Latest articles
Covers personal devices, accounts, and online presence.

Introduction
TikTok’s extensive data collection, including personal information and device usage patterns, raises privacy and security concerns, particularly due to its China-based parent company, ByteDance. While some experts argue that TikTok’s data collection is not inherently malicious, others express skepticism about the transparency of its practices.
What TikTok gathers from you
TikTok collects various types of information from users:
- Personal Data: Tiktok has access to personal data like contacts, calendars, information about which device you’re using, which operating system and your location.
- TikTok monitors the content you engage with and for how long – similar to Facebook.
- Device Usage: TikTok monitors how you use your device and how it functions, including “keystroke patterns or rhythms, battery state, audio settings and connected audio devices,”.
- Location Data: TikTok can collect precise GPS information about its users.
Implications of data collection
Data collection by social media platforms like TikTok can pose several risky implications for everyday users:
- Privacy Concerns: Social media platforms often collect extensive personal data, including contacts, location, and browsing habits. This raises concerns about user privacy, especially if this data is shared or sold to third parties without consent.
- Targeted Advertising: User data is often used to create targeted advertising campaigns. While some users may find this convenient, others may feel uncomfortable with the level of personalization and the potential manipulation of their preferences and behaviors.
- Data Breaches: Storing large amounts of personal data increases the risk of data breaches. If a platform’s security measures are breached, users‘ sensitive information could be exposed, leading to identity theft, financial fraud, or other forms of cybercrime.
- Surveillance and Tracking: Social media platforms track users‘ online activities across different websites and devices to create comprehensive profiles. This surveillance can infringe on user privacy and autonomy, as individuals may feel constantly monitored and manipulated by algorithms.
- Political Manipulation: Social media platforms have been implicated in spreading misinformation, propaganda, and divisive content. By collecting user data and targeting specific demographics, malicious actors can exploit social media for political manipulation and influence campaigns.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Wyze Camera Technical Issue Granted 13,000 Users Viewing Access to Other Homes
Introduction
On February 16, 2024, Wyze Labs encountered a service outage, resulting in connectivity issues for numerous users. The disruption persisted for almost nine hours, with the cameras remaining offline during this period. Wyze Labs identified Amazon Web Services (AWS), their partner, as the source of the security outage.
While working to restore camera functionality, Wyze faced an additional security concern. Some users reported encountering incorrect thumbnails and Event Videos in their Events tab. Disturbingly, unauthorized individuals could enlarge images or view videos from strangers’ Wyze cameras. 13,000 users inadvertently gained surveillance access to other homes.
Although the company released a statement that over 99.75 percent of Wyze’s user base remained unaffected by the breach, 0.25 percent still experienced a serious violation of their privacy.
In response to this incident, Wyze has implemented an additional layer of verification for users seeking access to video content via the Events tab, aiming to prevent such privacy breaches in the future.
Recommendations
Major professionally monitored security systems, like Wyze, are not perfect. Home security cameras are understandably used in many homes to enhance safety and security. If you own and/or use a security camera, it’s important to be aware of the risks associated with these devices. Follow these steps to ensure you are protected:
- Regularly update camera firmware as home security cameras can be vulnerable to hacking, which may lead to unauthorized access to your device.
- Use strong and unique passwords and enable two-factor authentication. Many cameras come with default passwords that are easily guessable, making them vulnerable to hacking. Change the default password to something strong and unique.
- Avoid placing cameras in sensitive areas like bedrooms and bathrooms.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

SMS Phishing Scams Targeting Road Toll Payments
Introduction
A wave of SMS phishing attacks targeting Canadians with lures regarding unpaid road toll fees have been rolling out since the beginning of the year. 407 ETR has been warning customers to beware of fraudulent texts impersonating the company. The message is designed to deceive people into clicking on a malicious link, which would leave people vulnerable to personal data theft.
