.png)
Covers personal devices, accounts, and online presence.
Anthropic's Claude Mythos is an advanced AI model currently available only to a select group of vetted technology companies, not the general public. While it holds significant promise as a defensive tool, capable of uncovering security flaws before criminals can exploit them, the same capabilities could be misused to lower the effort needed to exploit weaknesses in email, banking, and personal accounts.
For high-net-worth individuals, families, and executives managing significant assets, this increases the risk of targeted fraud, account takeovers, and financial loss, making strong cybersecurity practices more important than ever.
Claude Mythos is an advanced artificial intelligence model developed by Anthropic, the company behind the widely used Claude AI assistant. It can be thought of as a much more powerful version of AI tools that many people already use for daily tasks. Mythos goes far beyond earlier models, especially in areas such as complex reasoning, software analysis, and, most importantly, the ability to identify weaknesses in computer systems.
At this time, Mythos is not available to the general public. It is still going through testing and review and has only been released in a highly controlled way to a small number of trusted organizations. These include major technology and security companies such as Microsoft, Apple, Amazon, Cisco, and CrowdStrike. This limited release is intentional. Anthropic has stated that Mythos is powerful enough to cause serious harm if misused, so they have chosen to share it cautiously and with careful oversight.
There are two main reasons Mythos is receiving so much attention. The first is concern within the cybersecurity community. Mythos represents a major step forward in what AI can do when applied to computer systems. Security professionals worry that existing defense tools and practices have not yet caught up. There is also concern that criminals could use tools like Mythos to make cybercrime faster, cheaper, and easier to carry out.
The second reason is business momentum. Every major AI announcement attracts investors and increases public interest. This often raises the perceived value of companies such as Anthropic, OpenAI, and Google. As a result, Mythos has become not only a security issue, but also a financial and market-driven story.
It is important to understand that Mythos is not an isolated development. Other companies, including OpenAI and Google, have already released AI models with similar cybersecurity-related capabilities, though generally at a lower level. What makes Mythos different is how quickly and efficiently it operates, as well as Anthropic’s openness in discussing both its potential benefits and its risks.
Mythos does not create entirely new types of cyber threats. Instead, it significantly lowers the level of skill, knowledge, and time needed for attackers to exploit existing weaknesses. These weaknesses exist in the everyday technology we all rely on, including phones, laptops, email systems, and banking or investment applications.
Cyberattacks that once required a team of highly skilled hackers may soon be possible for a single individual using AI tools. For individuals and families with significant financial assets, sensitive personal communications, or access to influential networks, this increases risk. The most common and serious threats remain personal email compromise, fraudulent wire transfers, and targeted account takeovers.
Make sure all important accounts, such as banking, email, and investment platforms, use strong, unique passwords, and enable multi-factor authentication wherever it is available. In addition, use credit monitoring services to help detect fraud, unauthorized accounts, or identity misuse as early as possible.
AI can now generate very realistic phishing emails, texts, and phone messages. If something seems unusual or urgent, verify it through a separate and trusted method before taking action.
Organizations that manage your assets should be reviewing and strengthening their cybersecurity controls, including how sensitive data is protected and how fraud risks are managed.
Richter Family Office supports high‑net‑worth families and executives by integrating cybersecurity and risk considerations into wealth management, governance, and operational oversight.
Richter Guardian is actively monitoring developments related to Mythos AI and other emerging cyber risks. We will continue to share updated guidance as the situation evolves.
Please contact us immediately if you notice unusual account activity, suspicious communications, or unexpected requests involving sensitive or financial information.
Email support@richterguardian.com, phone +1 844-908-3950 or book an appointment.
A recent article published by CBC news highlighted a concerning scam that involved the Bank of Montreal (BMO). The scam managed to exploit vulnerabilities associated with the two-factor authentication (2FA) system of the bank. This advisory aims to provide an overview of the issue, its implications, and recommendations.
The scam primarily targeted customers with lines of credit. Perpetrators pose as bank employees and use a combination of phishing techniques and flaws in the 2FA process to gain unauthorized access to customers’ accounts, subsequently making unauthorized transactions.
