The case of an Ontario man who allegedly earned hundreds of thousands of dollars by peddling massive troves of personal information obtained on the so-called dark web is a sobering reminder of the scale of online threats Canadians face every day.
The RCMP arrested a suspect, Jordan Evan Bloom of Thornhill, Ont., on Monday. The 27-year-old is charged with offences including trafficking in identity information, unauthorized use of a computer, mischief with data and possession of property obtained by crime.
None of the charges against him have been proven in court.
鈥淲e tend to assume that cybercrime is exclusively global, that it comes from some exotic locale. When in fact, the perpetrators could be someone whose path we鈥檝e crossed this morning,鈥 technology analyst Carmi Levi told CTVNews.ca. 鈥淭hornhill is as Canadian suburb as it gets. Sadly, it looks like cybercrime has come home.鈥
Levi offered some simple tips that anyone can use to make your information a more difficult target for hackers.
Look for a lock icon and 鈥渉ttps鈥
Scanning your browser鈥檚 address bar takes about two seconds. It鈥檚 a momentary chore that could save you from falling victim to a scam.
There are two important things to look for, especially if you are entering sensitive information like a credit card number. You want the web address to begin with 鈥渉ttps,鈥 not 鈥渉ttp.鈥 The 鈥渟鈥 stands for 鈥渟ecure.鈥 Never mind what the rest means.
The second thing to look for is a lock icon.
鈥淚f that lock icon is not there, or if it shows the lock is unlocked, then you should not share any information because it is not encrypted and is not secured,鈥 Levi said.
Look before you link
Hold your mouse over a link before you click to make sure it will take you where you expect to go.
鈥淚t may look like you are clicking a link to the Hudson鈥檚 Bay site, for example, but if you look at the link when you hover over it, it might say 鈥榯hebay.ru.鈥 That鈥檚 when alarm bells should go off,鈥 Levi said.
Rogue links, he explains, can lead to a 鈥渄rive-by attack.鈥 It鈥檚 an unexpected trip to a site infected with malware, malicious software that infects your computer.
鈥淲hat happens after that is anybody鈥檚 guess,鈥 Levi said. 鈥淚t could be a key logger. It could be a virus. It could reach into your database and spam all your friends. It could even install bitcoin mining software, which will sap all of your device鈥檚 energy.鈥
Rogue links may even appear to have been sent by a friend on social media platforms like Facebook. Don鈥檛 fall for cleverly worded lures like, 鈥淥MG, I found this video of you.鈥
Update your software
The arms race between software manufacturers and cybercriminals never ends. Having the latest version of your operating system, apps and other software is the simplest way to ensure you have the latest countermeasures to defeat the newest threats.
Levi said he can鈥檛 overstate the importance of installing new versions as soon as they came out.
鈥淚t鈥檚 like driving a car without a seatbelt on,鈥 he said. 鈥淚dentity thieves target non-updated devices because they are an easy mark.鈥
Strengthen passwords and use enhanced security features
You don鈥檛 have to be a cybersecurity expert to know that more complex passwords are tougher to guess, but beyond avoiding 鈥減assword123,鈥 for example, it is also important to change them regularly and avoid using the same one for multiple accounts.
If remembering obscure phrases peppered with all kinds of symbols for each account is too challenging, password management services like and can help. They keep track of your super-strong passwords so you don鈥檛 have to.
Change your email password if it鈥檚 been a while. But a can also give you an idea on whether it鈥檚 time for a new one. Enter your email address to find out if it has been swept up in any reported breaches.
Levi also recommends using extra security add-ons when they are available. Two-factor authentication, for example, works by delivering a text message to your mobile device, or email, with an additional code after you enter your password. It鈥檚 a bit of a hassle, but Levi said it鈥檚 well worth it.
鈥淭hat way, if thieves manage to guess your password, they have to go through another virtual lock to get to your account,鈥 he said. 鈥淵ou鈥檝e essentially slammed the door in their face.鈥
Be careful when logging onto public Wi-Fi
Nobody likes burning up data when a free connection is available, but criminals have been known to set up their own free networks in busy hubs that appear trustworthy at first glance.
鈥淭hey are easily able to capture things like usernames and passwords when you use a rogue network to sign into your accounts,鈥 Levi said.
Look for signs posted inside businesses that describe how to log onto their Wi-Fi or ask staff for help.
Levi recommends staying on your data plan if you鈥檙e doing something especially sensitive.
Be careful who you trust with personal details
Yes, it sounds painfully obvious. But people have become far too accustomed to filling out online forms that ask for your name, phone number and address. Always ask yourself why a website needs this information, and what they might do with it.
鈥淚f you don鈥檛 have valid answers, don鈥檛 share it in the first place,鈥 Levi said. 鈥淲e assume that just because a page looks like something we have filled out before, that it shouldn鈥檛 raise our alarm bells. It really should.鈥
Looks for a 鈥渢erms of use鈥 policy that says all the data you provide is encrypted and will not be shared.