Protect Yourself During COVID-19
The COVID-19 outbreak has had an unprecedented impact on our economy and way of life. It has also brought new challenges that consumers should be aware of. Click on the links below for key information and tips to help you avoid being a victim of fraud or misleading advertising and to protect your privacy.
Since the pandemic began, fraudsters have tried to take advantage of people by providing information – including false claims about cures and treatments – to convince people to share their personal and financial information.
How to identify COVID-19 scams and cyber fraud
Look out for scammers posing as representatives of a government, health care or other trusted organization, or even as someone who you know. Some of the more common scams are:
- Offers from government agencies to reduce the amount of money that you owe. (This is especially suspicious if you did not put in a request for financial relief).
- High-priced or low-quality products bought by consumers in bulk and resold to you for profit.
- Questionable offers such as faster testing or miracle cures.
- Unsolicited calls, emails or text messages that appeal to you for urgent action or for immediate payment.
Learn more by reading the Canadian Anti-Fraud Centre’s COVID-19 reported scams list.
Beware of increased phishing attempts: COVID-19 related phishing attempts are on the rise. Phishing is a method of trying to gather personal information from unsuspecting people through deceptive e-mails, texts and websites. The emails, which may appear to be from a trusted source, aim to trick you into opening attachments or links that allow the sender to obtain your personal credentials or information, or gain unauthorized access to a computer system. In some cases, these deceptive emails or texts include attachments or links; if you click on the links or open the attachment, it could encrypt files on your computer so that you can’t access your own files until a ransom is paid.
Want more info on phishing? Check out this infographic from the Canadian Centre for Cybersecurity.
Think twice before giving out personal or financial information
If you didn’t initiate contact with the person or organization that is contacting you, or you don't know who you're communicating with, don’t give out any information or respond to their requests. This includes opening links sent in an email or text. Here is an infographic with the 7 biggest red flags you should check for when you receive an email or text.
Weed out the fakes
Instead of responding to calls, emails or texts from unknown senders or clicking on any suspicious links, it’s important to confirm the authenticity of the information and requests you’re receiving.
When it comes to emails and links, the Canadian Centre for Cybersecurity offers some important tips for you to spot fakes, including making sure the address or attachment is relevant to the content of the email, looking for typos (which could indicate that the message is not from a credible organization) and directly typing the URL in the search bar instead of clicking a provided link. Remember that malicious websites may look identical to a legitimate site, but the URL may have a slightly different spelling or domain name.
If the communication seems to be from a trusted organization or individual, go directly to their official website to find out more, or contact them through your usual means. If you’re asked to make a donation to a social cause, you should verify that the charity seeking your funding is registered. To be sure, contact them through the information provided on their official website.
Remember that cybercriminals don’t just take advantage of human behaviour online; they also take advantage of weaknesses in software and hardware. See our cybersecurity tips below under “Protecting Your Privacy.”
Seek out trusted, official information on COVID-19: It’s best to seek out trusted information on the pandemic yourself, rather than relying on information that shows up in your inbox even though you didn’t request it. For the latest official information, go directly to the website of your municipal, provincial or federal government. Here are two good places to start:
- Government of Canada COVID-19 - for official federal updates on health, safety, travel, government financial and tax relief, and more.
- Financial Consumer Agency of Canada COVID-19 - for information on how to manage your financial health during the pandemic.
If you have questions for other trusted organizations, including your financial institution or insurance provider, make sure to contact them directly through their website, through the number listed on the back of your client card, or through the information on your account statement.
Visit the CMA's page about shielding yourself from fraud for more information.
Where to report scams and cyber fraud
You can report fraudulent or suspicious activity, including scams and phishing attempts, to the Canadian Anti-Fraud Centre at www.antifraudcentre.ca or by phone at 1-888-495-8501.
If you are a victim of fraud, you should also file a report with your local law enforcement agency or the RCMP. Be sure to keep all evidence related to your complaint.
There may be other organizations you should notify depending on the type of fraud. To learn more, check here.
Depending on what personal or financial information was shared or accessed, you should inform the following organizations as appropriate:
- Your bank and/or credit card provider.