While 2FA is an essential security feature, it is not infallible. Richter Guardian clients should be proactive in understanding its limitations and continuously seek ways to enhance their security posture.
Table 1 – Levels of two-factor authentication that may be available to protect your bank account.
Authorized push payments involve an account holder granting permission to their bank or payment service to transfer funds directly from their account to another account. The payer usually triggers this transaction using services like online banking, phone banking, or peer-to-peer payment platforms.
Authorized push payment (APP) fraud, also known as bank transfer scams or authorised bank transfer fraud, occurs when a victim is tricked into authorizing a payment to an account controlled by a scammer.
Unlike unauthorized transactions where a fraudster gains access to someone’s account without permission, in APP fraud, the victim is deceived into willingly making the payment, often believing they are paying a legitimate entity or individual.
Authorized push payment fraud can happen in various ways.
We recommend the following measures to mitigate the risks of authorized push payment fraud.
To combat APP fraud, it’s essential for individuals and businesses to remain vigilant and verify the authenticity of requests for payments. We understand that It can be difficult to approach this alone.
On July 19, CrowdStrike released a flawed update to its Falcon sensor for Windows devices, triggering widespread system crashes. Due to a bug in the content validator and insufficient testing, the update bypassed CrowdStrike’s internal quality checks.
The update reached over 8.5 million Windows devices, resulting in an out-of-bounds memory read that caused the Falcon sensor to crash the operating system, leading to the infamous Blue Screen of Death (BSOD). The impact was severe, with enterprises across various sectors, including airports, hospitals, government agencies, media outlets, and financial institutions, experiencing critical and costly IT disruptions.
Both Windows workstations and servers were affected, leading to massive outages that incapacitated entire organizations and rendered hundreds of thousands of computers inoperable.
The issue stemmed from a recent update to the CrowdStrike Falcon sensor, which caused Windows systems to either get stuck in a boot loop or crash with the Blue Screen of Death. CrowdStrike acknowledged the problem and issued a technical alert, stating that its engineers had “identified a content deployment related to this issue and reverted those changes.
Despite the swift response, it took days for some organizations to restore normal operations, resulting in prolonged outages and delays. While most organizations have since recovered, the repercussions of the incident continue to unfold, with increased cybercriminal activity, loss of trust, and potential litigation.
According to a report by Guy Carpenter, the estimated insured losses from the faulty Falcon update range between $300 million and $1 billion, while CyberCube has suggested the figure could be as high as $1.5 billion.
CrowdStrike warned users that cybercriminals were exploiting the Falcon outage. Phishing attempts, posing as CrowdStrike representatives, surged as attackers sought to distribute malware. A significant example involved a fake recovery manual that installed a new information-stealing malware called Daolpu. Once active, this malware harvested account credentials, browser history, and authentication cookies stored in browsers like Chrome, Edge, and Firefox.
One of the best ways to add extra security to your accounts is through Multi-Factor Authentication (MFA) – this means you need more than just a user ID and password to log in. We strongly recommend using MFA for your important accounts.
However, not all MFA methods are equally secure. Authenticator apps are a safer option than SMS authentication methods because they generate security codes directly on your device. SMS authentication codes, on the other hand, can be intercepted by hackers.
MFA adds an extra step to logging in. Instead of just entering a user ID and password, you must also provide another piece of information, like a code from an app or a text message. This extra step makes it much harder for hackers to break into your account, even if they steal your password.
An authenticator app is a mobile app that generates security codes for logging in. These codes are called Time-Based One-Time Passwords (TOTP) and change every 30 to 60 seconds.
When you set up an authenticator app for an account, you scan a QR code or enter a secret key. This links the authenticator app to your account and allows it to generate matching codes.
To log in, you enter your username, password, and the current code displayed on your authenticator app. If the code matches the one your account server expects, you get access.
Some popular authenticator applications include:
SMS authentication is when a security code is sent to your phone via text message. You enter this code along with your user ID and password to log in. These codes are One-Time Passwords (OTP) which are generated for one-time use. OTPs can last for a specified amount of time – users will need to generate a new OTP if they exceed the time limit.
Sometimes, websites may also send security codes via email instead of SMS, but the process is the same.
