On Wednesday, August 12th, 2020, the Canadian Revenue Agency (CRA) resumed online services after previously disabling them due to a severe cyber-attack on August 15th. According to the agency, the usernames and passwords of thousands of its users were acquired fraudulently by hackers who used the credentials to access Canadian government services.
Pure IT is a Calgary IT support company focused on cybersecurity and managed IT services for organizations across Southern Alberta. CEO, Troy Drever shares insights into what happened with the CRA.
How the Attack Happened
The agency says that the attack targeted thousands of user accounts in two separate cyber-attacks.
One attack took place when cybercriminals took advantage of loopholes in the agency’s online security software, bypassing standard security questions to gain unauthorized access. This attack targeted about 5,600 user accounts.
A further 9,000 user accounts linked to government portal GCKey were compromised and a
range of government services accessed by hackers.
How You Can Protect Yourself
The attack used hacked user credentials obtained from multiple sources.
When reopening its online portals, the CRA said that it had executed changes to its security systems to protect itself and users from similar future attacks. All users impacted by the incident will receive letters from the agency containing detailed steps they can take to confirm their identities and restore their accounts.
However, you could consider doing a few things to avoid falling victim to this type of cybercrime:
Monitor Unusual Requests for Your Credit Scores
It would help if you thought about putting a fraud alert or credit freeze on your credit reports at reporting agencies. With a credit freeze in place, no one can access your credit report or credit score. However, you need to lift the freeze to obtain new credit. On the other hand, a fraud alert will flag your account’s activity without halting access to new credit in your name.
Do Not Click and Tell
You should limit the information you share on social media, whether your home address or your favorite coffee shop. Although these details may seem random, they help cybercriminals to target you and your family. Keep specific information about yourself, including account numbers, Social Insurance Numbers, and your passwords private.
Change Your Passwords
It is best always to use strong passwords and continually change them. Constant updates are critical if a password you use across multiple sites and portals is compromised.
Watch Out For Phishing Emails
Do not respond to unsolicited emails with dubious offers. Most of these emails are phishing messages created by online scammers. Specifically, you should avoid clicking on links or offering personal information to the authors of such messages. If in doubt, contact the company or organization directly to confirm the authenticity of any communication you may receive.
Enable Multi-Factor Authentication (MFA) For Your Online Accounts
MFA provides added layers of security for the standard username/password online verification to ensure you are the only one who can access your email, social media, banking, and other online services. With MFA, you will require not only your username and password, but also an additional method of authentication like a fingerprint, identification code, or even a second password.
The CRA cyber-attack incident shows that a compromised account could result in the loss of valuable data, identity theft, extortion attempts, or fraudulent schemes. No matter how robust the government or large corporations’ systems are, they are still vulnerable to cyber-attacks if their users have weak passwords, which they use to access multiple accounts.
Cybersecurity is a high-stakes game for both your financial and personal wellbeing. With this in mind, following the tips above will help you to avoid identity theft, scams, and compromising your online accounts.