- Canada’s main credit reporting agencies (Equifax or TransUnion) to have a fraud alert added to your credit report.
- Service Canada if any of your federally issued ID information was compromised (such as your social insurance number or passport).
- Canada Revenue Agency (CRA) if you believe your CRA user ID or password has been compromised.
- Your provincial or territorial government department responsible for provincial driver’s licenses or health cards.
Misinformation is common during uncertain times, so it is more important than ever for you to do your research and verify the source of the information you are relying on.
Canada’s Competition Bureau is monitoring the marketplace and taking action to stop false and misleading advertising claims.
How to identify false and misleading advertising
Health Canada has not yet approved any product to prevent, treat or cure COVID-19. Be wary of any claims, offers or ads that you see claiming otherwise.
Examples reported so far include:
- False claims about coronavirus prevention.
- Fake cures.
- Fake at-home coronavirus testing kits (no product has been so far approved in Canada).
- Masks falsely advertised as N-95 certified.
Don’t be taken in by false and misleading advertising
Be aware and proactively inform yourself of the current situation to avoid becoming a victim.
- Do not automatically believe product reviews, endorsements or testimonials as some sellers may fake these or pay for the positive reviews.
- Do your research and consult official sources. The Canadian pandemic response is officially being led by the Public Health Agency of Canada, so this is one of the best places to start your search for health information.
- Be wary of any offer that sounds too good to be true.
Where to report false and misleading advertising
If you believe that a company or individual is making false and misleading advertising claims, you can report it directly to the Competition Bureau here.
If you see or suspect illegal drug or device marketing, you can file a complaint with Health Canada here.
Note on price gouging: Provincial governments, to varying degrees, are prohibiting companies from charging you unfair prices for necessary goods during the pandemic. For example, in Ontario, you can report an incident of price gouging here. Necessary goods typically include personal protective equipment, non-prescription medications, disinfecting agents and other personal hygiene products, such as soap and toiler paper. If you want to report price gouging, head to your provincial government’s website to find out more.
- Competition Bureau: COVID-19 Advice to Consumers and Businesses
- Health Canada: Health Product Advertising Incidents Related to COVID-19
The COVID-19 outbreak has led to responses by businesses, governments and other organizations. It's important to remember that during a public health crisis, you are still protected by regular privacy laws.
Obligations of Canadian businesses when it comes to your personal information
In Canada, there is legislation that protects your privacy, not just during the pandemic but all the time. The federal Personal Information Protection and Electronic Documents Act (PIPEDA) sets the rules for how organizations may collect, use or disclose your personal information in the course of commercial activities.
Under PIPEDA, organizations must follow 10 fair information principles. For example, they must collect, use or disclose your personal information only with your consent, and only for reasonable purposes. They are required to protect your personal information, ensure it’s accurate, complete and up-to-date, and destroy it when it’s no longer needed. Find out more about the obligations of Canadian businesses when it comes to your personal information here, and your privacy rights here.
It’s important to remember that some organizations, including government institutions, are not subject to PIPEDA. To find out what your privacy rights are under other laws and where to raise a concern, try out this tool from the Office of the Privacy Commissioner of Canada (OPC).
Privacy considerations during COVID-19
Canadian privacy laws still apply during the pandemic. That said, most of these laws contain unique provisions that may apply during a public health crisis to ensure the law is not a barrier to appropriate information-sharing.
In the case of PIPEDA, the law allows for your personal information to be used or disclosed without consent for specific reasons that may be relevant during COVID-19, such as:
- To act in an emergency that threatens your life, health or security, such as if you require urgent medical attention and are unable to communicate directly with medical professionals,
- If a public health authority with sufficient legal authority requires an organization to disclose your personal information, or;
- If a government institution has reasonable grounds to believe that the information relates to the breaking of a Canadian law, such as if you are not following a quarantine order put in place by government.
The full list of exceptions to consent are listed here. If an organization is going to rely on any of these exceptions, they must be clear with you about the authority that they have to do so. They’ll still have to follow all other principles of PIPEDA, including collecting or disclosing the minimum amount of information possible for the stated purpose.