How to spot a real message
407 ETR will use specific communication methods to interact with customers that use the express toll route. If you are a customer that uses the 407, take note of these legitimate communication channels:
- 407 ETR sends payment reminder text messages from a six-digit short code. Messages don’t contain any personal or account information and include a link to their secure payment web page. Their texts will never include a direct link to pay.
- 407 ETR makes outbound automated payment reminder calls. These calls will not ask you for your personal information.
- 407 ETR will only send emails from info@407etr.com or communications@407etr.com. Ensure that the emails you receive do not have spelling errors.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Unveiling the dark side of voice-cloning artifical intelligence
Introduction
Voice-cloning AI, which is the technology that enables the replication of a person’s voice, can assist researchers with collecting and analyzing data from different languages, dialects, and accents. Voice-cloning AI is versatile and finds applications in various creative domains.
voice-cloning artifical intelligence and small businesses with voice-cloning AI. Deep learning models can now replicate the nuances, inflections, and specific characteristics of a person’s voice with just a few minutes of sample media.
Implications for families and small businesses
While there are positive and creative uses for voice-cloning AI, it is important to be aware of the potential risks and misuse. Here are some ways in which voice-cloning AI could lead to cybercriminal activity:
- Impersonation and Social Engineering: Cybercriminals could use voice-cloning AI to mimic the voices of individuals in positions of authority, such as company executives. In doing so, cybercriminals could instruct employees into making unauthorized transactions.
- Phishing Attacks: Voice-cloning could be used to voice-phish; individuals can be deceived into sharing sensitive information over a call.
- Extortion and Blackmail: Cybercriminals may leverage voice-cloning to create audio deepfakes of the targeted individual for the purpose of extortion or blackmail.
Recommendations
Given the sophistication of these threats, Richter recommends individuals and businesses to safeguard themselves by employing the following:
- Multi-factor authentication (MFA) – If you currently use voice verification as a type of authentication, ensure to include another form of verification to help safeguard against voice-cloning AI.
- Establish protocol within your small-business – Set clear protocols for financial transactions and sensitive data sharing. Keep these protocols confidential.
- Remain skeptical – Individuals should exercise caution when receiving unexpected calls, especially if the caller requests sensitive information.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Navigating the terrain of synthetic and traditional theft scams
Introduction
In an increasingly interconnected digital world, safeguarding personal and financial information has never been more crucial. Cybercriminals can exploit stolen identity information to commit financial fraud, gain unauthorized access to accounts, and engage in other criminal activities. In the context of identity theft – there is both synthetic identity theft and traditional identity theft.
Synthetic identity theft combines personally identifiable information (PII) to manufacture a person or entity for the use of illegal, nefarious activity.
Traditional identity theft involves stealing an individual’s existing personal data to impersonate them.
Alternatively, synthetic identity theft involves criminals obtaining small fragments of a real person’s identity to fabricate a completely new identity. The real elements of the fabricated individual adds a sense of legitimacy to the identity.
Preventing identity theft of all kinds
Protecting yourself from identity theft, fraud, and unauthorized access to your sensitive data is our responsibility. Below, we have compiled a comprehensive list of security measures and best practices to help you fortify your defenses against potential threats.
By following these guidelines, you can take proactive steps to enhance your security and financial well-being. From monitoring your credit report to secure document disposal, each suggestion in this list is designed to empower you with the knowledge and tools to protect your valuable information and minimize the risks associated with identity theft and fraud.
- Monitor Your Credit Report: Regularly monitor your credit report to detect any unauthorized activity. If you come across information unrelated to you, contact the creditor and inquire about the account or inquiry.
- Limit What You Carry: Avoid carrying additional credit cards, birth certificates, SIN cards, or passports in your wallet or purse unless absolutely necessary. This precaution reduces the amount of information a potential thief could access if your wallet or purse gets lost.
- Secure Your Mailbox: Consider installing a mailbox with a lock at your residence to minimize the risk of mail theft.
- Securely Dispose: Never dispose of credit card receipts or personal information documents in a public trash container; use a shredder instead.
