Latest articles

INTRODUCTION​

In May 2023, the Cl0p ransomware group started exploiting a newly discovered vulnerability in Progress Software’s MOVEit Transfer, a tool for enterprise file transfer. Although Progress swiftly released a fix, the impact was already significant. This extensive cyberattack by Cl0p targeted a wide range of sectors globally, affecting entities such as the public school system in New York City, a UK-based company providing HR and payroll services to clients like British Airways and the BBC, among others.

Over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people

FALL OUT OF THE INCIDENT​

With such a large exposure, many people have begun to receive notices that their personal information was compromised as part of this breach. Many of the organizations that people entrust their data to, like accounting firms and wealth management companies, were affected by this breach. Companies affected by this breach have a legal obligation in Canada to report to their customers if they believe their customers have had their personal information breached.​

Companies that notify their customers of the breach often offer one to two years of credit monitoring and identity protection services at no cost. ​

Richter recommends that victims receiving these notices enroll in the free credit monitoring and identity protection services provided. ​

IMPLICATIONS

The diagram on the right illustrates how hackers use personal information to carry out attacks using your personal information. Credit monitoring and identity protection services can assist with identity theft and financial fraud implications; however, this protection is insufficient. ​

Hackers can still use your personal information to conduct blackmail and ransom operations. They can impersonate you online and wreak havoc on your social reputation. They can use it to mount very sophisticated phishing attacks.

SOLUTION​

Richter Guardian is a state-of-the-art service that leverages AI to protect your digital life. Our service gives exclusive access to commercial-grade protection unavailable in the consumer market. ​

By protecting your online presence, Richter Guardian will defend you from impersonations, inadvertent leakage of critical data and worse, any compromise to your digital safety. By protecting your devices, Richter Guardian will thwart sophisticated phishing and other technical attacks. You can rest assured that our seasoned cybersecurity professionals are there for you to address any of your cybersecurity concerns.

Read the full advisory

INTRODUCTION

Voice-cloning AI, which is the technology that enables the replication of a person’s voice, can assist researchers with collecting and analyzing data from different languages, dialects, and accents. Voice-cloning AI is versatile and finds applications in various creative domains.

voice-cloning artifical intelligence and small businesses with voice-cloning AI. Deep learning models can now replicate the nuances, inflections, and specific characteristics of a person’s voice with just a few minutes of sample media.

IMPLICATIONS FOR FAMILIES AND SMALL BUSINESSES

While there are positive and creative uses for voice-cloning AI, it is important to be aware of the potential risks and misuse. Here are some ways in which voice-cloning AI could lead to cybercriminal activity:

1. Impersonation and Social Engineering: Cybercriminals could use voice-cloning AI to mimic the voices of individuals in positions of authority, such as company executives. In doing so, cybercriminals could instruct employees into making unauthorized transactions.
2. Phishing Attacks: Voice-cloning could be used to voice-phish; individuals can be deceived into sharing sensitive information over a call.
3. Extortion and Blackmail: Cybercriminals may leverage voice-cloning to create audio deepfakes of the targeted individual for the purpose of extortion or blackmail.

RECOMMENDATIONS

Given the sophistication of these threats, Richter recommends individuals and businesses to safeguard themselves by employing the following:

1. Multi-factor authentication (MFA) – If you currently use voice verification as a type of authentication, ensure to include another form of verification to help safeguard against voice-cloning AI.
2. Establish protocol within your small-business – Set clear protocols for financial transactions and sensitive data sharing. Keep these protocols confidential.
3. Remain skeptical – Individuals should exercise caution when receiving unexpected calls, especially if the caller requests sensitive information.

INTRODUCTION​

In an increasingly interconnected digital world, safeguarding personal and financial information has never been more crucial. Cybercriminals can exploit stolen identity information to commit financial fraud, gain unauthorized access to accounts, and engage in other criminal activities. In the context of identity theft – there is both synthetic identity theft and traditional identity theft. ​

Synthetic identity theft combines personally identifiable information (PII) to manufacture a person or entity for the use of illegal, nefarious activity. ​

Traditional identity theft involves stealing an individual’s existing personal data to impersonate them. ​

Alternatively, synthetic identity theft involves criminals obtaining small fragments of a real person’s identity to fabricate a completely new identity. The real elements of the fabricated individual adds a sense of legitimacy to the identity. ​

PREVENTING IDENTITY THEFT OF ALL KINDS​

​Protecting yourself from identity theft, fraud, and unauthorized access to your sensitive data is our responsibility. Below, we have compiled a comprehensive list of security measures and best practices to help you fortify your defenses against potential threats. ​

By following these guidelines, you can take proactive steps to enhance your security and financial well-being. From monitoring your credit report to secure document disposal, each suggestion in this list is designed to empower you with the knowledge and tools to protect your valuable information and minimize the risks associated with identity theft and fraud.​

1. Monitor Your Credit Report: Regularly monitor your credit report to detect any unauthorized activity. If you come across information unrelated to you, contact the creditor and inquire about the account or inquiry.
   