Tips to protect your own privacy
Organizations require a certain amount of information from you in order to serve you well. It’s best to share the minimum amount of personal information that is needed for the products and services you want and need.
Pay attention to your privacy settings: Privacy settings can help you increase the control you have over how your personal information is handled, including what information an organization collects and who can see what you post. Make sure to choose the privacy settings you are comfortable with on all your devices, browsers, social media accounts and other online services. Organizations often update their privacy policies, so be sure to review and adjust these settings regularly.
On your mobile device, you can control if and when different apps can turn on location tracking. On your browser, you can control things like pop-ups and cookies. These functions are intended to improve and personalize your experience, and it’s important for you to decide what you’re comfortable with. For more information, see the OPC’s tips for privacy settings.
You also have options if you have concerns about online “behavioural” or interest-based advertising. For example, the Digital Advertising Alliance of Canada (DAAC) offers the AdChoices consumer opt-out tool.
How to get a privacy issue addressed
When a privacy issue arises, your first step should be to try to resolve the issue directly with the organization by contacting their Privacy Officer. You may also reach out to the CMA for advice and support.
If you are not satisfied with an organization’s response to your concerns, you may be able file a formal complaint with the OPC.
Cybersecurity tips to protect your personal information
During the pandemic, many of us are operating on a more virtual basis, so it’s important to be extra careful about your personal information. Cyber-criminals may be increasing their malicious attacks in order to take advantage of overlooked
Here are some key cybersecurity tips:
- Keep your devices updated: Keep all software on your personal internet-connected devices up to date, including your computer, smartphone and tablet.
- Use and update protective software: As appropriate to your device, use and update anti-virus software, anti-phishing software, firewalls and host intrusion detection system (HIDS). Learn more about these types of software from the Canadian Centre for Cybersecurity.
- Use strong passwords: Use unique passphrases and complex passwords (eight or more characters with a combination of characters, numbers and symbols) for all accounts, including your social media accounts. Use different passwords for different accounts, and use two-factor authentication if it’s offered.
- Avoid using public WiFi and “jailbroken” devices: Use of public WiFi connections puts you at risk. If you must use one, you should use a Virtual Private Network (VPN). Always remember to turn off your Wi-Fi, GPS, and Bluetooth when not in use. Do not attempt to jailbreak your devices, which is a method of disabling the security measures put on by the device manufacturer.
- Back up your data: Avoid losing data by storing your data securely and knowing your backup procedures. Back up often.
- Don’t share information that could help hackers: Do not openly share personal information that could help someone hack into any of your accounts or guess your passwords, particularly on social media. When creating security questions for logins, don’t make the answers personal information, like your middle name or address.
- Stay secure when working remotely: Be sure to take precautions when using company devices. In addition to the tips above, here are some best practices:
- Keep your devices in a secure place, and ensure they “auto log-out” when not in use. Use your devices only for work, and don’t let others use them.
- Make sure you’re using a secure network when accessing work accounts and shared drives, like a VPN issued by your employer.
- If you’re connecting to a home WiFi network, make sure you have that network locked down with a strong password. If you can separate your WiFi network by creating one for personal devices and one for work devices, do that.
- Follow the advice of your IT department and contact them as soon as issues arise.
- Be vigilant when using videoconferencing: Videoconferencing tools are more popular than ever during the pandemic. When a technology grows quickly in popularity, bad actors may aim to take advantage of the onslaught of new and untrained users. They may access meetings uninvited, share malicious links, or attempt to access chat logs saved on servers or the cloud. Be sure to use privacy settings to lock down your meeting (including the “waiting room” feature). Avoid recording meetings and storing the logs unless you have to, and don’t share links to your meeting in an open forum. For more privacy and security tips when using videoconferencing, see tips from the OPC here, and information from the Canadian Centre for Cyberecurity here.
- Office of the Privacy Commissioner of Canada (OPC): A Guide for Individuals, Protecting your Privacy
- Canadian Centre for Cybersecurity: Protecting Against Malware
- Canadian Centre for Cybersecurity: Considerations When Using Video-teleconferencing Products and Services
- National Cybersecurity Alliance: COVID-19 Resource Library (US)