Authenticator apps provide better security than SMS codes for several reasons:
Here are two common ways cybercriminals can steal SMS codes:
The public biotechnology and genomics firm, 23andMe, confirmed on their website on October 6, 2023, that certain 23andMe customer profile information was circulating on hacker forms. The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. As a result, 23andMe have notified their customers, and have pushed for them to reset their passwords and enable multi-factor authentication (MFA).
The hackers used credential stuffing to gain access to a set of user accounts on 23andMe. Credential stuffing is a type of cyber attack in which a hacker uses stolen usernames and passwords (obtained from another breach or purchased off the dark web) to access other websites in which the users are registered. Users that recycled their breached login credentials on 23andMe may have been the entry point for this attack.
A subset of the compromised users opted into 23andMe’s DNA Relatives feature, which allowed for hackers to scrape the data of their DNA Relative matches.
The number of accounts affected has not been released or disclosed by 23andMe.
If you think you may have been affected by this recent breach, reset your password, and opt for MFA on 23andMe. While the account may or may not be compromised, it is important that cybercriminals do not leverage your breached credentials to access other websites in which you may have an account on.
Richter Guardian can help you determine if some of your user accounts were involved in a previous breach:
The tourism industry is crawling back to pre-pandemic numbers thanks to travel and lockdown restrictions being lifted globally. Unfortunately, cybercriminals have also come up with a new and sophisticated campaign to breach the systems of booking sites, hotels, and travel agencies. Subsequently, the cybercriminals use the systems of the compromised hotel or travel agency to send phishing emails to existing customers.
Richter Guardian can help you navigate complex phishing scams:
On February 2, 2024, AnyDesk confirmed a recent cyberattack that resulted in hackers gaining access to the company’s production systems. The breach involved the theft of source code and private code signing keys.
AnyDesk is a widely used remote access solution that is popular among enterprises for remote support and accessing colocated servers.AnyDesk became aware of the attack after they detected an incident on their production servers. Following a security audit, they identified a compromise on their systems and implemented a response plan in collaboration with CrowdStrike.
Following the disclosure of the breach, cybersecurity company Resecurity promptly announced that an individual is attempting to vend the credentials of over 18,000 AnyDesk customers on a well-known cybercrime forum. The seller is seeking $15,000 in cryptocurrency for the compromised credentials.
Although AnyDesk claims that passwords were not stolen in the attack, the threat actors still managed to successfully breach their production systems.
Cyber criminals have been carrying out technical support scams for over a decade. As technology evolves, so do the techniques of fraudulent tech support scammers, making it difficult for people to discern whether the technical support team they’re speaking to is legitimate. Technical support scams are so common that the FBI’s Internet Crime Report of 2022 reported that ‘Tech Support Crime’ had over 30,000 recorded victims in 2022.
Technical support scammers use many different techniques to trap people and gain access to their computers and other devices. After they convince you that there is a problem, they request an exorbitant fee in return for their help. Here are two of the most common methods technical support scammers use to trick their victims:
We understand that misleading pop-ups or warnings about your device through a call can cause uncertainty. Richter Guardian’s monitoring system and concierge service can give you peace of mind:
Toyota Finance Services (TFS), a subsidiary of the well-known automaker, has confirmed that they were hit with a ransomware attack. TFS detected unauthorized access to some of its systems in Africa and Europe after cybercriminals claimed an attack on the company. The cybercriminals, also known as the Medusa ransomware gang, claims responsibility for the attack.
The Medusa ransomware gang had listed ‘Toyota Financial Services’ to its data leak site on the dark web and demanded a ransom payment of $8,000,000 to delete allegedly stolen data. The cybercriminals published sample data that included financial documents, hashed account passwords, passport scans, etc. to prove the intrusion. As of right now, the incident is limited to Toyota Financial Services Africa & Europe. A spokesperson announced that the process of bringing their systems back online is already underway.
Richter Guardian can help you determine if some of your user accounts were involved in a previous breach:
If something you’ve read raises a concern, our team can help you understand how it applies to you. Richter Guardian provides ongoing monitoring and expert support for individuals, families, and leadership teams.
%20(1).avif)