- Secure Your Purse or Wallet: Never leave your purse or wallet unattended, whether at work or in places like churches, restaurants, fitness clubs, parties, or shopping carts. Also, avoid leaving your purse or wallet visible in your car, even if the vehicle is locked.
- Limit Your Credit: Limit the number of credit cards you possess and cancel inactive accounts to simplify your financial security.
- Be Careful of What you Disclose: Do not disclose your credit card, bank, or Social Insurance information over the phone, even if you initiated the call, unless you can confidently verify the call’s legitimacy
- Secure Receipts: Securely store and shred credit, debit, and ATM card receipts before disposing of them.
- Scrutinize Your Bills: Scrutinize your utility and subscription bills regularly to confirm the accuracy of the charges.
- Do Not Write Down Your Passwords (except in a Password Vault): Memorize your passwords and personal identification numbers (PINs) to eliminate the need to write them down or use a password vault. Remain vigilant when entering your PIN to ensure no one is observing you.
- Secure Your Information: Maintain a comprehensive list of all your credit and bank accounts in a secure location, such as a password vault. This will facilitate quick communication with issuers if your cards go missing, including providing account numbers, expiration dates, and customer service and fraud department contact numbers.
- Shred Pre-approved Credit Offers: Before discarding pre-approved credit offers, credit card receipts, or phone bills, tear them into small pieces or cross-cut shred them to prevent potential identity theft. Thieves can use such offers to apply for credit cards in your name and redirect them to their address.
- Keep Your Credit Information Accurate: According to consumer reporting legislation, if you believe any entry on your credit report is incorrect or incomplete, you can notify a major credit reporting bureau, which will verify the information at no charge. Remember that they typically do not accept disputes from third parties unless accompanied by a notarized power of attorney authorizing a licensed attorney or a family member to represent you or if the power of attorney is unlimited and irrevocable.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Travelling and Social Media – How To Keep Safe
Introduction
It’s natural to want to capture the moments from your special vacations and share them on platforms like Facebook and Instagram with family and friends. However, posting these photos while you are still on your trip can expose you to various cybersecurity risks. Cybercriminals often exploit social media to gather information about your travel plans, and by sharing your vacation in real time, you may unknowingly make yourself a target.
How to enhance your security on vacation
By following these precautions, you can enjoy your vacation while minimizing the risks associated with social media sharing:
- Set Your Account to Private: Restrict access to your personal information by sharing only with people you know. Public settings allow anyone to view your posts, potentially putting you at risk.
- Decline Requests from Unfamiliar Individuals: Be cautious when receiving friend requests from strangers. Unfamiliar profiles might be cybercriminals in disguise, aiming to extract money or steal your identity.
- Avoid Posting Travel Details or Itineraries: Keep your travel arrangements private. Sharing confirmation numbers for hotel reservations, airline tickets, or excursions online can provide cybercriminals with valuable information they can exploit.
- Share Photos After Returning Home: Although it may be tempting to post in real-time, consider waiting until you’re back home. You can still share your vacation highlights, and it’s a safer approach.
- Educate Your Children on Social Media Safety: While you might be aware of how to stay safe online, your children might not. Ensure they understand the importance of secure sharing practices during and after the trip.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

CrowdStrike Update Cripples Windows Systems
Introduction
On July 19, CrowdStrike released a flawed update to its Falcon sensor for Windows devices, triggering widespread system crashes. Due to a bug in the content validator and insufficient testing, the update bypassed CrowdStrike’s internal quality checks.
The update reached over 8.5 million Windows devices, resulting in an out-of-bounds memory read that caused the Falcon sensor to crash the operating system, leading to the infamous Blue Screen of Death (BSOD). The impact was severe, with enterprises across various sectors, including airports, hospitals, government agencies, media outlets, and financial institutions, experiencing critical and costly IT disruptions.