2. Limit What You Carry: Avoid carrying additional credit cards, birth certificates, SIN cards, or passports in your wallet or purse unless absolutely necessary. This precaution reduces the amount of information a potential thief could access if your wallet or purse gets lost.
3. Secure Your Mailbox: Consider installing a mailbox with a lock at your residence to minimize the risk of mail theft.
4. Securely Dispose: Never dispose of credit card receipts or personal information documents in a public trash container; use a shredder instead.
   
5. Secure Your Purse or Wallet: Never leave your purse or wallet unattended, whether at work or in places like churches, restaurants, fitness clubs, parties, or shopping carts. Also, avoid leaving your purse or wallet visible in your car, even if the vehicle is locked.
   
6. Limit Your Credit: Limit the number of credit cards you possess and cancel inactive accounts to simplify your financial security.
7. Be Careful of What you Disclose: Do not disclose your credit card, bank, or Social Insurance information over the phone, even if you initiated the call, unless you can confidently verify the call’s legitimacy
8. Secure Receipts: Securely store and shred credit, debit, and ATM card receipts before disposing of them.
9. Scrutinize Your Bills: Scrutinize your utility and subscription bills regularly to confirm the accuracy of the charges.
10. Do Not Write Down Your Passwords (except in a Password Vault): Memorize your passwords and personal identification numbers (PINs) to eliminate the need to write them down or use a password vault. Remain vigilant when entering your PIN to ensure no one is observing you.
11. Secure Your Information: Maintain a comprehensive list of all your credit and bank accounts in a secure location, such as a password vault. This will facilitate quick communication with issuers if your cards go missing, including providing account numbers, expiration dates, and customer service and fraud department contact numbers.
12. Shred Pre-approved Credit Offers: Before discarding pre-approved credit offers, credit card receipts, or phone bills, tear them into small pieces or cross-cut shred them to prevent potential identity theft. Thieves can use such offers to apply for credit cards in your name and redirect them to their address.
13. Keep Your Credit Information Accurate: According to consumer reporting legislation, if you believe any entry on your credit report is incorrect or incomplete, you can notify a major credit reporting bureau, which will verify the information at no charge. Remember that they typically do not accept disputes from third parties unless accompanied by a notarized power of attorney authorizing a licensed attorney or a family member to represent you or if the power of attorney is unlimited and irrevocable.

INTRODUCTION

Of the many digital traces we leave in daily life, location metadata may be the most revealing. Location tracking is common in many applications because it’s so useful – it can allow you to get directions from here to there, discover the closest restaurants near you, or tell you your local weather conditions. These perks, however, can come with large privacy risks.

Companies that you would never suspect needing so much of your data, are quietly collecting enormous amounts of data. For example, in 2020, an investigation was done on Tim Hortons, as the Tim Hortons app reportedly tracked an individual’s location more than 2,700 times in five months. Commissioners say Tim Hortons collected “vast amounts” of granular location data with the aim of delivering targeted advertising, to better promote its coffee and associated products, but that it never actually used the data for this purpose.  

Some of the apps on our phone sell or share location data about their users with companies that analyze the data and sell their insights. There are many ways location data can be used, and the market for this data is huge – the location data industry is an estimated $12 billion market. Collectors, aggregators, marketplaces, and location intelligence firms are potential buyers interested in your location data.  

WHAT IS BEING COLLECTED?

Some apps genuinely need your location to work properly, but others have different motives. Many collect location data for reasons unrelated to their main function, like targeted ads or selling it to data brokers.

Once an app collects your location data, you lose control over where it goes. It can be sold repeatedly—from data providers to aggregators that combine information from multiple sources. It could end up in the hands of a “location intelligence” firm that uses the raw data to analyze foot traffic for retail shopping areas and the demographics associated with its visitors.  

You might think, “I have nothing to hide.” But location data can reveal much more than you realize, such as:

• Where you get medical treatment and what kind
• If you visit a domestic abuse shelter
• Where you worship
• Where your kids play (if they have phones)
• When you’re on vacation and where you go
• Where you shop, eat, and bank
• Who you spend time with

Even though this data isn’t directly linked to your name, experts have shown that it’s easy to match location history with other data to identify people and their habits. In 2020, a religious publication used smartphone app data to infer the sexual orientation of a high-ranking Roman Catholic official. The publication claimed it obtained “commercially available” location data from an unnamed vendor and linked it to the priest’s phone, revealing visits to gay bars and private residences while using Grindr, a dating app popular with the LGBTQ+ community.  

Privacy advocates have long cautioned that advertisers gather location and personal data, which is then compiled and sold by data brokers. This information can be used to identify individuals and is not subject to regulations requiring clear consent from those being tracked.

WHAT CAN I DO TO LIMIT LOCATION TRACKING?

The quickest and easiest way to reduce tracking is to delete unnecessary apps. Both Android and Apple allow you to check which apps have access to your location and whether they track it only while in use or all the time. If you don’t use an app often, consider removing it.

Your location can be tracked through your phone, logged-in accounts, internet connection, and location services. To limit oversharing, take these steps:

• Only allow location access for apps that truly need it.
• Set location permissions to “While Using the App” instead of “Always.”
• Only share “Find My Phone” with trusted friends and family.
• Review third-party apps in location settings—you might be sharing more than you realize.

Despite these precautions, location tracking can’t be completely eliminated. It’s important to support companies that provide clear and transparent privacy policies.