severe case of identity theft, but here we are. On April 28, Tara Douglas, a teacher from Bradford, received an invoice for travel on the tolled expressway for a trip she never took in a car that wasn’t hers.

The express toll route, which runs eastwards across the GTA from Burlington to Whitby, is a major artery, here at Absolute Destruction know well. It offers a convenient way to skip over rush hour traffic found on the 403, QEW, and the Gardiner as long as you’re willing to pay a small fee.

If you’ve used it before, you know your licence plate is photographed when you merge and exit the highway. A couple of weeks after your trip, you receive an invoice billing the time you spent driving along the 407.

When Douglas opened up her bill, she noticed the licence plate didn’t match up to any of the cars she drives. She went to a Service Ontario to dispute the charges only to find out the car that was photographed was a black Range Rover that was registered under her licence. Unfortunately for Douglas, this was just the tip of the iceberg.

After removing the SUV from her licence, the Service Ontario representative directed Douglas to Barrie Police Services. In opening an investigation, the officers assigned to her case uncovered her identity was compromised. A woman had managed to steal her personal information, including Douglas’ social insurance number, in order to purchase multiple cars and cell phones as well as open credit card accounts and loans in her name. Her credit report revealed the thief had racked up between $1,000 and $5,000 in charges on each credit card, but it was the $60,000 loan that had Douglas’ heart rate soaring.

Thankfully, the 407 ETR invoice tipped her off, so Douglas can start repairing the damages done to her credit score. The credit bureaus as well as her banks have flagged her accounts and adjusted the way they manage her profile. Meanwhile Douglas has confirmed her mail isn’t being diverted, but there’s still a long way to go to recover her good name.

Though it’s possible to repair a credit rating, prevention is always the easier and more effective route. There’s no better way to prevent identity theft than to make sure your personal information is untouchable. Remember, all a thief needs to open fraudulent accounts is your name, date of birth, and SIN.

To make sure this information is never shared with the wrong person, use our residential shredding services to eliminate any financial record, tax return, or physical document that carries this data. Our NAID-certified practices and processes guarantee absolute destruction, just like our name. Once we feed your papers through the blades of our mobile trucks, there’s no way any thief can retrieve your personal information.

We also recommend you check your credit report regularly and read your financial statements carefully. This way, you can catch any unusual activity early and avoid having to rely on a shocking invoice to alert you of any criminal activity. Don’t be like Douglas. If you’re ready to protect your identity, give us a call.

Add comment May 24th, 2017

Make Sure You’re Smart About Tax Season

With the tax filing deadline approaching quickly, we return to our 3rd annual blog post about income taxes. As we do every year, we here at Absolute Destruction would like to remind our readers to be careful with their personal information as they prepare for their taxes. The documents you use to support your return contain private details about your life that should only be shared with the CRA and your trusted employer.

When your Social Insurance Number or bank account winds up in the wrong hands, these numbers can be used to steal your identity, opening up fraudulent accounts and filing false taxes in your name. Though they’re the one to commit these crimes these criminals act under your name. Their actions will be forever linked with your financial profile. When their overspending and tax fraud finally catches up with them, you’ll be the one to pay the price in the form of subprime credit, debt, and even legal issues with the CRA.

Tax fraud is a serious crime and one that the CRA and the RCMP struggle with every year. Last year, the CRA created a new program that hired 100 new auditors to catch those Canadians trying to evade paying their taxes. As a result, they brought in $1.6 billion on audits that revealed predatory tax planning.

With more stringent rules and frequent auditing, the CRA is better equipped to find discrepancies in your file, but they won’t always catch them right away. As a result, your identity can be used for months or even years before you realize what’s happened. Usually, you’ll stay unaware until a collections agency comes calling about the money you owe on an account you didn’t open.

All that a criminal needs in order to file a false income return is similar to the information needed to open a false bank account or credit card. Your name, address, and account numbers like your chequing, savings, or even SIN are exactly the personal information these individuals target. That’s why it’s incredibly important to keep and dispose any document or electronic file recording these details carefully.