Both Windows workstations and servers were affected, leading to massive outages that incapacitated entire organizations and rendered hundreds of thousands of computers inoperable.
Root cause
The issue stemmed from a recent update to the CrowdStrike Falcon sensor, which caused Windows systems to either get stuck in a boot loop or crash with the Blue Screen of Death. CrowdStrike acknowledged the problem and issued a technical alert, stating that its engineers had “identified a content deployment related to this issue and reverted those changes.
Despite the swift response, it took days for some organizations to restore normal operations, resulting in prolonged outages and delays. While most organizations have since recovered, the repercussions of the incident continue to unfold, with increased cybercriminal activity, loss of trust, and potential litigation.
According to a report by Guy Carpenter, the estimated insured losses from the faulty Falcon update range between $300 million and $1 billion, while CyberCube has suggested the figure could be as high as $1.5 billion.
The impact on personal computers
CrowdStrike warned users that cybercriminals were exploiting the Falcon outage. Phishing attempts, posing as CrowdStrike representatives, surged as attackers sought to distribute malware. A significant example involved a fake recovery manual that installed a new information-stealing malware called Daolpu. Once active, this malware harvested account credentials, browser history, and authentication cookies stored in browsers like Chrome, Edge, and Firefox.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Apps and Location Tracking: What Are the Consequences?
Introduction
Of the many digital traces we leave in daily life, location metadata may be the most revealing. Location tracking is common in many applications because it’s so useful – it can allow you to get directions from here to there, discover the closest restaurants near you, or tell you your local weather conditions. These perks, however, can come with large privacy risks.
Companies that you would never suspect needing so much of your data, are quietly collecting enormous amounts of data. For example, in 2020, an investigation was done on Tim Hortons, as the Tim Hortons app reportedly tracked an individual’s location more than 2,700 times in five months. Commissioners say Tim Hortons collected “vast amounts” of granular location data with the aim of delivering targeted advertising, to better promote its coffee and associated products, but that it never actually used the data for this purpose.
Some of the apps on our phone sell or share location data about their users with companies that analyze the data and sell their insights. There are many ways location data can be used, and the market for this data is huge – the location data industry is an estimated $12 billion market. Collectors, aggregators, marketplaces, and location intelligence firms are potential buyers interested in your location data.
What is being collected?
Some apps genuinely need your location to work properly, but others have different motives. Many collect location data for reasons unrelated to their main function, like targeted ads or selling it to data brokers.
Once an app collects your location data, you lose control over where it goes. It can be sold repeatedly—from data providers to aggregators that combine information from multiple sources. It could end up in the hands of a “location intelligence” firm that uses the raw data to analyze foot traffic for retail shopping areas and the demographics associated with its visitors.
You might think, “I have nothing to hide.” But location data can reveal much more than you realize, such as:
- Where you get medical treatment and what kind
- If you visit a domestic abuse shelter
- Where you worship
- Where your kids play (if they have phones)
- When you’re on vacation and where you go
- Where you shop, eat, and bank
- Who you spend time with
Even though this data isn’t directly linked to your name, experts have shown that it’s easy to match location history with other data to identify people and their habits. In 2020, a religious publication used smartphone app data to infer the sexual orientation of a high-ranking Roman Catholic official. The publication claimed it obtained “commercially available” location data from an unnamed vendor and linked it to the priest’s phone, revealing visits to gay bars and private residences while using Grindr, a dating app popular with the LGBTQ+ community.
Privacy advocates have long cautioned that advertisers gather location and personal data, which is then compiled and sold by data brokers. This information can be used to identify individuals and is not subject to regulations requiring clear consent from those being tracked.
What can I do to limit location tracking?
The quickest and easiest way to reduce tracking is to delete unnecessary apps. Both Android and Apple allow you to check which apps have access to your location and whether they track it only while in use or all the time. If you don’t use an app often, consider removing it.
Your location can be tracked through your phone, logged-in accounts, internet connection, and location services. To limit oversharing, take these steps:
- Only allow location access for apps that truly need it.
