Why protecting your online identity is about more than just passwords 

Your online identity is the gateway to your finances, benefits, and personal information. And with identity fraud being the most reported type of fraud in Canada in 2024, and Canadians losing over $638 million to fraud, it’s clear that traditional security measures aren’t enough anymore.

While digital threats to your identity have become more sophisticated, you have the power to stay one step ahead. By adopting a proactive and comprehensive approach to your online security, you can confidently navigate the digital world and keep your personal information safe.

Common risks to your online identity

While sophisticated attacks can come from multiple sources, piecing together information like a complex puzzle, there's good news: understanding how these attacks work is your first powerful step towards staying secure. By recognizing the tactics used, you're already building a strong defense against potential threats.

Weak or reused passwords are still a huge problem. Even though experts have been talking about this for years, people still use the same password across multiple accounts. When one account gets compromised, suddenly everything else is at risk too.

Phishing and smishing messages are getting incredibly sophisticated. These aren’t the obvious “Nigerian prince” emails anymore. Modern phishing attempts look exactly like legitimate communications from your bank, your employer, or even your friends.

Oversharing on social media creates a goldmine of information for identity thieves. That post about your vacation might seem harmless, but combined with other information, it can help someone answer your security questions or figure out your patterns.

Insecure public Wi-Fi or devices can expose your information without you even knowing it. That free Wi-Fi at the coffee shop might be convenient, but it could also be a trap set by someone looking to steal your data.

Using the same password for work and personal accounts creates a bridge between your professional and personal life that attackers can exploit. If your work email gets compromised, suddenly your personal banking might be at risk too.

The scary part is that you might not even know when one of these vulnerabilities has been exploited until it’s too late. With the right knowledge and tools, you can reduce your risk and catch potential vulnerabilities early.

Strong passwords are your first line of defence

Let’s start with the basics, because even though passwords aren’t everything, they’re still really important.

Never reuse passwords. It’s tempting to use the same password everywhere because remembering dozens of different passwords is impossible for most human brains. But when one account gets compromised, reused passwords turn a single breach into a complete disaster.

Don’t include personal identifiers like your name, birthday, pet’s name, or anything else that someone could find out about you from social media or public records.

Create longer, more complex passwords. The Canadian Centre for Cyber Security recommends using passphrases – at least four random words strung together. Something like “Coffee Bicycle Mountain Tuesday” is way harder to crack than “P@ssw0rd123” but much easier to remember.

Enable multi-factor authentication wherever possible. This is probably the single most important thing you can do. Even if someone gets your password, they’d still need that second factor – usually a code sent to your phone – to actually get into your account.

Don’t share passwords with anyone. Not your spouse, not your kids, not your best friend. If someone else needs access to an account, most services have ways to add additional users without sharing passwords.

Use a password manager. These tools generate and store unique, complex passwords for all your accounts. You only need to remember one master password, and the manager handles everything else.

Diversify validation prompts. Don’t use the same security questions across different accounts, and avoid questions with answers that could be found on your social media.

Mix languages if you speak more than one. A passphrase that combines words from different languages can be even harder for attackers to crack.

What happens when your online identity is stolen

When your online identity is stolen, the consequences can ripple through every aspect of your digital life. Cybercriminals can access your email accounts, social media profiles, and online banking, using your credentials to impersonate you and deceive your contacts.

They might drain your financial accounts, open new credit lines in your name, or make unauthorized purchases that devastate your credit score. Beyond the immediate financial damage, identity thieves can hijack your professional reputation by posting inappropriate content or sending malicious messages from your accounts.

The recovery process is often lengthy and frustrating – you’ll spend countless hours changing passwords, contacting banks and credit agencies, disputing fraudulent charges, and trying to restore your digital presence.

Meanwhile, the psychological toll mounts as you lose trust in online systems and constantly worry about what other personal information might be compromised.

Your stolen identity becomes a weapon that criminals can use for months or even years, selling your data on the dark web or using it to commit additional crimes that trace back to you. 

Beyond passwords – more ways to keep your online identity safe

Protecting your online identity requires thinking about security as a lifestyle, not just a checklist.

Monitor your credit activity regularly. Set up alerts with Equifax and TransUnion so you know immediately if someone tries to open new accounts in your name or if there are any suspicious inquiries.

Be cautious about sharing your personal details online. That innocent quiz about “What’s your superhero name?” might actually be collecting information that could be used to answer your security questions. Think twice before sharing personal details, even in seemingly harmless contexts.

Avoid public Wi-Fi without a VPN for anything sensitive. If you must use public Wi-Fi, connect through a reputable VPN service that encrypts your internet traffic.

Keep software and devices updated. Those annoying update notifications aren’t just about new features – they often include critical security patches that protect against newly discovered vulnerabilities.

Log out of accounts on shared or public devices. Don’t just close the browser window – actually log out. And if possible, avoid accessing sensitive accounts on public computers altogether.

Review your privacy settings on social media platforms regularly. What you shared publicly five years ago might not be what you want public today, and platforms often change their privacy policies.

Be skeptical of unsolicited communications asking for personal information, even if they look legitimate. When in doubt, contact the organization directly using contact information you find independently, not what’s provided in the suspicious communication.

What to do if you think your identity is compromised

If you suspect your online identity has been compromised, time is critical.

Change your passwords immediately for any accounts that might be affected. Start with the most sensitive ones – banking, email, and any accounts that have your credit card information.

Notify your bank, credit card company, and insurance provider right away. They can put fraud alerts on your accounts and help you monitor for suspicious activity.

Monitor your accounts and set up alerts for any unusual activity. Most banks and credit card companies offer real-time alerts for transactions, which can help you catch fraudulent activity quickly.

Report to your regional anti-fraud centre. In Canada, that’s the Canadian Anti-Fraud Centre at 1-888-495-8501. Even if you haven’t lost money, reporting helps authorities track these crimes and potentially prevent others from being victimized.

Document everything. Keep records of all communications with financial institutions, law enforcement, and any other organizations involved in resolving the identity theft.

Contact us if you suspect a scam using Sun Life’s brand

Sun Life will never ask for passwords, Social Insurance Numbers, or sensitive details through unsolicited communications. If you receive suspicious messages claiming to be from us, contact us directly at 1-877-SUN-LIFE (1-877-786-5433) to verify authenticity.

This article is meant to provide general information only. Sun Life Assurance Company of Canada does not provide legal, accounting, taxation, or other professional advice. Please seek advice from a qualified professional, including a thorough examination of your specific legal, accounting and tax situation.