The case of an Ontario man who allegedly earned hundreds of thousands of dollars by peddling massive troves of personal information obtained on the so-called dark web is a sobering reminder of the scale of online threats Canadians face every day.
The RCMP arrested a suspect, Jordan Evan Bloom of Thornhill, Ont., on Monday. The 27-year-old is charged with offences including trafficking in identity information, unauthorized use of a computer, mischief with data and possession of property obtained by crime.
None of the charges against him have been proven in court.
âWe tend to assume that cybercrime is exclusively global, that it comes from some exotic locale. When in fact, the perpetrators could be someone whose path weâve crossed this morning,â technology analyst Carmi Levi told CTVNews.ca. âThornhill is as Canadian suburb as it gets. Sadly, it looks like cybercrime has come home.â
Levi offered some simple tips that anyone can use to make your information a more difficult target for hackers.
Look for a lock icon and âhttpsâ
Scanning your browserâs address bar takes about two seconds. Itâs a momentary chore that could save you from falling victim to a scam.
There are two important things to look for, especially if you are entering sensitive information like a credit card number. You want the web address to begin with âhttps,â not âhttp.â The âsâ stands for âsecure.â Never mind what the rest means.
The second thing to look for is a lock icon.
âIf that lock icon is not there, or if it shows the lock is unlocked, then you should not share any information because it is not encrypted and is not secured,â Levi said.
Look before you link
Hold your mouse over a link before you click to make sure it will take you where you expect to go.
âIt may look like you are clicking a link to the Hudsonâs Bay site, for example, but if you look at the link when you hover over it, it might say âthebay.ru.â Thatâs when alarm bells should go off,â Levi said.
Rogue links, he explains, can lead to a âdrive-by attack.â Itâs an unexpected trip to a site infected with malware, malicious software that infects your computer.
âWhat happens after that is anybodyâs guess,â Levi said. âIt could be a key logger. It could be a virus. It could reach into your database and spam all your friends. It could even install bitcoin mining software, which will sap all of your deviceâs energy.â
Rogue links may even appear to have been sent by a friend on social media platforms like Facebook. Donât fall for cleverly worded lures like, âOMG, I found this video of you.â
Update your software
The arms race between software manufacturers and cybercriminals never ends. Having the latest version of your operating system, apps and other software is the simplest way to ensure you have the latest countermeasures to defeat the newest threats.
Levi said he canât overstate the importance of installing new versions as soon as they came out.
âItâs like driving a car without a seatbelt on,â he said. âIdentity thieves target non-updated devices because they are an easy mark.â
Strengthen passwords and use enhanced security features
You donât have to be a cybersecurity expert to know that more complex passwords are tougher to guess, but beyond avoiding âpassword123,â for example, it is also important to change them regularly and avoid using the same one for multiple accounts.
If remembering obscure phrases peppered with all kinds of symbols for each account is too challenging, password management services like and can help. They keep track of your super-strong passwords so you donât have to.
Change your email password if itâs been a while. But a can also give you an idea on whether itâs time for a new one. Enter your email address to find out if it has been swept up in any reported breaches.
Levi also recommends using extra security add-ons when they are available. Two-factor authentication, for example, works by delivering a text message to your mobile device, or email, with an additional code after you enter your password. Itâs a bit of a hassle, but Levi said itâs well worth it.
âThat way, if thieves manage to guess your password, they have to go through another virtual lock to get to your account,â he said. âYouâve essentially slammed the door in their face.â
Be careful when logging onto public Wi-Fi
Nobody likes burning up data when a free connection is available, but criminals have been known to set up their own free networks in busy hubs that appear trustworthy at first glance.
âThey are easily able to capture things like usernames and passwords when you use a rogue network to sign into your accounts,â Levi said.
Look for signs posted inside businesses that describe how to log onto their Wi-Fi or ask staff for help.
Levi recommends staying on your data plan if youâre doing something especially sensitive.
Be careful who you trust with personal details
Yes, it sounds painfully obvious. But people have become far too accustomed to filling out online forms that ask for your name, phone number and address. Always ask yourself why a website needs this information, and what they might do with it.
âIf you donât have valid answers, donât share it in the first place,â Levi said. âWe assume that just because a page looks like something we have filled out before, that it shouldnât raise our alarm bells. It really should.â
Looks for a âterms of useâ policy that says all the data you provide is encrypted and will not be shared.