- Set location permissions to “While Using the App” instead of “Always.”
- Only share “Find My Phone” with trusted friends and family.
- Review third-party apps in location settings—you might be sharing more than you realize.
Despite these precautions, location tracking can’t be completely eliminated. It’s important to support companies that provide clear and transparent privacy policies.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

PetSmart Warns Customers of Credential Stuffing Attack
Introduction
PetSmart, a pet retail giant in the United States, is alerting certain customers about password resets resulting from an ongoing credential stuffing attack attempting to breach existing accounts. The company released a statement on March 6 to let customers know about the credential stuffing attack.
As a precaution, PetSmart reset the passwords for any accounts logged in during the credential stuffing attack. Additionally, they reassured customers that there was no evidence of compromise to petsmart.com or any of their systems during the incident.
What is credential stuffing?
A credential stuffing attack is a type of cyber-attack in which threat actors use previously acquired usernames and passwords, typically obtained from data breaches, to gain unauthorized access to user accounts on various online platforms.
Threat actors usually automate the process of trying these login credentials across multiple websites and services. Threat actors are cognizant of the fact that people commonly reuse passwords across various accounts, making them even more inclined to exploit this widespread behavior.
How to protect yourself against credential stuffing attacks
Although cyber breaches may be unavoidable, you can still prevent breached details from being used on other websites or services by taking the following precautions:
- Use Unique Passwords For Each Account – Minimize the impact if one account is compromised.
- Enable Multi-Factor Authentication (MFA) – Implement MFA wherever possible to add an additional layer of security.
- Update Outdated Passwords – Change your passwords periodically, especially for critical accounts like email, banking, and social media.
- Limit Access – Only use trusted devices and networks to access sensitive accounts. Avoid logging in from public computers or unsecured Wi-Fi networks to access sensitive accounts. Ensure that you are not saving your credentials on a public computer.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Why Regular Software Updates Are Essential for Strengthening Cybersecurity
Introduction
As technology rapidly advances, so do the threats to business security, underscoring the critical importance of regular software updates. Cyber-attacks are becoming increasingly sophisticated and widespread, posing significant risks to organizations of all sizes. To defend against these malicious threats, businesses must prioritize keeping their software up to date.
Software updates not only introduce new features but also provide essential security patches to address potential vulnerabilities. Failing to update can leave individuals and businesses exposed to cyber breaches, data theft, and financial loss. Given the growing reliance on technology for daily operations, maintaining strong security measures is more important than ever.
Regular software updates are a crucial line of defense against cyber threats, making it imperative for businesses to stay current to protect their data, customers, and reputation.
How can I check if my software is up-to-date?
You can check if your device’s software is up to date by going into the device’s settings and looking for the “software update” option. Here’s how to do it on different types of devices:
- On Apple devices (iPhone, iPad): Go to Settings > General > Software Update to see if any updates are available.
- On Android devices (like Samsung Galaxy): Go to Settings and tap on Software Update or System Update. The exact location may vary depending on the model, but it’s usually found in the main settings menu.
- On Windows devices: Go to Settings and find the Windows Update section. From there, click Check for updates to see if your system needs an update.
- On macOS (iMac, MacBook): From the Apple menu n the corner of your screen, choose System Settings. Click General in the sidebar of the window that opens, then click Software Update on the right.
Whenever possible, activate automatic updates to receive the latest patches immediately upon release.
Ready to stay protected from digital threats, with experienced professionals overseeing your security?
Request a private consultation to find out whether Richter Guardian is a good fit for you.
Have questions after reading?
If something you’ve read raises a concern, our team can help you understand how it applies to you. Richter Guardian provides ongoing monitoring and expert support for individuals, families, and leadership teams.
- Clear visibility into personal digital risk
- Guidance from experienced cybersecurity professionals
- Support designed for both private clients and enterprise leadership
%20(1).avif)
.png)