The CRA requires most folks to keep their returns and any supporting documents for 6 years, but this may differ depending on your circumstances. Checking in with the CRA is a great way to make sure what you need to keep on file and for how long according to your employment situation. Any tax advisor, accountant, or organization like Intuit and Equifax can answer similar questions.

After 6 years pass, you may dispose of these documents in order to clear up space in your files, but you must discard these papers wisely. Throwing them out whole into your garbage or recycling bin invites consequences. Career criminals look through these containers in order to find the financial information left on these returns. All it takes is for these individuals to happen upon your bins and take the paper when no one’s looking.

Don’t give these criminals an opportunity this season. Take advantage of our document destruction services. We’ve helped businesses and individuals destroy their obsolete tax returns successfully for years using our mobile trucks. We drive to your home or place of business whenever you’re ready to clear out your old files, and our bonded employees shred them on site under your watchful eye. Only once we can guarantee every piece of paper is suitably destroyed (to the point where no information can be retrieved) will we drive the remains to a secure recycling facility. Our guarantee extends to any digital media you may use to help file your taxes online, including full devices, memory sticks, and external hard drives.

This year, be safe with your old taxes. Call us up and request a quote, and we’ll make sure no obsolete return of yours can ever be used against you.

Add comment May 2nd, 2017

Don’t Let Tax Season Become Scam Season

Now that the tax deadline is just around the corner, many Canadians are feeling the crunch. Unfortunately, so are cyber criminals. The number of phishing scams and deceptive phone calls skyrocket at this time of the year, as identity thieves attempt to capitalize on people’s tax anxiety. We here at Absolute Destruction don’t want you sharing your personal information accidentally, whether it’s by an errant credit card statement or by one of these cons. That’s why in addition to providing the GTA with secure document destruction, we’ve compiled a cheat sheet to help you avoid falling for these scams.

Some popular scams include an email stating you owe on one of your returns, and in order to pay the difference you must follow the link that they provide. In clicking this link, you may be sent to a page that looks very similar to the Canadian Revenue Agency’s official website, as these criminals will take care to make their request look legit; but there are little clues that should tip you off.

  • The CRA will never email to you unless it’s to confirm your email for your My Account or to notify you of new mail on your My Account
  • The CRA will never email you a link asking for your contact or financial information
  • The fraudulent link in these phishing emails won’t have the CRA domain name nor will its email address come from the official agency

Another scam currently targeting Canadians is done over the phone. Someone posing as a CRA agent will call you claiming you owe a lot of money on one of your returns. They’ll use hostile language and threats of jail time in order to extort the amount that you supposedly owe. They’ll also suggest you divulge your credit card number or use a pre-paid credit card or retail gift card to pay off your debt. Like the phishing scam above, there should be clear signs that you aren’t speak with the CRA in this situation.

  • The CRA will never use threatening or vulgar language when speaking about your account
  • The CRA will never ask for your credit card information over the phone
  • The CRA will never suggest you use pre-paid credit cards or retail gift cards in order to pay what you owe on your return
  • The CRA will never leave an intimidating voicemail message detailing personal information.

What seems like an obvious scam to you has fooled a number of Canadians into giving their personal, financial information to these criminals. According to the latest studies, the number of people who were defrauded by these kinds of scams have increased. The Canadian Anti-Fraud Centre (CAFC) found that more people were targeted successfully in the first half of 2016 than all of 2015. The CAFC also believes this figure doesn’t even tell the true story, as most victims don’t report their issues.

Be wary of how you share your information at any time of the year, but especially tax season. If you ever receive an email or phone call that you think is unusual, don’t let yourself get overwhelmed. Disconnect the call or exit your email to check in with the CRA. Log onto your My Account or call the official number of the CRA. You’ll be able to verify if your tax account is normal and then alert the agency of the scam.

Stay safe this tax season, and be careful with your personal information. Share your personal information with only the CRA, and be sure to call us to destroy any obsolete tax returns.

Add comment May 2nd, 2017

Previous Posts